LAN NIC not installing?



  • Hi, I'm working on my first install.
    I have 2 NIC's in the computer, which will be used as a firewall perimeter.

    I installed off the DVD, and connected the WAN when prompted and this worked.
    I then connected the LAN when prompted and this doesn't work?

    I'm not clear on the cabling so some help might fix the issue.

    I have a cable modem connected to a router.

    I unplugged the modem Ethernet cable from the router's WAN and connected to the computer's 1st NIC.
    I then added a new Ethernet cable into the 2nd computer NIC and plugged into the router's WAN. (this is supposed to be for the pfSense LAN NIC if I'm correct).


  • Netgate Administrator

    Some NICs do not work well with the autodetect script for whatever reason. It's only there in case you have multiple identical NICs and need some way of identifying them. Since you know which one is LAN (the only one left!) just enter it manually. The available interface names are listed just above that prompt.

    Adding the router on the LAN side on pfSense may cause some problems. Are you doing that because it provides wifi?
    https://doc.pfsense.org/index.php/Use_an_existing_wireless_router_with_pfSense
    pfSense will use the 192.168.1.* subnet for it's LAN and there's a good chance your router might be using that also. If that's the case it will break routing so you'll need to change one of them.

    Steve



  • Thanks for the reply.

    So, I reinstalled and saw the Interface name.
    Only re0 is shown, for the MOBO NIC.
    The PCI NIC isn't found, but when I plug an Ethernet cable into the PCI NIC, the green LED shows activity.
    So I entered the WAN name of re1 and I have no name to enter for the LAN.

    Also, I'm not clear on the cabling yet. I simply use the cable modem to the computer WAN so traffic will flow through the computer and then connected a LAN from the computer to the router, so my network devices receive Internet.
    Yes, the router is Wi-Fi aswell which is needed for some Wi-Fi devices.

    Well, I think I need to find out why pfSense isn't finding the 2nd NIC, then research the cabling again, unless someone has some ideas?



  • I changed the ASUS NIC which was faulty with a working NIC.
    The new NIC is found by pfSense installer.
    I enter the WAN address re0 which works.
    I enter the LAN address re1 and receive the error:

    I now get the results: re0 00:1f:1f:32:eb:60 (up)  re1 6c:f0:49:1f:68:30 (down) RealTek 8169SC/8110SC Single-chip Gigabit Ethernet
    I can assign the WAN address re0, when I assign the LAN address re1, pfSense installer gives the error: uhub_reattach_port: giving up port reset - device vanished
    Enter the Optional 1 interface name or 'a' for auto-detection (or nothing if finished): uhub_reattach_port: giving up port reset - device vanished



  • Okay, so I tried a PS2 keyboard connection and error: uhub_reattach_port: giving up port reset - device vanished continues.

    I can still enter the WAN address: re0.
    I can still enter the LAN address: re1.

    pfSense installer then says:
    Enter the Optional 1 interface name or 'a' for auto-detection (or nothing if finished): uhub_reattach_port: giving up port reset - device vanished.

    I can't remove any USB hubs as the keyboard and mouse is USB.
    I tried with a PS2 keyboard and mouse, but the computer doesn't read it.

    I can't access the BIOS?



  • Okay, so managed to enter WAN and LAN address of re0 and re1 respectively.

    Still receive error: uhub_reattach_port: giving up port reset - device vanished

    I would like to use the GUI by accessing pfSense's IP address from another computer in the LAN.
    How do I set pfSense's IP address?



  • Ok, so entered in WAN and LAN IP address, subnet and default gateway, but no success.
    What do I do?

    My basic topology is:
    Cable modem: 192.168.0.50
    Ethernet to pfSense's WAN IP 192.168.1.2, Subnet 255.255.255.0/24, Default gateway 192.168.0.50.
    pfSense's LAN to router, LAN IP 192.168.1.1, Subnet 255.255.255.0/24, Default gateway 192.168.1.180.
    Router: IP 192.168.1.180.
    Ethernet cables to LAN network.


  • Netgate Administrator

    The WAN interface should be set to DHCP since it's receiving an address from the cable modem.
    The LAN interface should not have a gateway set. The pfSense box itself does not have gateway on LAN, it acts as a gateway for other devices.

    Steve



  • Ethernet to pfSense's WAN IP 192.168.1.2, Subnet 255.255.255.0/24, Default gateway 192.168.0.50.

    That cannot work - 192.168.1.2/24 is not in the same subnet as 192.168.0.50

    pfSense's LAN to router, LAN IP 192.168.1.1, Subnet 255.255.255.0/24, Default gateway 192.168.1.180

    As Stephen said, you do not put a gateway on the pfSense LAN - pfSense is supposed to be routing the internet traffic out the WAN - to the WAN gateway.
    pfSense WAN and LAN must be different subnets. So you have to decide which to keep as 192.168.1.0/24 and which to make a different subnet.

    Router: IP 192.168.1.180

    I am guessing that your old router is also a WiFi device. It probably has a WAN port, some LAN ports and WiFi antenna/s. You do not use it as a router any more. Just use it as an ordinary WiFi device by:

    1. Disable DHCP on it (you want your LAN clients to get DHCP from pfSense)
    2. Set its IP address to be something in the pfSense LAN subnet (so you can manage it)
    3. Connect a cable from one of its LAN ports to pfSense LAN. (This will put it on the pfSense LAN subnet as an ordinary device providing WiFi)


  • Thanks for the reply.
    So, it seems pfSense's WAN DHCP won't receive an IP address from the modem?

    I have plugged the modem's LAN cable to pfSense's WAN port.
    I selected pfSense's option 2) Set interface(s) IP address, and selected DHCP for WAN.

    pfSense shows:
    WAN (wan) -> re0 ->
    LAN (lan) -> re1 -> v4: 192.168.1.155/24

    I can't ping the LAN from my network either which I through would work?

    I tried pfSense's LAN into the router's WAN and LAN port and same result.

    Here are my current settings:

    Cable COAX > Modem WAN > Modem LAN > pfSense WAN > pfSense LAN > router LAN1 (tried router WAN but doesn't work) > router LAN2 > network.

    Modem:
    WAN IP: xxx.xxx.xxx.xx
    WAN Subnet Mask: 255.255.240.0.
    WAN Default Gateway: 124.191.160.1.

    LAN IP: 192.168.0.50.
    Subnet Mask: 255.255.255.0.
    DHCP Server: Yes.
    Starting IP Address: 192.168.0.2.
    Ending IP Address: 192.168.0.254.

    pfSense:
    WAN set to DHCP.
    WAN subnet must be different to LAN subnet.
    Subnet unknown and needs to be for modem.
    Web GUI: http://dhcp/

    LAN IP address: 192.168.1.155.
    Subnet: 255.255.255.0/24.
    Default gateway: none.
    Web GUI: http://192.168.1.155/

    Router:
    Disable DHCP server.
    IP address: 192.168.1.180.
    Subnet: 255.255.255.0/24.
    Update Gateway from 192.168.1.180 to 192.168.1.155 (pfSense LAN is now gateway).

    Any ideas?


  • Netgate Administrator

    @eiger3970:

    LAN IP: 192.168.0.50.
    Subnet Mask: 255.255.255.0.
    DHCP Server: Yes.
    Starting IP Address: 192.168.0.2.
    Ending IP Address: 192.168.0.254.

    Where is the above set? On the modem? The modem should not have such settings unless it's a modem-router combined. Where ever it is the DHCP range includes it's own address so that may be stopping it run.

    If that's the pfSense LAN address then you have two sets of values for it.  ???

    In the router configuration you have changed a 'gateway' setting from 192.168.1.180 to 192.168.1.155. The only place that should be using 192.168.1.180 as a gateway is the DHCP server settings. Since you have disabled DHCP it shouldn't make any difference.

    You will probably have to reboot your modem in order for it give out a public address to the pfSense WAN interface which will have a different MAC to your router.

    Are your LAN clients receiving an IP address from the pfSense dhcp server?

    Steve



  • Cable COAX > Modem WAN > Modem LAN > pfSense WAN > pfSense LAN > router LAN1 (tried router WAN but doesn't work) > router LAN2 > network.

    You really don't need (or want) that old router at the back-end in the chain. You want your private network directly attached to pfSense LAN:
    Cable COAX > Modem WAN > Modem LAN > pfSense WAN > pfSense LAN > network.

    Then, if the old router was also providing WiFi for you, turn it into just a WiFi access point on your pfSense LAN network - plug its LAN into the pfSense LAN network, give it a LAN IP address, switch off DHCP on it, tell it pfSense LAN IP as its gateway (if you like or care - it does not really need a gateway if you just manage it from the pfSense LAN). Do not plug anything into its WAN port.

    Also, from your description and as Stephen says, we assume that "Modem WAN > Modem LAN" is actually a routing device (it has a private IP on its back-end facing pfSense WAN, and routes (and NATs) private to public.)



  • Yes, the above questioned settings are the LAN settings on the cable modem, which is a cable modem/router.

    My router has the static IP 192.168.1.180. I have set all my network devices with static IPs which makes it easy for me to manage the network.
    So, no, my LAN clients aren't receiving an IP address as I have set most of them with static IPs.

    I am keeping the router because of Wi-Fi and also because of the ports available. I also have a switch connected to allow for all the devices. Cable COAX > Modem WAN > Modem LAN > pfSense WAN > pfSense LAN > router LAN1 (tried router WAN but doesn't work) > router LAN2 > switch > network.
    So, if I remove the router, I will lose ports and need to buy a bigger switch.

    This begs the question in my mind…if the router is gone and there's only a bigger switch, where is the Wi-Fi which is still needed.

    I will work on the Wi-Fi being managed from pfSense as this sounds good.


  • Netgate Administrator

    Ah, OK. The picture becomes clearer.  :)

    You can continue to use the wifi router as a wifi access point and as additional switch ports but you should have it configured as described in my first post here. You don't want it doing any routing or handing out IPs. I'm still not sure where you changed the gateway from 192.168.1.180 to 192.168.1.155. If that was in the wifi router it makes it makes no sense that it would have been using itself as a gateway.

    If the cable modem/router is running a dhcp server it should be handing an IP to the pfSense WAN interface. Can you connect a client machine to it to check that the DHCP is working? Ideally you should configure your modem/router in bridge mode so that your public IP gets passed to the pfSense WAN but we can work on that later.

    What settings do your client machines have that are failing to connect to the pfSense webgui on LAN? Can you ping the LAN interface? What is the response when you try?

    Steve



  • Yes, I have setup the Wi-Fi router as per your post https://doc.pfsense.org/index.php/Use_an_existing_wireless_router_with_pfSense
    I changed the gateway IP from 192.168.1.180 to 192.168.1.155 in the Wi-Fi router.
    The Wi-Fi router had 192.168.1.180 as part of the Wi-Fi router network setup which worked before pfSense.
    I changed the Wi-Fi router's gateway IP to 192.168.1.155 as the Wi-Fi router now connects and goes to the pfSense LAN interface with IP 192.168.1.155.

    The modem is issuing IPs with its DHCP server on.

    The client machines ping each other via the Wi-Fi router fine until I try the pfSense setup.
    Most client machines have static IPs for easier management.

    Still not working, so maybe the Wi-Fi router needs the IP checked. I still need to reboot the modem too.


  • Netgate Administrator

    Can the modem operate by itself or does it always require the wifi router (or some other router like pfSense) behind it?
    Seems strange that it would be handing out IPs just fine to other devices and not pfSense.  :-\ Try rebooting it.

    I think the wifi router is just confusing things here. Try just connecting your switch to the pfSense LAN and your client to the switch. Add the wifi router back once you have successfully connected to the webgui.

    All this would be explained by the WAN and LAN interfaces being mixed up. I realise you have said you checked that but are really sure.  ;)

    Steve



  • So, I'm not quite clear.
    On the Wi-Fi router, I have the settings:
    Local IP Address: 192.168.1.180
    Subnet Mask: 255.255.255.0
    Gateway: 192.168.1.155

    Is the gateway correct?


  • Netgate Administrator

    Yes, if those are the WAN settings.
    However if that's true then it makes no sense that the gateway was previously set to 192.168.1.180.
    Also if you have it behind pfSense you should not have anything connected to the wifi routers WAN port so the gateway shouldn't matter. You connect the pfSense LAN interface (perhaps via your switch) to one of the the wifi routers LAN ports. That way the wifi router is no longer doing any routing that could be potentially causing a problem. It's acting purely as a wifi access point and a switch.

    You still haven't managed to connect to the pfSense webgui? It should not be this difficult!  ;)

    Steve



  • Thanks, okay, so the Wi-Fi router connections were right according to the forum threads.
    Still no connection and no Web-GUI.

    I am now having the optical drive go weird and keeps booting the CD.
    I even changed the BIOS to boot from HDD and not optical drive, but still boots and reinstalls from DVD.

    Now the install goes through the quick setup and then freezes with error:
    Writing configuration…

    Perhaps I should have the modem LAN connected to the pfSense WAN, but I thought it should still install?

    I'm thinking of downloading the pfSense OS again in case I downloaded a buggy OS? The USB install won't work either, which makes for an inconvenience burning onto DVD again.


  • Netgate Administrator

    Yes you should still be able to install with nothing connected to WAN. It will take longer to boot with no WAN connection, sometime a lot longer.
    Are you installing to a HD? Failure to write the configuation is not good. Is the HD known to be good?
    Why did you still have the DVD in the drive? Just remove it after install.

    Steve



  • Okay, so I bought a new motherboard, CPU, NIC and optical drive.

    Install ok and WAN and LAN IPs are found and I can ping pfSense's LAN from another computer.

    However, I still can't eject the DVD, so each reboot reinstalls the system?
    I suspect this is a problem with pfSense and this is the 2nd motherboard and optical drive with the same issue.
    Any ideas how to fix this?
    Yes, I have manually removed the DVD and reset the BIOS to boot from the storage drive, however the boot just looks for the optical drive to boot from?

    My network was unable to ping outside the WAN, so this probably means I need to configure pfSense's WebGUI now. Looking for a good link for a configuration.


  • Netgate Administrator

    Ok, the DVD thing is weird. Usually the drive ejects when the system restarts after the install.
    Are you actually installing or just booting the live DVD? If you're just running live it won't write to the HD adn won't eject the disk.

    Steve



  • I was installing with the pfSense default options which was booting off the LiveDVD.
    I have not pressed the option 'I' to install to the storage disk, however the install gets stuck at 36% each time?

    I've just downloaded the pfSense OS again in iso.gz format.
    I will try decompressing, burning and installing off a new DVD.



  • Okay, new DVD download pfSense-LiveCD-2.1-RELEASE-i386-20130911-1815.iso installs to storage disk and same freezing error:
    Executing Commands
    /usr/local/bin/cpdup -vvv -I -o /usr /mnt/usr
    [- 36%]



  • Well, pfSense finally installed completely, without any changes after the install kept sitting at 36%.

    Working out how to configure pfSense via GUI as only LAN access and no WAN access yet.

    Suddenly, pfSense's monitor went black and unable to ping pfSense, but can ping LAN still.

    Tried reboot but same issue?.

    Checking if hardware is fried:
    CPU fan ok.
    Keyboard ?
    LAN NIC ok.
    Mouse ?
    Optical drive ok.
    PSU fan ok.
    SSD ?
    VGA monitor ?
    WAN NIC ?


  • Netgate Administrator

    Getting stuck at 36% is unfortunately quite common in specific hardware. Some people have reported it will eventually install if you just wait otherwise there are work-arounds. See mine and JimPs comments in this thread:
    https://forum.pfsense.org/index.php/topic,71941.0.html

    The monitor suddenly going black sounds like some sort of hardware failure. There is no facility to disable the screen in pfSense. In fact some people have deliberately tried to do that but never really succeeded.
    Does it still show anything at boot?

    Steve



  • Thanks for the link.
    Finally installed pfSense to storage disk.

    Re no monitor, it's totally dead on boot nothing.
    I think the 2 x 2GB DDR3 RAM might be blown as I've tested all the other hardware up to this point.

    No spare DDR3 RAM to test so might have to buy some tomorrow.

    Is there a minimum re RAM. Seems coincidental that all this hardware I'm going through is breaking upon the pfSense install?



  • Well, was going to pull apart piece by piece the computer to find the problem…tried one lucky boot and it worked.
    Seems a rest of 5 hours helped the boot work.

    So, now back in pfSense GUI and can ping LAN, but not WAN.

    I setup pfSense Setup Wizard, but not sure and something not right with settings?


  • Netgate Administrator

    Ok well now you're getting somewhere.  :)
    You'll probably have to consider the hardware suspect until you find the fault. If you could still ping the LAN interface after the video went black I would first suspect the video hardware, either the monitor or the graphics card.

    Ok so you can't ping the WAN interface. Do you mean the WAN IP itself or the router on the WAN side?
    Is the pfSense WAN interface receiving an IP from the WAN router via dhcp?

    Steve



  • Yes, maybe the video card, but can't confirm yet.

    I've run some traceroute tests and LAN doesn't seem to go past the Wi-Fi router.
    Should go to the Switch > Wi-Fi router (192.168.1.180) > pfSense LAN (192.168.1.155) > pfSense WAN (DHCP currently 192.168.0.2) > cable modem LAN (192.168.0.50) > cable modem WAN (WAN IP) > Internet.

    $ traceroute 8.8.8.8
    traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
    1  192.168.1.180 (192.168.1.180)  0.241 ms  0.344 ms  0.418 ms
    2  * * *
    3  * * *
    4  * * *
    5  * * *
    6  * * *
    7  192.168.0.4 (192.168.0.4)  1114.118 ms !H  1114.127 ms !H  1114.123 ms !H

    $ traceroute www.google.com
    www.google.com: Name or service not known
    Cannot handle "host" cmdline arg `www.google.com' on position 1 (argc 1)

    $ traceroute google.com
    google.com: Name or service not known
    Cannot handle "host" cmdline arg `google.com' on position 1 (argc 1)


  • Moderator

    Can you ping from a client that is not on WIFI?

    The WIFI should be wired to one port on the switch and the Switch connected to pfSense LAN.

    Is your WIFI in Router mode or just an Access Point?


  • Netgate Administrator

    Yep, those things.

    We have been over so much now that I'm confused as to where we are.  :-
    Perhaps you could detail exactly what you have connected and what IP details you're using, dhcp etc.

    What is 192.168.0.4?

    The fact that the first hop is 192.168.1.180, your wifi router, is bad. Your clients should be sending traffic directly to pfSense not via the wifi router.

    Steve



  • Well I can ping everything on the LAN that is wired. The WiFi is down.

    I reconnected the Wi-Fi router (192.168.1.180) to the Switch and the Switch to the pfSense LAN (192.168.1.155).

    The WiFi router is in AP mode.
    I noticed the WiFi router's WAN Connection Type is Automatic Configuration - DHCP. Maybe this WiFi WAN should be set to a static IP of 192.168.1.155 (pfSense's LAN IP)?
    I rebooted the WiFi router and the WiFi WAN IP is 192.168.0.4.

    WiFi router details:
    Network Setup DHCP disabled. (Maybe this is the LAN settings).


  • Moderator

    @eiger3970:

    The WiFi router is in AP mode.
    I noticed the WiFi router's WAN Connection Type is Automatic Configuration - DHCP. Maybe this WiFi WAN should be set to a static IP of 192.168.1.155 (pfSense's LAN IP)?
    I rebooted the WiFi router and the WiFi WAN IP is 192.168.0.4.

    WiFi router details:
    Network Setup DHCP disabled. (Maybe this is the LAN settings).

    Glad that the Router is in AP mode and you have it wired to the switch.

    In the WIFI setup,  You can ignore the WAN setup as you put it into AP Mode.

    –------------

    The Cable Modem connects to the pfSense WAN interface (If its DHCP it will give the address to pfSense you dont need to worry about it)

    The LAN interface you must set this to a different address than the WAN. So for example use 192.168.1.1, mask 255.255.255.0  (/24 Subnet)

    So now you must ensure that all devices on your network share the same 192.168.1.X addressing. (/24 Subnet)

    Connect a cable from pfSense LAN and connect it to one of the ports on the Switch

    –------------

    Now connect a network cable from the switch to one of the LAN ports of the WIFI  (Set to AP Mode). DO NOT CONNECT anything to the WAN port of the WIFI unit.

    Set the WIFI LAN address to 192.168.1.2, 255.255.255.0.

    –------------

    Setup DHCP on pfsense and Disable DHCP on the WIFI.



  • Moderator

    I took another look at your previous email and I think you have you cable modem setup to receive a DHCP address from your ISP.

    You should log into the cable modem and set it to Bridged mode. This way it will not take the Internet Address and the pfSense WAN interface will take the DHCP Internet address properly.

    This will save you from other headaches down the road.


  • Netgate Administrator

    How did the wifi router acquire an IP address of 192.168.0.4? That's the subnet being handed out by the cable router. The two should not be able talk directly.

    Steve



  • Yes, the cable modem has DHCP server enabled.

    The cable modem receives a WAN IP from the ISP.
    The cable modem must be used as it's cable and there is no bridge mode.

    I prefer the Wi-Fi router's LAN IP with 192.168.1.180 rather than your suggested 192.168.1.2.
    The Wi-Fi router LAN also asks for a gateway, so I entered 192.168.1.155.

    My Wi-Fi router acquired the WAN IP address of 192.168.0.4 because I have to connect the cable modem's LAN into the Wi-Fi router's WAN to get Internet.
    I then remove the Ethernet cable from the Wi-Fi router's WAN and connect to pfSense's LAN and the Wi-Fi router has a WAN IP of 0.0.0.0.

    Yes, all networked devices are on the /24 subnet. (Only the modem and pfSense WAN are on a different subnet).

    pfSense can ping www.google.com, but the network can only ping the LAN and no Internet still.

    Here are the settings:
    Cable COAX > Cable Modem WAN > Cable Modem LAN > pfSense WAN > pfSense LAN > Switch > router LAN1 > router LAN2 > network.

    Modem DHCP server: enabled.
    Modem WAN default gateway from ISP: xxx.xxx.xxx.x.
    Modem WAN DMZ Address: 192.168.0.4. (not sure on where this address is for?)
    Modem WAN DHCP from ISP: xxx.xxx.xx.xx.
    Modem WAN DNS from ISP: 61.9.211.33.
    Modem WAN DNS from ISP: 61.9.211.1.
    Modem WAN subnet mask: 255.255.240.0.
    Modem LAN: 192.168.0.50.
    Modem LAN subnet mask: 255.255.255.0.
    pfSense DHCP server: disabled.
    pfSense WAN DHCP from modem LAN: 192.168.0.2/24.
    pfSense LAN: 192.168.1.155.
    Switch: to LAN networked devices.
    Router Wi-Fi DHCP server: disable as mode is AP.
    Router Wi-Fi WAN: not needed as mode is AP.
    Router Wi-Fi LAN: 192.168.1.180.
    Router Wi-Fi LAN subnet mask: 255.255.255.0.
    Router Wi-Fi LAN gateway: 192.168.1.155.
    Networked LAN devices DHCP server: disabled.
    Networked LAN devices: static 255.255.255.0 subnet IPs.


  • Netgate Administrator

    Ok. You can use 192.168.1.180 for the wifi router that makes no difference.

    It's interesting that the wifi router acquires the DMZ address from the cable router. The 'DMZ' is often used as a kind of quasi bridge mode when no real bridge mode is available.

    In your current setup you have three layers of NAT. The cable router, the the pfSense box and the wifi router are all NATing. Whilst this will probably work fine for most things you might find some things struggle, VoIP applications, Skype etc. You should try to to have just one layer of NAT but we can work on that after you actually get connected.

    So your wifi router is set to use DHCP on it's WAN interface to get an IP and it does that just fine when connected directly to the cable router. When you connect it to the pfSense LAN it defaults to 0.0.0.0 presumably because DHCP is disabled on the pfSense LAN. Why is it disabled? It should be enabled unless you are using all static addresses for your client machines. Why are you connecting the wifi router WAN to the pfSense LAN? When it is in access point mode you would usually connect one of the rouer LAN ports to the pfSense LAN.
    As I've said before I think the wifi router is just complicating things here. You should at least initially try to connect to the pfSense LAN using just a client connected to the switch and that connected to the pfSense LAN.

    The pfSense WAN interface is receiving an IP from the cable router correctly so that side of the connection may be working fine. You can test that from the pfSense console by selecting Shell (option 8 ) and trying some pings.

    Steve



  • I connected pfSense LAN to Switch, with no Wi-Fi router connected.

    192.168.1.155 pings 192.168.1.120.
    192.168.1.155 pings 192.168.1.40.
    192.168.1.155 pings 192.168.0.2.
    192.168.1.155 pings 192.168.0.50.
    192.168.1.155 pings 8.8.8.8.
    192.168.1.155 doesn't ping www.google.com.
    192.168.1.155 pings google.com.
    192.168.1.120 pings 192.168.1.155.
    192.168.1.120 pings 192.168.1.40.
    192.168.1.120 doesn't ping 192.168.0.2.
    192.168.1.120 doesn't ping 192.168.0.50.
    192.168.1.120 doesn't ping 8.8.8.8.
    192.168.1.120 doesn't ping www.google.com.
    192.168.1.120 doesn't ping google.com.
    192.168.1.40 pings 192.168.1.155.
    192.168.1.40 pings 192.168.1.120.
    192.168.1.40 doesn't ping 192.168.0.2.
    192.168.1.40 doesn't ping 192.168.0.50.
    192.168.1.40 doesn't ping 8.8.8.8.
    192.168.1.40 doesn't ping www.google.com.
    192.168.1.40 doesn't ping google.com.

    I'm guessing there's some setting on pfSense's default setup settings that isn't letting the LAN connect to the Internet?
    I've tried pfSense > Firewall > NAT > Port Forward > Add > Destination > Type: any > Destination port range > from: HTTP > to: HTTP > Redirect target IP (not sure, do I enter every LAN device's IP?) > Redirect target port ? > Save > Apply Changes.


  • Netgate Administrator

    So I'm guessing the 1.120 and 1.40 are clients connected to the switch behind pfSense?

    I assume when you say '192.168.1.155 pings 192.168.1.120' you mean you can ping 1.120 from  the pfSense console?

    You don't want to be doing port forwarding, remove any port forwards you've entered.

    The pfSense box can't ping google.com so DNS is not working. What do you see listed on the dashboard for DNS servers?
    'doesn't ping', while useful, is usually only half the result. It will give you a useful error like 'no route to host' or 'Cannot resolve: unknown host'.

    The fact that clients behind pfSense cannot ping the cable router at 192.168.0.50 means either NAT's not working or the routing is incorrect. In Firewall: NAT: Outbound: the mode should be set to automatic. That is the default setting though so unless you've altered it it should be working. You can check the routing at Diagnostics: Routes:. Please paste here the IPv4 section. The only other thing it could be is a firewall rule blocking it. The LAN interface has a default rule that allows all traffic from the LAN subnet so that shouldn't be a problem unless you've changed it. Anything that is blocked will appear in the firewall logs so you can check that.

    Steve


Log in to reply