No WAN connection…nic issue?
-
Hello,
I'm trying to figure my first pfsense box and I cant seem to get traffic on my WAN card (nfe0)
ifconfig nfe0 status: activeping 68.168.1.1 100.0% packet lossI'm pinging my test router.
Also, this interface does not show up on my router.
Here are a bunch of pictures, im at a loss for what is blocking traffic.
ps. I posted in hardware since I'm starting to feel like the issue is the nic itself, (cry of the noob; hardware is broken). If this is better suited elsewhere please move it.
-
Do you really have something upstream on 68.168.1.1?
That is a public IP address, and it would be a big coincidence that your ISP gave you and address that is so similar to the 192.168.1.1 default pfSense LAN IP ;)
What is your testing setup? More detail and we might be able to spot the problem, and I suggest don't use public IPs for private testing networks. -
ISP > home router (10. based) > test router (68.168.1.1) > pfsense box > laptop
The ip is a public one, just to make sure I didn't have issues with routing, (I later saw the check boxes to ignore those problems)
The test router is functioning properly. The goal was to make it simulate the cable modem.
-
The ip is a public one, just to make sure I didn't have issues with routing, (I later saw the check boxes to ignore those problems)
What do you mean?! :o ??? Stop stealing public IPs, even for testing, this will NOT work properly! Instead of preventing routing issues, it actually does cause them!
-
When you use an IP that is not yours, you are "spoofing", and many ISPs block IPs that they don't hand out. Packets don't magically route back to you, they route back to where the official registration of the IP is. Use private IPs, like one of the many /24 subnets you can have with the 10.x.x.x block.
-
ok, I may have a major flaw in my understanding, or perhaps I needed to clarify that both routers have NAT enabled.
I thought that my "internal" address were irrelevant. Furthermore my internet was functioning at the "test"router.Regardless I changed all my internal stuff to RFC 1918
Comcast ISP > home router (10. based) > test router (192.168. based) > pfsense (Lan 172.16 based.) > laptop
connection fails at /////
Comcast ISP > home router (10. based) > test router (192.168. based) /////// pfsense (Lan 172.16 based.) > laptop
-
Yes, aside from all the banter about private and public IP addresses, your little test scenario should work fine because you are behind NAT. (The only problem you would have in real life is reaching any web services at the real 68.168.1.* public addresses)
From your previous screenshots it all looks good on pfSense.
Check that testrouter is passing packets, if it has a packet capture, then look for the incoming pings from pfSense.
Check the lights on the pfSense WAN and testrouter LAN NICs? Is the cable good? Are the NICs old, and thus you need a crossover cable to make a direct connection? Put a switch in the middle and have 2 cables - avoids the crossover cable question.
-
I booted the pfsense box with an Ubuntu live disk and all the connections work.
It shows on the test router DHCP list and responds to pings.edit– I swapped the interface roles. Now the issues looks like
Comcast ISP > home router (10. based) > test router (192.168. based) > pfsense (Lan 172.16 based.) ///// laptop
issue at ///the problem is revolving around the specific interface.
-
You see anything in the logs?
Can you set the pfSense WAN to DHCP instead of using static IPs, does it receive an IP from the upstream router?
Steve
-
So now that the nic in question is the lan. I opened the log /var/log/dhcd.log
edit : the dhcp IS being received by my laptop.
I also tried custom loading the kernel module if_nfe.ko
It appears to have loaded, but no change in the NIC.more info:
I can ping from pfsense to my laptop, but not back.
-
Nothing in the firewall log?
Something that jumps out at me is that your nfe0 NIC has flow-control enabled. If the connecting NIC is not supporting that it could explain it. Though you might expect no traffic at all. Try running this to see what modes it supports:
ifconfig -m nfe0Also you could try disabling all the hardware offloading options in System: Advanced: Networking:
Steve
