Pfsense + Thomson ST510

cpjitservices

Hi everyone,

I'm having a little trouble with why I can't get an internet connection.

My setup is as follows… Thomson ST510 > Assign public IP to a device = my pfsense.
Pfsense gets my external IP on its WAN interface and gets my ISP's gateway through DHCP - gateways can be seen in gateways under routing.
Pfsense is also getting ISP DNS server addresses via DHCP.

However I lose all connection to the internet - pfsense cannot ping anything internet facing on WAN. - Not even ISP gateways.

What have I configured wrongly ??

Thanks in advance!

stephenw10

A common setup error is to put a gateway on LAN.
If you have an incomplete but present IPv6 implementation coming from your ISP or router then pfSense may attempt to us that first. https://doc.pfsense.org/index.php/Controlling_IPv6_or_IPv4_Preference

Please give more details.

Steve

cpjitservices

Hi,

Nope my ISP isn't doling out any IPV6 and never will.

Should I disable IPv6 anyway ?

thanks for the reply, what would I use as the gateway on LAN ? When I use DHCP on the WAN side im not sure what to use as gateway - pfsense has my ISP's gateway and my WAN Has my static IP provided by my ISP

Do I use my static IP as the gateway ?

Thanks!

Chris.

stephenw10

You shouldn't have a gateway on the LAN interface. Putting one in is the common mistake. ;)
If you try to ping, say, google.com and 8.8.8.8 from the pfSense console what is the error given?

Steve

cpjitservices

ok if I set it up how I did it before with just a GW on the WAN from my ISP, if I ping google I get failed pings.

Ping output:
PING 8.8.8.8 (8.8.8.8) from 77.86.33.157: 56 data bytes

–- 8.8.8.8 ping statistics ---
3 packets transmitted, 0 packets received, 100.0% packet loss

cpjitservices

At present the only interface that has a GW is WAN, to get internet access I have to set the WAN IP to '192.168.1.253' with a GW of '192.168.1.254' then I get internet access… but I'd rather have pfsense do all of the routing and only have the Thomson as a Modem.

When my Static External address is set via DHCP still no internet access.

Puzzled :S :o

verigoth

Wait your WAN IP is 192.168.1.x? Then you need to uncheck the box on the WAN interface that says, "Block private networks" AND use a different subnet (e.g. 192.168.2.x) on the LAN interface.

cpjitservices

^^^^ done both of those… using 192.168.2.0/24 on my lan and have unchecked the box ... it works its only when I use DHCP on the WAN and get my EXTERNAL IP when it doesnt.

verigoth

Is it a static address or is it DHCP? If it is static you need to assign a gateway. If it's DHCP verify that it gets a gateway and DNS servers (Status -> Interfaces - Gateway IPv4 and ISP DNS servers).

stephenw10

@cpjitservices:

if I ping google I get failed pings.

So it resolves google.com to it's IP? DNS is working?

Steve

cpjitservices

Hi,

If I ping - It fails. I posted the output in a previous post.

I'm using DHCP when it doesnt work.. My IP (External Static from ISP) gets assigned to WAN interface, My ISP's gateways also appear in Gateways and I also receive the DNS Server IP's.

IF I set a manual address of '192.168.1.253' on my WAN and a GW of '192.168.1.254' I get Internet access.

As setup in the images - my Internet works - As soon as I set my WAN to DHCP I no longer get internet access and no idea why.

Thanks in advance for all of your help - I appreciate it.

pf1.PNG_thumb

pf2.PNG_thumb

cpjitservices

Hi all,

I have done some screenshots of DHCP on WAN side.

![pf broken.PNG](/public/imported_attachments/1/pf broken.PNG)
![pf broken.PNG_thumb](/public/imported_attachments/1/pf broken.PNG_thumb)

pf_gatewaydhcp.PNG_thumb

pf_gwunnown.PNG_thumb

cpjitservices

For some reason when DHCP is set on WAN, i get IP on interface and receive gateway from ISP but that gateway cannot be reached.

cpjitservices

Any help most appreciated guys!!

Thanks!!

stephenw10

The reason I asked you to ping google.com as well as 8.8.8.8 was to determine if DNS was working. At this point it's probably not relevent since pinging by IP didn't work but the first thing that you see when pinging by URL is:

[2.1.3-RELEASE][root@pfsense.fire.box]/root(1): ping google.com
PING google.com (173.194.34.174): 56 data bytes
64 bytes from 173.194.34.174: icmp_seq=0 ttl=56 time=13.773 ms

You can see that it has resolved the url to an IP.

I notice that the IP you're given when set to DHCP on WAN is still a private address in the 10.0.0.0/8 range. Is that the same type of address that the Thompsom router gets if it's connecting without pfSense?

Steve

stephenw10

If your ISP really is handing out 10/8 IPs, if it's doing CGN for example, then you may have to disable the firewall in the ST510. You probably want to do that anyway.

http://www.petenetlive.com/KB/Article/0000210.htm

If having selected to assign the public IP to a device in the router you can still access the internet by using the routers lan side subnet details manually then I would suggest it has not correctly assigned the public IP.

Steve

cpjitservices

Yes, My ISP's gateway is in the 10. range. (Private range) my thomson router has a 10.0.0.138 IP but this cannot be reached at all when I set my WAN to DHCP.

stephenw10

What subnet is your ISP handing the WAN?
Some ISPs are now handing out /32 subnets via DHCP which is not a standards compliant configuration. Other OSes allow this configuration (Windows, some Linux distros) but FreeBSD does not. There is a workaround.

Steve

cpjitservices

I believe it's a /30.

Not entirely sure - you've got to realize that the ISP we are dealing with here isn;t your usual ISP, they do things very differently.

I'm within this range.

https://apps.db.ripe.net/search/query.html?searchtext=77.86.33.157&searchSubmit=search#resultsAnchor

I'll be honest I think it's a slash /30 but it COULD be A /32

Anyway I can find out ??

stephenw10

Ah, the broadband principality of Hull! ;)

The address in that link is not handed to you then?

Go to Status: Interfaces: in the webgui. All the details handed to you should be there.

Steve