Vanilla install PFSense Business Test – no internet
-
When outbound NAT is set to automatic, no rules are listed. That should be fine.
However, I noticed that DNS is not a default configuration. So its not vanilla.
What else did you change?
-
When outbound NAT is set to automatic, no rules are listed. That should be fine.
My ignorance since I only use manual outbound.
-
Me too - I stopped using automatic a while ago.
But I think for 1 wan, one lan, just testing basic features automatic might be best.
-
My ignorance since I only use manual outbound.
Confusingly if you switch to manual and then back to automatic the the rules remain. ;) But, yes, showing no rules when set to automatic is the expected behaviour. I would always recommend using automatic unless you really need to use manual. In 2.2 there is a hybrid mode which is much better.
You have an IPv6 gateway on WAN and it's not working, probably because your ISP doesn't support IPv6. If that is set as default then this could be at least part of your problem. It would explain why the pfSense box cannot check for updates.
What does your System: Routing: Gateways: screen show? Which is default?You can probably just set the IPv4 gateway as default there and it will work. However unless you're using IPv6 you should go to the WAN setup and set the IPv6 config type to 'none', then remove the gateway from the System: Routing:
Steve
-
OK kejianshi to clean up i chose Option 4 "Reset to factory defaults" went through the start up process chose no VLANs added nfe0 as WAN & nfe1 as LAN then through start up wizard through GUI or left as default. Everything sweet? LAN machines picked up DHCP address WAN has IP. Also removed IPv6 as suggested. still NOTHING!!
so frustrating…
The modem i have is a netgear DG632 set up in "bridge" mode or RFC1483 modem does nothing but pass traffic. Plugged into my ASA as previously mentioned doing the same, it works fine no issues.If you are suggesting vanilla config works out of the box this doesnt seem to be the case for me. new setup pics attached
-
I would like you to do a couple of things.
1. go to diagnostics > ping
2. enter 8.8.8.8 as host
3. select source address LAN
click ping
If it works, let me know.
if not, select source address WAN
Try again. Click ping.
Let me know what happens
(Checking to see what pfsense can see without any client firewall complications)
If your install is truly a default install, and your pfsense can't ping out, I'd be wanting to check for bad cables or incapability between modem NIC and pfsense NIC (hardware).
I might consider using an old intel NIC as WAN for test. Just so you know, your experiences are way in the minority.
-
Yes test from the pfSense box to determine where the problem is.
Is it still reporting 'unable to check for updates'?
I noticed that in your earlier screen shots you have a the results of some pings from what I assume is a LAN side Windows box. There you are able to ping 173.194.33.167 (google) but not 8.8.8.8 (also a google address). Try that address from the pfSense diagnostic screen too. Also try to ping by URL from the pfSense box to check if you have DNS. Try your WAN gateway address.Having some sort of partial connectivity is a very different scenario to having no connectivity at all.
One thing that occasionally comes up when using DHCP WAN is that FreeBSD, and hence pfSense, sticks firmly to rules laid out in the protocol specs. Many other OSes do not. For example when using DHCP the supplied gateway must be in the same subnet as the supplied IP address. Unfortuantely there are many ISPs who seem to ignore the specs and supply a gateway outside the subnet. pfSense will correctly report 'cannot add gateway - no route' in it's logs and you'll have no connectivity. A Windows or Linux box in this same setup will ignore this invalid configuration and allow the traffic. Thus we often see reports of 'it works just fine with my other router'. I don't think this exact scenario is your problem (I can't be sure because you've redacted the IP) because your WAN gateway is shown as UP so it's pingable. Something similar may be happening.
Even though you've removed the IPv6 settings you might want to try this:
https://doc.pfsense.org/index.php/Controlling_IPv6_or_IPv4_Preference
That can prevent the box checking for updates but doesn't usually stop general connectivity from LAN.Check the system logs.
Steve
-
Something that may have already been tried, but I did not see listed in the notes, a reboot of the modem ?
-
This is a straight DSL with DHCP? No PPPoE username/pw required?
Can you check the ASA config and verify how the outside interface is configured? If you plug a laptop directly into the DSL modem, do you get a public IP and can you browse out? -
Thank you ALL for your assistance. I managed to get things working by swapping out the Netgear DG632 that was in bridge mode. I had lying around a Cisco 827 i put this into RFC 1483 as according to Cisco site with PFSense handling username/pass and away things went. Im not sure why the Netgear didnt work as it did handle fine for ASA in place. Eitherway, I'm up & running and keen to understand the benefits of PFSense. Again thanks for help & suggestions. :)
-
Enjoy (-;
