Can ping to LAN but not Web Configurator

johnpoz · Aug 27, 2014, 12:32 PM

"LAN interface IP is 10.0.0.1"

Why are you changing the lan IP during the install process? When did you change it to that.. Did you restart the web from console. I would suggest fresh install.. Let it come up on default which would be 192.168.0.1 I believe - and then try and get to the web gui. Once you finish the setup then try changing the IP of your lan interface on pfsense to your 10 address you want.

stephenw10 · Aug 27, 2014, 1:55 PM

I agree. There have been issues with changing the LAN subnet during initial install, though I've never seen that personally. The symptoms seem to indicate the webserver is not listening/responding on the correct address/port for whatever reason. It may be possible to diagnose that but it's probably easier to re-install to the standard values and then change it later as John suggests.

Steve

SKT174 · Sep 11, 2014, 5:29 AM

Hi Guys

Terribly sorry for not getting back sooner, I've been away.

I've taken some photos of my setup

As you can see

WAN is set to UE0 interface with IP 192.168.16.204
LAN is set to UE1 interface with Default IP 192.168.1.1

The RED cable is WAN connection
The BLUE cable is LAN connection, it connects to a switch. My notebook connects to the same switch.

The notebook gets IP from PFSense DHCP with the range from 192.168.1.100 - 192.168.1.150

I can select option 7 from PFSense console to ping my Laptop.

As you can see on my notebook screen .. I can also ping the PFSense box, but when I tried the Web Config page 192.168.1.1, I get the error message, if you look closely to the browser tab, you can actually see the PFSense logo.

Any idea what might have caused this? The notebook firewall has been switched off to make things easier.

Thanks in advance

johnpoz · Sep 11, 2014, 11:17 AM

And is your browser using a proxy.. And not set to bypass on local networks that would explain why it can not get to a local address.. If you have not set a proxy, then you have an infection would be my guess.

Fire up wireshark on the box - what does it show going on the wire..

kejianshi · Sep 11, 2014, 11:37 AM

Maybe I just got lost in the reading…

But if you are trying to reach the web gui on 10.0.0.1

and your lan address on pfsense is 192.168.1.1

You will never succeed.

Can you please attach a photo of the browser error you get when you try to access the web gui also?

stephenw10 · Sep 11, 2014, 12:28 PM

You have tried https yes?

Since you are seeing a pfsense favicon have you ever connected to another pfSense box at that address?

Steve

kejianshi · Sep 11, 2014, 1:12 PM

You know - Something very basic has to be wrong because in default setup, pfsense just works.

I suggest a reinstall from scratch and maybe even try another computer as client.

Also, check your cables.

johnpoz · Sep 11, 2014, 4:05 PM

I have setup pfsense I don't know how many times going back to very early version 1.x - running devolpment versions, etc. etc. Hardware and VM from everything to virtualbox, to vmware server 1, vmware server 2, esxi version 3.5 through 5.5

Have never seen it not just work out of the box. So here is the thing - is anything else connected to this switch, does the switch have an IP on it or just dumb switch.

Validate the MAC address pfsense has for its lan interface, and the mac address your pinging. On pfsense do a netstat do you see the web gui running?

[2.1.5-RELEASE][root@pfsense.local.lan]/root(7): ps -ax | grep lighty
46888 ?? S 0:17.64 /usr/local/sbin/lighttpd -f /var/etc/lighty-webConfigurator.conf

[2.1.5-RELEASE][root@pfsense.local.lan]/root(9): netstat -an | grep .80
tcp6 0 0 *.80 . LISTEN
tcp4 0 0 *.80 . LISTEN

[2.1.5-RELEASE][root@pfsense.local.lan]/root(10): ifconfig

vmx3f1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
options=403bb <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,tso4,tso6,vlan_hwtso>ether 00:0c:29:1e:18:ae
inet 192.168.1.253 netmask 0xffffff00 broadcast 192.168.1.255

And again - run wireshark on the box your trying to connect to pfsense on.. What does it show? I would really look to your browser being setup to use a proxy, and not set to bypass for local network, or infected. You don't have anything installed on this pfsense install like squid or snort, etc.? Its clean - and your saying its routing internet traffic - but you can not connect to even run the first setup wizard and change the pfsense password, etc.</rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,tso4,tso6,vlan_hwtso></up,broadcast,running,simplex,multicast>

kejianshi · Sep 11, 2014, 4:21 PM

Interesting idea that maybe something else is interfering…

Unplug the switch. Plug the computer directly into the pfsense LAN with nothing else attached then give it a try.

johnpoz · Sep 11, 2014, 7:51 PM

^ for all we know for his switch he is using some soho routers switch ports and it has an IP of 192.168.1.1, which you would think he would get that web gui. But when something doesn't work that you think should be working, it takes 2 seconds to validate your actually talking to the correct something. Have run into duplicate IPs too many times to not validate the mac.

I would think more likely reason is that his browser is just using some proxy..

stephenw10 · Sep 11, 2014, 8:47 PM

Some devices do not redirect to https when you try to use http and behave like this.
If you had two devices trying to be 192.168.1.1 would you get ping response in both directions? Especially if one of them was the switch.

Steve

johnpoz · Sep 11, 2014, 10:36 PM

no you could get answer to ping

so from 192.168.1.100 I ping 192.168.1.1 but get mac of say the switch IP.. He answers. When you ping the 100 from pfsense .1 he pings the mac of .100 and .100 send answer to the mac that asked.

stephenw10 · Sep 11, 2014, 11:36 PM

Hmm, yes layer 2/3 difference. The MAC would show though as you've been saying.

Steve

SKT174 · Sep 11, 2014, 11:57 PM

Thanks for all the input guys, really appreciated.

As suggested, I've taken out the switch, now directly connect my notebook to LAN interface (white cable , UE1 on pfsense), WAN (UE0) still the same Red Cable

I followed the instructions as shown to me

I can't confirm the MAC address as the J5 creator doesn't print the MAC on the unit nor the package it came with

I've checked my Proxy setting to make sure

I've installed Wireshark and as soon as I go to the pfsense box (192.168.1.1) I get the RED text on Black shown in Wireshark

SKT174 · Sep 12, 2014, 12:05 AM

Oh I forgot to mentioned . Yes I've connected to another pfsense box to that address in the past.

And .. I've also tried connecting using another Desktop PC, same results.

It is a clean install, it doesn't route internet traffic yet, WAN interface is connected but I can't access internet on my notebook.

stephenw10 · Sep 12, 2014, 12:14 AM

Hmm, weird. Looks like the pfSense box is replying but your laptop is ignoring the replies. Perhaps. :-\

Are you able to browse other external sites? Ping external addresses? In other words is routing working?

I notice your WAN interface has auto-negotiated to 10Mb which is odd but shouldn't be causing this.

Steve

Derelict · Sep 12, 2014, 12:32 AM

I've installed Wireshark and as soon as I go to the pfsense box (192.168.1.1) I get the RED text on Black shown in Wireshark

SYN from you
SYN,ACK from pfSense
ACK from you should be next. It's not there so you aren't getting the webConfigurator.

SKT174 · Sep 12, 2014, 12:37 AM

So .. just to be sure I'm not doing anything stupid…

I've wipe & Re-Install PFsense again.

I selected option 1

I selected option I

And it is still not working for some strange reason.

The routing isn't working either as I can't access external internet.

kejianshi · Sep 12, 2014, 1:22 AM

More USB ethernet…

Trouble shooting these setups is always hard when they are so simple and yet things refuse to work, but I don't like USB ethernet, and I'm sure its working for some people in some installations, but up to this point, its the most likely culprit I've noticed. You don't have even a single built in NIC?

SKT174 · Sep 12, 2014, 1:21 AM

I'm thinking whether it's those USB ethernet adapter is causing it. I'll see if I can try another brand and see if it makes any difference.