[SOLVED] 2.1.3 upgrade issue - cant access internet



  • Hi!

    I just did a upgrade to 2.1.3 from 2.1.2

    At first everthing looked awesome and I thought all was working, but my clients cant access internet. Cant browse, ping or traceroute.
    When I ping from my server I get:

    Pinging cisco.com [72.163.4.161] with 32 bytes of data.
    Reply from 192.168.1.1: Destination host unreachable.
    Reply from 192.168.1.1: Destination host unreachable.
    Reply from 192.168.1.1: Destination host unreachable.
    Reply from 192.168.1.1: Destination host unreachable.

    And when I traceroute I get:

    Tracing route to cisco.com [72.163.4.161]
    over a maximum of 30 hops:

    1    <1 ms    <1 ms    <1 ms  pfsense.bla.int [192.168.1.1]
      2  pfsense.bla.int [192.168.1.1]  reports: Destination host unreachable.

    Trace complete.

    Its same on any computer.
    I cant even ping/trace from my pfsense I get no output at all..
    But it still got internet. The wierd thing is that my VPN-connections are working (i'm at my parents house) and I can access pfsense, my server and clients from here but they cant get out.

    I've tried to ping the IP-adress also but no result so no DNS issue.

    Please help me :P


  • Banned

    Do you have port 53 open outbound?



  • The firewall settings are standard (default) except for my VPN-connections.

    So no its not open outbound.

    edit: my Dyn DNS is working just fine.



  • My wan Gateway is not running.. could that be the issue?

    Well, the service is running but says its offline..

    Edit: my pfsense can now ping and traceroute, but my clients.. noooooo…


  • Banned

    What are your outbound NAT rules?? HAve you specified any?



  • No ive got Automatic outbound NAT

    edit: I noticed on the dashboard that pfsense cant look for updates. "Unable to check for updates."


  • Banned

    That means it cant find the internet…...

    Check your routing table and gateway. Are those specified?



  • yeah, but still i can access it. And i can use ping traceroute from the firewall.

    Status: Gateways

    WANGW 192.168.0.1 192.168.0.1 0ms 100% Offline

    That ip-adress is the local ip at my parents house.

    At routeing table there are alot of ip-adresses. including my ISP, localhost, tunnel networks, remote networks.


  • Banned

    Is the WAN running DHCP or static IP?



  • WAN is running DHCP.

    And i get a WAN-adress and DNS from ISP.


  • Banned

    And thats the GW you are using?



  • default gateway on WAN interface is:  81.227.120.XXX
    default system gateway is: 192.168.0.1

    If I understand i'm not using the correct gateway?

    my LAN subnet is: 192.168.1.0/24



  • I changed to my ISP default gateway and now it works!!

    Thanks for the help!

    But, what if my ISP changes default gateway. Cant I use DHCP there?


  • Banned

    Huh? What are you doing there? Why are you messing with the DHCP assigned WAN gateway? What "default system gateway" are you configuring where?



  • Hi Doktornotor.

    In system -> routing.

    There I have "WANGW (default)", the gateway there was 192.168.0.1
    I changed it to the gateway my WAN-interface have.


  • Banned

    @sp00ky:

    In system -> routing.

    There I have "WANGW (default)", the gateway there was 192.168.0.1
    I changed it to the gateway my WAN-interface have.

    I really do not get what you are doing. There should be exactly zero need to configure anything there. Just configure the WAN interface properly.



  • @doktornotor:

    @sp00ky:

    In system -> routing.

    There I have "WANGW (default)", the gateway there was 192.168.0.1
    I changed it to the gateway my WAN-interface have.

    I really do not get what you are doing. There should be exactly zero need to configure anything there. Just configure the WAN interface properly.

    How should I configure my WAN-interface? I use DHCP and nothing more is used except for the private networks blocks.



  • @sp00ky:

    @doktornotor:

    @sp00ky:

    In system -> routing.

    There I have "WANGW (default)", the gateway there was 192.168.0.1
    I changed it to the gateway my WAN-interface have.

    I really do not get what you are doing. There should be exactly zero need to configure anything there. Just configure the WAN interface properly.

    How should I configure my WAN-interface? I use DHCP and nothing more is used except for the private networks blocks.

    Leave it on DHCP and don't touch any options that could change the DHCP assigned gateway, simple as that.


  • Banned

    As said above - leave the default gateway as dynamic and delete whatever redundant/incorrect GWs mess you created manually.


  • Netgate Administrator

    Yes, the question here is: where did 192.168.0.1 come from?
    Since it's not your LAN subnet and not an IP your ISP would be handing out, do you have other internal interfaces? VPN perhaps?
    One possibility is that your WAN is a cable connection and that you have a cable modem that hands out private IPs when it can't see the ISP. If that is the case you can prevent it happening by selecting IP addresses to refuse int he dhcp setup.

    Steve