PfSense install blocks Internet, but computer into modem has Internet?

stephenw10 · Apr 23, 2014, 1:37 AM

Gateway on LAN perhaps?

Can you ping internet hosts from the pfSense diagnostic page? Is it able to check for updates?

Steve

eiger3970 · Apr 23, 2014, 4:59 AM

pfSense diagnostics fails to ping the Internet.

I tried a few other cable connections on the network.

Tried a few more configurations:
pfSense factory restored.
pfSense WAN: 192.168.0.2/24.
pfSense LAN: 192.168.1.155/24.

Modem settings:
LAN IP: 192.168.0.50.
Firewall > Port Forwarding > ports 1 - 65535 to Local IP Address: 192.168.0.2.
WAN setup > DMZ Address: 192.168.0.0.

Modem connected to pfSense:
Network pings other network devices.
Network pings pfSense LAN 192.168.1.155.
Network pings pfSense's WAN 192.168.0.2.
Network pings modem's LAN 192.168.0.50.
Network can’t ping Internet.

Modem disconnected from pfSense and connected to Mac.
Mac pings Internet.
MAC DHCP IP 192.168.0.200.
Mac Subnet Mask: 255.255.255.0.

Modem disconnected from pfSense and connected to Linux Mint.
Linux can’t ping Internet.
Linux pings modem 192.168.0.50.
Linux DHCP IP 192.168.0.201.
Linux Bcast: 192.168.0.255.
Linux Subnet Mask: 255.255.255.0.
I changed Modem > Firewall > Port Forwarding > Ports 1 - 65535 to Local IP Address: 192.168.0.201.

eiger3970 · Apr 23, 2014, 5:59 AM

Well, I turned off the cable modem for 30 minutes.
I then plugged the modem into pfSense and turned on the cable modem.
My Mac computer had Internet for 5 seconds.
My Linux computer had no Internet.

I am guessing the modem may have locked Internet access to a MAC address on the Mac computer, rather than on the pfSense router.

So, I think now that the modem is allowing Internet via the pfSense router's MAC address, that pfSense is now blocking Internet as pfSense has been factory restored and I need to find out the settings to allow Internet.

Tests:
Linux unable to ping 192.168.0.2 (pfSense WAN).
Linux unable to ping 192.168.0.50 (modem LAN).
Linux able to ping Mac on 192.168.1.40.
Linux unable to ping Internet.
Mac unable to ping 192.168.0.2 (pfSense WAN).
Mac unable to ping 192.168.0.50 (pfSense LAN).
Mac able to ping Linux on 192.168.1.120.
Mac unable to ping Internet.
pfSense unable to ping 192.168.0.2 (pfSense WAN).
pfSense unable to ping 192.168.0.50 (modem LAN).
pfSense able to ping computer Mac on 192.168.1.40.
pfSense able to ping computer Linux on 192.168.1.120.

I am now disconnecting the modem from pfSense and connecting the modem to the Mac.
I now have Internet to post this and to look for pfSense settings to allow Internet.

eiger3970 · Apr 23, 2014, 7:14 AM

So I think I have narrowed down the problem to pfSense > Diagnostics > can't ping pfSense WAN 192.168.0.2.

Any suggestions please?

eiger3970 · Apr 23, 2014, 8:26 AM

I turned off the modem for 30 minutes (the first turn off was for 10 minutes), connected the modem to pfSense, started up the modem.
Mac now has Internet.
Linux has no Internet.
Linux pings Mac.
Linux pings pfSense LAN 192.168.1.155.
Linux pings pfSense WAN 192.168.0.2.
Linux pings modem LAN 192.168.0.50.

Any suggestions on fixing this?

eiger3970 · Apr 23, 2014, 8:56 AM

Well, Mac has limited Internet.
No YouTube and some sites load, then don't load, then load?

stephenw10 · Apr 23, 2014, 11:08 AM

Please confirm that you have only one gateway setup in pfSense that it's on the WAN interface and is set as default.
You can do so in System: Routing: Gateways: or check the gateways in Status: Gateways:
If you could post a screenshot of System: Routing: Gateways: that would be great.

Not being able to ping itself implies it's sending traffic the wrong way which can happen if you have an incorrect gateway setup. Its a very common setup error.

Steve

eiger3970 · Apr 23, 2014, 12:25 PM

Yes, there is only one gateway setup in pfSense, on the WAN interface, set as default.

![pfSense System Routing Gateways.png](/public/imported_attachments/1/pfSense System Routing Gateways.png)
![pfSense System Routing Gateways.png_thumb](/public/imported_attachments/1/pfSense System Routing Gateways.png_thumb)

fragged · Apr 23, 2014, 12:54 PM

Your WAN is within a private network so uncheck Block private networks on WAN interface settings.

eiger3970 · Apr 23, 2014, 2:11 PM

Thank you. Yes, I have done that and Internet seems to work 100% on the Mac now, however the Linux computer still has no Internet?

Linux has a DHCP:
inet addr:192.168.1.14
Bcast:192.168.1.255
Mask:255.255.255.0

I rebooted the Linux computer after pfSense's change, but same issue?

stephenw10 · Apr 23, 2014, 2:12 PM

Ok.
The pfSense box still can't ping its own WAN address?

Lets look at your routing table. Diagnostics: Routes:

Do you use IPv6 at all? You might consider disabling it completely if you don't.

What is the Linux box using for its gateway?

Steve

eiger3970 · Apr 23, 2014, 2:51 PM

So, pfSense can now ping from the pfSense LAN 192.168.1.155 to the pfSense WAN 192.168.0.2.

The Mac computer is now working on the Internet 100% it seems.
The Linux computer has no Internet.
Linux computer has a DHCP IP 192.168.1.120.
Default gateway: 192.168.1.155.
Subnet: 255.255.255.0.
Bcast:192.168.1.255.

stephenw10 · Apr 23, 2014, 5:41 PM

Hmm. Nothing in the firewall logs I assume.

The pfSense box can now ping external addresses too?

The only other reason that one device might not be getting routed to the internet is that the NAT rules are not capturing traffic from it correctly. Have you switched to manual outbound NAT rules?

Possibly this is some IPv6 issue such as Linux is using IPv6 as a preference but your router does not support it.

Steve

fragged · Apr 23, 2014, 5:50 PM

Can you ping pfSense and things on the Internet (Google DNS, 8.8.8.8?) from your Linux machine? If yes, does DNS work on the Linux machine?

eiger3970 · Apr 23, 2014, 10:56 PM

Thanks for the suggestions and yes, everything worked before I had to factory restore pfSense.

Odd behaviour:
Linux > ping > 8.8.8.8.
Linux > ping > 192.168.0.2 (pfSense WAN).
Linux > ping > 192.168.0.50 (modem LAN).
Linux > ping > 192.168.1.40 (computer Mac).
Linux > ping > 192.168.1.155 (pfSense LAN).
Linux > ping > www.google.com fails.
Linux flushed the DNS with command $ sudo /etc/init.d/dns-clean start > rebooted > same issue with no Internet.

Mac pings Internet.
Mac browsing is better. Browses 90% instead of 50% of Internet since I navigated to pfSense > Interfaces > WAN > Private networks > Block private networks: unticked > Block bogon networks: unticked.

pfSense > Diagnostics > Ping > www.google.com fails.
pfSense > Diagnostics > Ping > 8.8.8.8.
pfSense > Diagnostics > Ping > 192.168.0.2 (pfSense WAN).
pfSense > Diagnostics > Ping > 192.168.0.50 (modem LAN).
pfSense > Diagnostics > Ping > 192.168.1.40 (computer Mac).
pfSense > Diagnostics > Ping > 192.168.1.120 (computer Linux).
pfSense > Diagnostics > Ping > 192.168.1.155 (pfSense LAN).

Wi-Fi: no Internet.

Topper727 · Apr 24, 2014, 12:39 AM

In the pfSense gui, click system then general setup. Make sure you have atleast 1 DNS setup there and tell it your gateway (modem IP)

eiger3970 · Apr 24, 2014, 2:29 AM

Yes, I just added in a pfSense primary and secondary DNS which seems to have helped the Mac have 100% Internet.

Linux still no Internet.

Started rebuilding pfSense and installing Snort, then Mac stopped having Internet.
Had to disconnect modem from pfSense and connect to Mac to have Internet.

Tried pfSense restore to a previous version several hours earlier when modem in pfSense allow Mac to have Internet.
Still no Internet.
Factory restored modem and rebuilt and still no Internet when modem plugged into pfSense.

Either pfSense is faulty or the modem is faulty, however the modem works when plugged directly into a computer?

I think the modem model needs to be named and shamed at this point.

Model: BigPond NETGEAR Wireless Cable Modem Gateway CG814WG.
Cable MAC Address: 00:26:f2:36:1d:41.
CM certificate: Installed.
Device MAC Address: 00:26:f2:36:1d:43.
Hardware Version: 1.03.
Software Version: V3.9.26R15.
Standard Specification Compliant: DOCSIS 2.0.

Any suggestions on Internet through pfSense?
Last time I think I simply turned off the modem for 30 minutes, then plugged into pfSense and turned the modem on, and the Internet worked on the MAC (but not on the Linux).

charliem · Apr 24, 2014, 2:55 AM

It shouldn't be nearly this hard, and I think your problem is the combined gateway/modem/router/wireless_access_point device you just mentioned.

All cable modems that I've seen have supplied an IP address to pfSense WAN, from the ISP. Your device seems to be operating as its own firewall, dhcp server, etc. Can you put the device into bridge mode? Perhaps there's a later, less draconian, firmware available to flash.

No good can come from pfSense competing with, and downstream from, a SOHO router device.

eiger3970 · Apr 24, 2014, 3:28 AM

Sound advice charliem.

After resetting pfSense to factory defaults and rebuilding again, same issues:
pfSense > Diagnostics > Ping > 192.168.0.2 (pfSense WAN).
pfSense > Diagnostics > ping > 192.168.0.50 (modem LAN) fails.
Rest of computer networks can ping each other via pfSense, but nothing to 192.168.0.50.

Unfortunately, the cable modem has no bridge mode.
The ISP has booked a technician to bring a new cable modem tomorrow (I won't hold my breath). I requested a 'business' modem or a modem with bridge mode, so I'm sure I'll end up with another crappy router with all the requests lost in ISP cyberspace.

Is there some hardware I can buy that pfSense forumers know about?
I would like some recommendations please.

eiger3970 · Apr 24, 2014, 4:50 AM

I have repeated the same tests several times and the modem works with Internet when directly in computers.
When pfSense is connected modem, pfSense will not ping 192.168.0.50 (Modem LAN).
Why?