No internet on fresh install



  • Hello, wil someone help a newbie  :-X

    I have a fresh install PF 2.2.2 and have no internet

    What are the first steps ?

    I already read the troubleshooting on PFsense Doc and internet don't work

    WAN is connected to a DMZ modem with a static adres

    LAN 192.168.1.1 static dhcp ON



  • Did you specify a gateway for your LAN interface?  Can you resolve any names via Diagnostics - DNS Lookup?  Can you ping 8.8.8.8 from Diagnostics - Ping?



  • Your WAN and modem are on different subnets.
    Set your WAN to DHCP.  Maybe that will fix it.  Maybe not.  I have no idea how your modem is configured other than the one address you listed.

    What are you trying to do?
    Explain your network setup with more detail.



  • @KOM:

    Did you specify a gateway for your LAN interface?  Can you resolve any names via Diagnostics - DNS Lookup?  Can you ping 8.8.8.8 from Diagnostics - Ping?

    The LAN IPv4 Upstream Gateway is [none]

    Ping to 8.8.8.8 100% packets lose

    My network setup:

    Modem / router [ not setteble] i work with DMZ and IP binding

    LAN PF sense static IP 192.168.1.1 [DHCP on] (pool 192.168.10 / 192.168.2.100

    in the LAN a WRTG wireless modem [192.168.1.3] in LAN no DHCP

    hope its clear



  • Ok…
    In your original post you said your WAN IP was 192.168.3.254.
    In your last post you said your WAN IP was 192.168.2.104, assigned by DHCP from your non-configurable modem device.

    I'm just trying to get things cleared up.

    What have you tried, other than pinging 8.8.8.8 for troubleshooting your problem?

    Can you ping the LAN interface of your upstream modem?



  • LAN PF sense static IP 192.168.1.1 [DHCP on] (pool 192.168.10 / 192.168.2.100

    If your LAN is on the 192.168.1.0 network, your DHCP pool should be in the same range.  I have no idea what pool 192.168.10 / 192.168.2.100 means unless you made a typo or something.  Your DHCP range should be 192.168.1.10 - 192.168.1.x where x is your upper limit depending on how many IP addresses you need to give out.



  • @KOM:

    LAN PF sense static IP 192.168.1.1 [DHCP on] (pool 192.168.10 / 192.168.2.100

    If your LAN is on the 192.168.1.0 network, your DHCP pool should be in the same range.  I have no idea what pool 192.168.10 / 192.168.2.100 means unless you made a typo or something.  Your DHCP range should be 192.168.1.10 - 192.168.1.x where x is your upper limit depending on how many IP addresses you need to give out.

    Good catch…I didn't see that.

    OP  Post screenshots of your pfSense Status--Interfaces.  Also Services--DHCP Server, LAN tab. 
    Those will be helpful to all in diagnosing your issue.



  • Good catch…I didn't see that.

    Just as I didn't initially notice that his WAN IP address was a different subnet than his modem until you pointed it out, and I kicked myself for missing something so obvious.  When you look at the problems of a dozen+ people per day with various degrees of detail, you start to get tired and miss obvious things.  Especially on Friday.  Time for a beer.



  • @KOM:

    Time for a beer.

    That's the best idea I've seen all day.



  • @KOM:

    LAN PF sense static IP 192.168.1.1 [DHCP on] (pool 192.168.10 / 192.168.2.100

    If your LAN is on the 192.168.1.0 network, your DHCP pool should be in the same range.  I have no idea what pool 192.168.10 / 192.168.2.100 means unless you made a typo or something.  Your DHCP range should be 192.168.1.10 - 192.168.1.x where x is your upper limit depending on how many IP addresses you need to give out.

    im sorry for confusion , agian:

    PF box WAN DHCP

    PF box LAN 192.168.2.1 static  DHCP on pool is [192.168.2.10 / 192.168.2.100

    (a jet changed the LAN from 192.168.1.1 tot 192.168.2.1 now the are in the same subnet)

    i send some pictures (sreenshots ;-)



  • OK, many things are wrong here.

    1. You cannot have WAN and LAN on the same subnet.  If WAN is on 192.168.2.0, LAN must be something other than 192.168.2.x.
    2. You are supplying an incorrect gateway to your users via DHCP.  The gateway for them is your pfSense LAN IP address.

    So…

    If WAN is 192.168.2.x, configure your LAN for 192.168.3.1.  Make your DHCP range 192.168.3.10-.100 with a gateway of 192.168.3.1.



  • @KOM:

    OK, many things are wrong here.

    1. You cannot have WAN and LAN on the same subnet.  If WAN is on 192.168.2.0, LAN must be something other than 192.168.2.x.
    2. You are supplying an incorrect gateway to your users via DHCP.  The gateway for them is your pfSense LAN IP address.

    So…

    If WAN is 192.168.2.x, configure your LAN for 192.168.3.1.  Make your DHCP range 192.168.3.10-.100 with a gateway of 192.168.3.1.

    Thx , i changed it like this

    • Ping is working [but no internet]

    PING 8.8.8.8 (8.8.8.8): 56 data bytes
    64 bytes from 8.8.8.8: icmp_seq=0 ttl=59 time=29.493 ms
    64 bytes from 8.8.8.8: icmp_seq=1 ttl=59 time=30.070 ms
    64 bytes from 8.8.8.8: icmp_seq=2 ttl=59 time=30.417 ms

    –- 8.8.8.8 ping statistics ---
    3 packets transmitted, 3 packets received, 0.0% packet loss
    round-trip min/avg/max/stddev = 29.493/29.993/30.417/0.381 ms

    • DNS lookup is working [stil no internet] see sreenshot

    • Did the next test and everyting was ok

    est if the client can ping the LAN IP of the firewall

    - If this fails, check the LAN rules, client IP/subnet mask, LAN IP/subnet mask, etc.

    Test if the client can ping the WAN IP of the firewall

    - If this fails, check the client's subnet mask and gateway

    Test if the client can ping the WAN Gateway IP of the firewall

    - If this fails, check the client's subnet mask and gateway, and double check Outbound NAT on the firewall

    Test if the client can ping an Internet host by IP address (e.g. 8.8.8.8)

    - If this fails, check the client's subnet mask and gateway, and triple check Outbound NAT on the firewall

    Test if the client can ping an Internet host by Host name (e.g. www.google.com)

    - If this fails, check the client's DNS settings, and/or the DNS Forwarder on the firewall (Services > DNS Forwarder, Diagnostics > DNS Lookup)



  • In your DHCP definition you need to specify the DNS servers for your DHCP clients to use.  Give it the LAN IP address.  Notice in your 4th screencap that your DNS Servers list is empty?



  • @KOM:

    In your DHCP definition you need to specify the DNS servers for your DHCP clients to use.  Give it the LAN IP address.  Notice in your 4th screencap that your DNS Servers list is empty?

    i fill in LAN ip and DNS servers

    The PC say's i have internet , but my browser is not working



  • @KOM:

    In your DHCP definition you need to specify the DNS servers for your DHCP clients to use.  Give it the LAN IP address.  Notice in your 4th screencap that your DNS Servers list is empty?

    Wow , internet is working and i can see pages !!  ;D

    I think the DNS was the last bottleneck.

    Now i have opend al my ports on the firewall , i think thats no good idea.

    What are the normal setting for firewall ?



  • What are the normal setting for firewall ?

    what do you want to do with the firewall?

    If you want to block websites or social https sites use http://www.tcpiputils.com/ and block it though the LAN tab

    If you want to block blacklisted IP use the package pfblockerNG

    If you want to open ports to port forward use NAT section


  • Netgate

    If you have any rules on WAN delete them all.

    You need rules on LAN to be able to get out to the internet.



  • THX very much everybody !!

    Internet is working

    nice weekend



  • @Soonie:

    THX very much everybody !!

    Internet is working

    nice weekend

    Ok internet works perfect now !

    Now i see in the firewall logfile WAN block a UDP rule , what can i do ? make a rule ? or ignore this ?



  • That's SSDP/UPnP from your ZTE router.
    http://en.wikipedia.org/wiki/Simple_Service_Discovery_Protocol

    Just ignore it.