Not able to ping through Wan or Lan
I would like to star off by saying I really appreciate any help that I can receive from this form as I am brand new to the networking side of things. I will let you know now that I will probably be asking a ton of questions and if any of the answers could be dumbed-down for a beginners level that would be great!
Okay onto what is happening, so I have downloaded pfsense form a usb drive onto one of my old computers that I would like to try to use as a router. I have purchased a NIC and added it to the pc. That being said I was able to install pfsense without a hitch but when I set it up with the default settings I am able to auto detect my Wan and Lan lines and they also show as up. So the first issue I notices is when I went to access the console UI through the given IP it displays as page not found, I then tried to ping the IP address of the router and all packets were lost. After that I set pfsense to default a couple of times and switch the Wan and Lan on the router. Between those attempts I have tried to ping out to google (22.214.171.124) and weebly (126.96.36.199), as in also pinging my laptop that I had connected directly to my Lan on the router, all returned with 100% packet loss.
So my question is what could be causing this, I would assume it is not the NIC or the internal network card as they both show as up when setting them up?
I have done some reading about this issue and everyone seemed to mention that a firewall could be blocking the outbound pings but would this be blocking internal pings, and what firewall is being talked about here?
Any advice or things to try would be great as this is a work in progress and I am eager to learn!
Thanks in advance everyone!
welcome to the network side :-)
As you wrote, you were able to setup pfSense and to autoconfigure your WAN and LAN interfaces.
After that you should set the nic of your PC to dhcp and connect it to the LAN interface of your installed pfSense box.
You now should get an IP form pfSense (192.168.1.100 presumably) and be able to ping the LAN IP as written on the terminal screen of pfSense, as well as reach the WebConfigurator.
If even that doesn't work, then there is something fundamently wrong with your hardware and/or your setup of pfSense.
It's close to impossible to figure that out remotely without more detailed information.
I recommend to start over with the above steps and report from there.
Thanks for the response and the welcome. So I have completed the steps you have suggested in your last post and still not connectivity, so here are some pictures and things I have tried.
One question, when you are setting up your interfaces should you be given an IP address from your Wan link? See photo 1.
You can see in photo 2 that I have tried to ping the router directly with all failures and this is after setting my ethernet port to DHCP.
In photo 3 you can see that I try to ping Google (188.8.131.52) directly from the router.
And in photo 4 you can see that when I set up the interfaces that all of their states change to up when plugged in.
Thanks again for your help so far, please let me know of any specifics I can leave to help you to understand my full issue.
as your screenshots reveal, it seems that the NIC autosensing of pfSense did not recognize your NICs (properly). The NICs you assigned to the interfaces are firewire.
I would suggest to disable firewire in the bios of your machine and restart the assigning of the interfaces (pfSense menu option 1)
Depending on the type of NIC you have, you should get interface names like for example re0 (Realtek) or igb0 (intel). It may also be possible that you can not use autosensing with your NICs and you have to type in the interface names manually. To clarify that you could post another screenshot of the list of available interfaces, when startet the assigning process.
If this all does not help, then your NICs are probably not (yet) supported by pfSense.
As long as you don't have the proper NICs setup correctly you will not be able to connect anywhere in any direction.
Thanks for getting back so quick, below are the results.
So I took your advice and I looked at the interface devices, see picture below for them and I wanted to just test the internal network card so I set the Wan interface to nfe0 and then I received the infinite loop that you see in the second image.
After seeing this information it seems that my NIC's are not compatible, is this correct?
The nfe0 seems to be the onboard nic.
I have no experience with these nvidia chipsets, as it seems it is not really well supported by pfSense.
The nic you added seems also to be some strange kind of all-in-one card with firewire.
The only usable interface (if any) should be re0.
Could you just manually assign the re0 to your wan and attach it to your current router to get an IP via DHCP (should then be visible on the pfSense terminal). Do NOT assign a LAN interface. That lets pfSense leave the firewall on the WAN interface open to connect to the WebConfigurator.
After that you should be able to connect to the WAN IP with your browser from a PC on your current LAN (which is then also the WAN on the pfSense).
If even that doesn't work, especially if you do not get an IP on the re0, then I would consider your nics as not suitable for pfSense and get myself other nics. Please don't get any combo-style nics, just plain ethernet only (preferably intel) ones. The cheapest way is to dumpster dive for old PCs or to ask friends if they have any left over. Even if you buy new ones they won't cost you as much as the headache it causes you to try to get any of your current nics to work with pfSense.
Hmm, something very wrong there. The re0 interface is shown as a firewire device. :o
Try disabling everything you don't need in the bios, sound card, parallel port, firewire etc.
Exactly whay hardware are you using?
Okay update time.
So we have had a good step forward! I was able to connect an ethernet cable to my NIC and then connect it directly to my router therefore creating a Lan to Lan connection (I think?). I was then able to ping google directly from pfsense without any packet loss. This was with setting the interface to re0 manually.
Atleast we know that this NIC works with sending out data but how will a Lan to Lan connection help me with the add of of pfsense? Not really sure if I would be able to use it as a router or just an add of firewall or how I would go about accessing the pfsense console. I tried to go to 192.168.1.1 but of course that brings up my current router, I then changed the current router to 192.168.1.2 and then tried to access pfsense's console by going to 192.168.1.1 and nothing.
So I am glad that I have determined that atleast one of the NIC's works and I am able to actually ping out to the inter webs but what now, what can I use pfsense for? (noob questions I know)
See pictures below and explanations. (forgive wiring mess :))
Last but not least you can see that on the far right I have the yellow as my Wan from modem and the second from the right (white) is the ethernet going to pfsense router, all other cables are Lan (switch) to the rest of the house.
I have an Idea… Maybe a little bit not what you want, but it appears that you single NIC is either a PCI or PCIe NIC. Is this correct?
If so, you can pull that NIC and replace it with a 2 port NIC, preferable made by intel, and you are home free.
If you have a PCI slot in there, and nothing gets in the way of this long card, this will work… If you pull out your current card to clear up a slot.
or if thats a pci-e slot
I'm sure you can get what you need for about $20 if you look around a little on ebay.
This is what I was thinking! I did not originally have it hooked up to the current router but wanted try to see if I could get access to anything within or outside on the internet, and it worked. I was wondering the way it is currently hooked up is there any way to configure it just as an add on firewall or is just pretty much wasting power?
I do see that the best option is to purchase a new NIC and I will do that ASAP just wondering how the functionality of everything tends to work on the network level, learning experience here.
Thanks again for the links any true difference between those two cards that you have linked? BTW it is a PCI slot on the motherboard, I do like how the second NIC that you have linked has the addition of the slim card backing slot.
No functional difference for you - I'd get the shorter PCI card
Less likely to interfere.
I'd also pop open the case and visually check that if the card is significantly longer than the slot it sits in it won't be hitting anything
Other than that, no issues. Should be plug and play.
This is the shorter one - Less likely to make you pull your hair out at install.
Just to clarify a bit here, when I install this card I will be able to use both slots, one for Wan and one for Lan on the same card and then be able to feed to a switch?
One other question while this thread is still going…
I would like to use this pfsense router as my main router coming from my modem as Wan and then out as Lan (of course) but then I would like to use my existing router after the firewall. So I believe I have two options, either to attach my old/current router in a Lan Lan config (Lan from pfsense going into Lan on old/current router) and or a Lan to Wan connection (Lan from pfsense to Wan on old/current router). I do understand if I go the Lan to Wan route that I would have to change the default IP of the old/current router to be able to access the pfsense web console. My goal is to be able to use that old/current router as an AP for wifi, what are the pros and cons of doing it either way?
Thank you in advance for everyone's help in the thread as I was able to finally conclude that the on board NIC is not supported by pfsense, will be purchasing the Intel NIC shortly!
Well - The smart thing to do is bridge your old mode/router to provide a public IP to pfsense WAN and don't use it for a switch/router at all.
Maybe eventually replace your combo modem router with just a modem. (assuming you are using some combo junk that was provided)
If there is another router with a bunch of ports on it, I'd also recommend not use it. Replace it with a dumb switch or 2 daisy chained switches of 1 isn''t enough for you..
orrrrrrrr…. take a look here:
Better description here...
Plenty of ports and you get to learn all about vlan if you don't already know.
I bolted 1 like that to the wall in my kids basement and never looked back...
But as far as the 2 port NIC card, yes - That will work well. Both ports providing a super super reliable WAN and LAN.
Incase you wonder "What would I do with a VLAN switch" AKA layer 2 managed switch,
You will have 1 lan and 1 wan.
Using vlans you can seperate traffic.
Create a network for sharing everything in the house…
Create Another that shares nothing and only has internet...
Create another that is kid friendly, no porn zone...
Whatever you need. And because its VLAN, you wont need a bunch of seperate LAN ports. The one LAN will do.
OR, you can just use it like a big, reliable, fast 24 port dumb switch and its still worth it.
I noticed that your router has no free ports, thats why I tossed that idea in.
"The smart thing to do is bridge your old mode/router to provide a public IP to pfsense WAN and don't use it for a switch/router at all.
Maybe eventually replace your combo modem router with just a modem. (assuming you are using some combo junk that was provided)"
I think you confused me a bit here, so just to clarify what is on my end, I do have a separate modem and a router, they are not in one unit. (I will not be using pfsense as a switch)
So just thinking this out in my head I would assume by bridging you mean to have the Wan from the modem go to the Wan into pfsense then Lan out of pfsense will go to current router, but do I want to set that router up as a Lan connection from pfsense or plug it into the Wan connection of the router to make it a dual router network or just use it as an AP/switch if that is possible?
Let me know if that makes any sense at all!
As for VLan I will have to worry about that down the road since I have not looked into it yet.
If your modem is one unit and your router is another, lets put your old router aside for a moment….
You would go from your cable or DSL modem into the WAN of the pfsense. Your pfsense replaces your old router.
Then you need a switch to plug into the LAN port of the pfsense.
I don't know what router you are using now, but unless it can be loaded with DDWRT, I wouldn't want to use it as your switch probably.
You see, routers tend to mess up NAT and DHCP when you attempt to use them as a switch.
Unless you are really pretty expert and know exactly what you are doing, I'd toss that old router and replace it with a switch.
You will be glad you did when you are sleeping nights instead of trouble shooting a flakey network.
Haha this makes perfect sense now, but as for a wifi connection (there is no room to put a wifi card into the pfsense router). In theory I could use that old router as an AP is that correct?
If you do it correctly, you would disable DHCP on the old router…
Disable NAT on the old router...
Then plug any 1 of the ports (other than WAN) on the old router into the switch you attach to pfsense LAN
And put tape over the WAN port of the old router, so no one ever tries to use that port.
And yes - you can wifi that way. You can even use it as a switch that way.
But so few people do it correctly, So I recommend a wireless AP and a good cheap switch instead.
What is the model number of your router?
I have a WD F2F
It looks nice… Maybe buy an AP and a switch and sell the router on ebay?
You can try to disable DHCP as I said and use it directly as a switch.
It might work. I use serveral routers I've loaded with DDWRT in the way you want but I wouldn't venture to try DDWRT on that router of yours.
In any case, the first step is buy that NIC (-;
Before you do that there is a potentially serious error in your config.
Earlier you said you have reset the box and used the default values. You also said your current router is using the 192.168.1.1 address. This is a problem because pfSense also uses that address for its LAN. You changed the router address to 192.168.1.2 but that is still in the same subnet. PfSense must have different subnets on its wan and lan otherwise routing will not work.
Change one device to use a different subnet, for example use: 192.168.100.1
That is correct, but I had never tried the dual router method as this last time I had only taken a Lan from the old router to the Wan of the pfsense router. This is not how the end result will be just wanted to test the NIC and see if I could get anything to work (pinging wise).
The end result will be the modem then the pfsense router and that router will then feed the old router via either Lan to Lan or possibly even Lan to Wan if I decide to do the last one that I will have to reset the IP subnet mask for the old router since it is set to the default 192.168.1.1.
Please let me know if I am understanding this correctly.
Thanks again everyone for all of the help!
Yes, that's correct. As long as your modem is a separate device you should be ok.
Sorry I jumped in there without thoroughly reading those last posts. ::)
I'm just not sure how successful you can be in turning off DHCP on that router and making it act like a switch. Thats what bugs me about the anticipated config.
And I'm certain you dont want modem > pfsense WAN > then pfsense LAN > Old Router WAN as thats double NAT (not Good)
If you start having issues, be aware that odds are its your old modem messing things up for you.
So I think I have completed my findings and come up with a plan of action to complete this network.
Okay so to start I just wanted to make sure that the internal card was not working so I tried every interface possible connected to the internal port with no success pinging to Google. So I can finally say my issue lies on the on-board port, not a big deal as I will get that Intel PCI card and go from there.
As for my completed network I will have the modem go to the Wan of the pfsense and then Lan out to a switch where I will have all of my computers hooked up via ethernet, also at two ends of those ethernet cables I will have to AP's one at one end of the house and another at the other. I already have one pure AP and I will try to configure my old router as an AP via a Lan to Lan connection.
One day I will convert my private network to a VLan but for now I will work with what I got since I have no clue how to set up a VLan.
Anyways thank you again for all of your help and if you have any further suggestions please let me know.
Enjoy. Let me know when its up (-: