No LAN connectivity of any kind

  • I've got a problem with a 2.1 release pfSense install that is manifesting itself as described below.

    First, some background…

    The box is sitting between a Comcast supplied modem/router and a 3com switch hooked up to the rest of the network. The rest of the network consists of a 2003 SBS server, a barracuda spam filter, a WAP, and around a dozen workstations.

    IP addressing scheme is as follows:

    Comcast device LAN side -
    pfSense device WAN side (re0) - DHCP (successfully retrieves and pings to Comcast device/internet)
    pfSense device LAN side (re1) - - static assignment

    Now that the background is out of the way...

    The issue I'm having is that I have absolutely 0 packets traveling across the LAN interface. All attempted pings report 100% packet loss from both the networked computers and from the CLI in pfSense. Additionally, the web configurator is down on both http and https. Also, running a <tcpdump -i="" re1="" -p="">reports 0 packets.

    I have tried configuring the LAN IP a couple of different ways - once without a default gateway, once with the DG set as its own LAN IP - no luck.

    Hardware is confirmed good and in the supported hardware list for pfSense.

    Anyone have any ideas?</tcpdump>

  • All attempted pings report 100% packet loss from both the networked computers and from the CLI in pfSense.

    From your description, the networked computers are on the WAN side of pfSense, so any attempt at access from there is blocked by default. You won't be able to access the webconfigurator from there either.
    Definitely never set a gateway on LAN. If you have done that, then unselect it, go to System->Routing and delete that gateway, and make sure to select the WAN_DHCP gateway as the default gateway.
    Plug a real device into the LAN port and post the output of "ping" from the real LAN device.

  • Confirmed that the devices are on the LAN side.

    Tried with and without a gateway on LAN through the CLI directly on the box (can't access the web configurator at all).

    Directly plugged a computer into the LAN side and the result of 'ping' from the client is:

    Request timed out.
    Request timed out.
    Request timed out.
    Request timed out.

    tcpdump on pfSense showed no packets of any kind on the LAN port.

    Any ideas?

  • Maybe the cables are physically plugged in opposite to what is selected for pfSense WAN and LAN.
    Use "arp -a" to see if the client even gets an ARP response to learn the MAC address of pfSense LAN.
    On the console you could swap the assigNments of WAN and LAN and then move cables around - that would help you see if there is a hardware issue with re1.
    Other than that, I'll leave it for others to think of the problem - if your LAN IP is then tcpdump would have to see the packet/s even if the firewall blocks them for some reason.

  • Netgate Administrator

    Is this a new setup or something that has been working any just failed?

    Zero packets sounds like you have a layer 1 problem so possibly bad cable, bad switch port, bad NIC.

    Other clients can ping each other across the switch? Are you using Static addressing throughout?


Log in to reply