Pfsense has internet but the clients do not
-
Hello,
My configuration:
I have pfsense installed in a box with 2 LAN and 1 WAN interface. The WAN interface is connected to the managed switch that has a ISP connection and is behind a company network firewall. The two LAN interfaces are configured to run SNR and throughput tests. The WAN interface and the LAN interfaces are configured as per the screenshot.
I also have squid proxy running which is pointing to the same proxy server (10.122.123.18) that the company firewall network holds. I have configured the WPAD settings to be able to redirect to the proxy server accordingly.
The Issue:
Currently, I am able to get internet connection in the pfsense box as I see the available packages and the message "You are currently running the updated version". But with the automatic proxy settings configured in the browser of the clients of these LAN interfaces, I still cannot get to browse the internet as I get the message of unable to connect to the proxy server.
I have attached the appropriate screenshots
I would really appreciate any help
Thanks
-
Here is the result from ipconfig/all:
C:\Documents and Settings\Administrator>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : Aroosh1
Primary Dns Suffix . . . . . . . : wifi-systems.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : wifi-systems.com
wifi-systems.comEthernet adapter AP_Link_INT1:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) Gigabit CT Desktop Adapter
Physical Address. . . . . . . . . : 68-05-CA-24-4F-67
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.1.1.20
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.1.1.1
DNS Servers . . . . . . . . . . . : 8.8.8.8
8.8.4.4Ethernet adapter E-Corp:
Connection-specific DNS Suffix . : wifi-systems.com
Description . . . . . . . . . . . : Intel(R) PRO/1000 GT Desktop Adapter
Physical Address. . . . . . . . . : 90-E2-BA-5A-38-26
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 10.1.2.103
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.1.2.1
DHCP Server . . . . . . . . . . . : 10.1.2.1
DNS Servers . . . . . . . . . . . : 10.1.2.1
Lease Obtained. . . . . . . . . . : Thursday, October 02, 2014 4:49:16 PM
Lease Expires . . . . . . . . . . : Thursday, October 02, 2014 6:49:16 PM -
And the screenshots :)
https://www.dropbox.com/s/q4mlmkfn4sz3sbf/dashboard.JPG?dl=0
https://www.dropbox.com/s/hdgc917flql2nv1/interfaces.JPG?dl=0
https://www.dropbox.com/s/zzw4qtviuav1unz/lan%20settings%20%281%29.JPG?dl=0
https://www.dropbox.com/s/pjbiw9rppqb2f8q/proxy%20settings.JPG?dl=0
https://www.dropbox.com/s/zt5eakjz90351zl/wpad%20configuration%20%281%29.JPG?dl=0
-
Why does this box have 2 connections??
And your still pointing to the dns that you cearly can never talk too 8.8.8.8 from what you said in other posts.. And why did you start yet another thread on this same subject?
Your pictures don't match up with what you posted for ipconfig /all - that 3 pic points to dns on your wan network.
Do you have a wpad.dat file at wpad.wifi-systems.com or 10.1.2.1 ?
What is serving up the wpad.dat file?? Did you setup squid to do that? You need something at port 80 to serve up the pac file or wpad.dat that gives the details of the proxy.
Once your browser resolves your wpad.domain.tld it will try and download the pac file via url http://wpad.yorudomain.tld/wpad.dat
You need something serving up that pac file at the IP wpad resolves too. And you have to create the pac file with the correct info.. I would think squid could auto do that but have not played with the pfsense squid package in a long time. I will try and fire it up tonight so can show you the how to set it up or how to create the wpad.dat file, etc.
-
Hey johnpoz, thanks a bunch for the reply! :)
Yeah for some reason, it was set to static IP for one of the LAN cards so the dns is pointing to 8.8.8.8..but I fixed it to be set by the DHCP server and now it points to the gateway of the DHCP server.
None of my clients are pointing to google dns as you specified yesterday. The pfsense default dns is pointing to the local dns server and hence I am able to get internet in the pfsense box (and see the available packages too).
I have a wpad.dat file at 10.1.2.1. The configuration of the file is:
function FindProxyForURL(url,host)
{
return "PROXY 10.122.123.18:3128";
}I have setup squid but I am not too sure how to setup the port 80 to serve up the wpad.dat file and so I attached the wpad configuration file that I configured for the DNS forwarder override hosts.
-
so can if you go to http://wpad.yorudomain.tld/wpad.dat download that file - if not then no it will never work.
As to pointing to 8.8.8.8 for dns - dude that is what you posted.
Ethernet adapter AP_Link_INT1:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) Gigabit CT Desktop Adapter
Physical Address. . . . . . . . . : 68-05-CA-24-4F-67
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.1.1.20
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.1.1.1
DNS Servers . . . . . . . . . . . : 8.8.8.8
8.8.4.4edit:
unction FindProxyForURL(url,host)
{
return "PROXY 10.122.123.18:3128";
}That points to your proxy on your wan side - not squid running on pfsense.. Can your clients talk to that proxy directly? If so then you don't need squid even running on pfsense.
-
I am sorry, I fixed the dns issue after I posted the ipconfig result. It points to the gateway and not 8.8.8.8 right now.
Well as far as the proxy is concerned, the clients standalone can connect to that particular proxy server and browse the internet but I am trying to avoid the need to configure all of my clients manually. So I am trying to configure squid so that the clients can automatically connect to the proxy with the options set to be configured automatically. The idea is the clients will connect to the pfsense and the pfsense will take out these connections through the proxy server of the network.
One issue could be that the proxy that I have configured in wpad (10.122.123.18) - both the wan side of the pfsense and squid proxy IP points to that. I am not really sure whether I need a different IP for the squid proxy server.
And yes, I am able to download the wpad.dat file when I point to it from my browser. But how do I make my browser download the proxy settings as configured in that particular file everytime I fire up the browser
-
From what proxy are you downloading the file from – your pac file give 10.122 address, while your wpad points to 10.1.2.1 (pfsense)
When a browser is setup to auto detect and it finds a wpad dns record - it well then download the pac file from there..
Dude other than you just giving me control and letting me fix it for you in 2 minutes I don't really now how else to go over this with you… This is basic 101 sort of stuff here ;)
Why do you have so many different threads on this same topic?? Do you forget where your old threads are??
How do your clients connect to the wan proxy your using - are they all manually setup with explicit settings? Why can you not just pull the pac from there, setup wpad or dhcp option 252 to hand out the info for that proxy..
You mention this in your other thread "I cannot configure the LAN interfaces with the same domain as it cannot be found."
What??? You can configure a machine with whatever domain you want -- you showed it your ipconfig /all that the machines are in this wifi domain.
Host Name . . . . . . . . . . . . : Aroosh1
Primary Dns Suffix . . . . . . . : wifi-systems.comSo its doing to do a wpad.wifi-systems.com and try and pull the pac file from there!!! Not your other proxy.. If you want it to pull the pac wpad.dat from your other proxy - then point wpad.wifi-sytems.com to that proxies IP.. If that is where the pac file is housed.
