NIC not working? No DHCP, no PING, no clue
I just installed prSense onto my desktop running an MSI K8NGM2 motherboard and an AMD Athlon 64 3000 processor. I installed pfSense to the hard drive from a live CD using the pfSense-LiveCD-2.1-RELEASE-i386-20130911-1815.iso image.
I ended up having to use a smaller root partition (/) size of 4 GB and the rest for /usr before I could get it to boot successfully after installation as per the troubleshooting guide.
Now that it is booting up, I am trying to get it configured to the point that I can use the web interface to finish the configuration. I am running into a problem, I can't get anything to work with the NIC, almost as if the NIC is not working.
I have a HP NC360T dual port NIC card installed. This has an intel chipset.
pfSense reports that there are two ports found and they are marked as active when I have a cable plugged into them. So far so good. I can assign a static IP address to the port used for LAN. To test it, I have a cable run from the LAN port, to a 5 port switch. I have my main dekstop also on that switch, those are the only two connections on that switch.
My main desktop is unable to obtain a IP address via DHCP. I manually set the IP address on my main desktop (pfsense=192.168.0.1, desktop=192.168.0.2) and I still am unable to open the pfSense web interface or even ping it from my dekstop. In pfSense, I am also unable to successfully ping my desktop.
Any thoughts on what troubleshooting steps I should try next?
our sure your lan interface is coming up and not wan.. So dual port nic, which port is which? Top or bottom, etc..
If pfsense shows the interface active - but can not ping, are you arping the mac atleast.. If your seeing the right mac then most lilkely a filewall issue blocking icmp, or a duplex mismatch?
Maybe one of your nics does not like the switch?
Is there some reason you're not using the default 192.168.1.1 address for LAN?
I recommend you use that at least as a test. The default settings are known to be good. I have seen some, unconfirmed, reports that assigning a new subnet to LAN at the initial config CLI causes some issues where as assigning it via the webgui does not. I've not experienced that myself but it's easy enough to try.
I finished some troubleshooting. Used my netbook instead of my desktop, different network cable, tried skipping the switch and going direct pfsense computer to netbook, tried a different switch. In all cases the result was the same, still could not ping pfsense machine or vice versa.
In reviewing the /var/log/system.log I noticed an error regarding setting the default route. It was trying to set it to the wrong IP address for the LAN port of pfSense. I promptly issued a 4) Reset to Factory Default to get back to a known good state including using 192.168.1.1 as the LAN IP address.
After rebooting there is no change. Still can't ping it or access web interface.
On my dual port NIC (NC360T), the port closer to the motherboard is EM0 and the upper port is EM1. I am able to use autodetection to assign the ports. pfSense correctly reports the interfaces as up or down when booted with the cables plugged in or unplugged.
Right now I am trying to test pfSense as a standalone box with a single LAN computer connected to it. I am starting to think that pfSense does not like having the WAN port disconnected during the setup. Perhaps that is related to the default route error message I saw.
To test this, I connected the WAN port to the same switch used for LAN. No change. I then tried connecting the WAN port to an old router. The router had nothing else connected to it but did have DHCP enabled. Still no change.
I have noticed that on WAN port on the pfSense computer one of the light stays orange. This was orange when I used EM0 as WAN and when I used EM1 as WAN. Whatever port I assign to LAN does not have this issue regardless of if its EM0 or EM1.
Just for kicks I checked that old router to see if the pfSense had tried to get an IP address for its WAN port. It had requested an address and was given 192.168.0.100. I am guessing pfSense has some smarts to know that address is not legal for WAN because it shows no IP address on the pfSense display.
So here is my theory. Please someone confirm this:
1. pfSense may not initially be configured without an active WAN connection.
2. pfSense will not allow an address in the LAN reserved range to be assigned to the WAN connection.
I have a cable modem router wifi AP combo from my internet provider. I can call them and have it switched to dumb cable modem mode. I wanted to test pfSense to make sure it would work for me before I did this though. If my above 2 assumptions are correct, then the only way for me to get pfSense up and running is to have my cable modem switched from a router to dumb cable modem mode and have it connected to the pfSense computer when initially configuring pfSense.
Neither of those are true as far as I'm aware.
The WAN address can certainly be in a private subnet and usually that doesn't cause any issues. It's better to have a public IP on the WAN as it makes further configuration for port forwards, VPNs etc much easier but for testing it should work fine behind your router.
It should be possible to setup pfSense without a WAN connection but it does introduce long delays at boot. Connecting it to an old router should resolve some of those though it still won't be able to find an upstream NTP server. It should be correctly receiving an IP from the router though. You often have to refresh the console menu so see interface changes. If it;s asking for an IP and being offered one I can't see why it wouldn't appear successfully. Check the logs.
The orange light is probably indicating a 100Mb connection as opposed to green for Gigabit. Does that seems likely?
When you set a different IP address for the LAN did you set a gateway on LAN? That seems to catch out quite a few people and can kill routing.
wan does not need to be connected to access the gui.
on first install accept defaults and make sure you are using the right nic for lan.
sometimes pc's are stubborn in getting a ip address through dhcp if going to another router setup, on pc getting an ip address from pfsense make sure dhcp is enabled and/or reset its config, if that fails set your pc nic manually for ip address(eg. 192.168.1.10) and subnet 255.255.255.0, gateway & dns 192.168.1.1.
make sure you clear your browser history, certificates if previous router/firewall was also setup on 192.168.1.1