Strange behavior with PPPoE
-
Hello,
I've got a pretty odd setup network-wise and was wondering if anyone could shed some light on what may be going on with my network.
First off I'm on a DSL connection with a C1000a modem set to pass though mode. We than pass though a point to point 5 Ghz wireless link to the Pfsense 2.2.2 firewall. The PF box does the PPPoE.
Both the Linux and Apple DHCP clients work like they should. All windows DHCP clients cannot access the internet.
The strange thing is it works fine with an old WRT router with Tomato firmware. The PPPoE login is done on the Tomato. I've tried just about every setting, reinstalled on two completely different servers, re-downloaded PF than reinstalled and switched out several nic cards ect.
If I set the windows clients to static they work.
Thanks, Eric
-
something more to that than Windows vs. Linux and Apple. Compare what IPs they're getting, what gateway, what DNS, etc. Maybe some happen to be hitting some rogue DHCP server, or there must be some other diff.
-
All are getting the same IP for the gateway, DHCP server, DNS ect. This box stock PFsense build. I can even plug in a windows client via cat5 right to the pf box with the same results so no rouge DCHP server. This is with every Windows client on the network. So its not just this one client.
-
That eliminates some possibilities. Need to narrow down the specific cause further. From the Windows clients:
- Can you ping the LAN IP?
- can you ping an IP on the Internet, like 8.8.8.8?
- can you ping a hostname on the Internet, say google.com?
-
I cannot ping the LAN IP 192.168.1.1 , Google's DNS 8.8.8.8 nor can I ping www.google.com. Both my Linux and Windows clients get the same subnet mask, default Gateway, and DNS information from Pfsense's DHCP server. I can however ping all three with my any non windows computer/smart phone.
-
On an affected Windows client, run "arp -a" from a command prompt after attempting a ping that fails. Does it show a MAC there for 192.168.1.1? If so, compare it to your LAN NIC's MAC from Status>Interfaces.
-
The more I look into this the more I think it might be an IPv6 issue but even after I unchecked the "IPv6 checkbox" and do a restart I still cannot ping the firewall (192.168.1.1)
Microsoft Windows [Version 6.1.7601]
Copyright
2009 Microsoft Corporation. All rights reservC:\Users\Lenovo>ipconfig
Windows IP Configuration
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . : localdomain
IPv4 Address. . . . . . . . . . . : 192.168.1.119
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1Tunnel adapter isatap.localdomain:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : localdomainTunnel adapter Teredo Tunneling Pseudo-Interface:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :C:\Users\Lenovo>ping 192.168.1.1
Pinging 192.168.1.1 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.Ping statistics for 192.168.1.1:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),C:\Users\Lenovo>
Here is the output from the command line on one of the windows clients with the IPv6 check box enabled
Windows IP Configuration
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . : localdomain
Link-local IPv6 Address . . . . . : fe80::6405:72d0:85de:df8f%11
IPv4 Address. . . . . . . . . . . : 192.168.1.119
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : fe80::211:43ff:fed8:e531%11
192.168.1.1Tunnel adapter isatap.localdomain:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : localdomainTunnel adapter Teredo Tunneling Pseudo-Interface:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :Linux output...
eth0 Link encap:Ethernet HWaddr removed
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:19lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:2210 errors:0 dropped:0 overruns:0 frame:0
TX packets:2210 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:183149 (183.1 KB) TX bytes:183149 (183.1 KB)wlan0 Link encap:Ethernet HWaddr removed
inet addr:192.168.1.104 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::fef8:aeff:fe02:cd6c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:13795 errors:0 dropped:0 overruns:0 frame:0
TX packets:10808 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:8214912 (8.2 MB) TX bytes:1810484 (1.8 MB) -
Ping statistics for 192.168.1.1:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss)C:\Users\Lenovo>arp -a
Interface: 192.168.1.119 –- 0xb
Internet Address Physical Address Type
192.168.1.1 48-f8-b3-5a-f6-a6 dynamic
192.168.1.31 00-0f-7c-0b-2f-fd dynamic
192.168.1.32 00-0f-7c-0b-30-bf dynamic
192.168.1.33 00-0f-7c-0b-30-b2 dynamic
192.168.1.35 00-0f-7c-0a-fc-6f dynamic
192.168.1.38 00-0f-7c-0a-fc-70 dynamic
192.168.1.40 00-0f-7c-0b-30-ab dynamic
192.168.1.41 00-0f-7c-0b-30-03 dynamic
192.168.1.255 ff-ff-ff-ff-ff-ff static
224.0.0.22 01-00-5e-00-00-16 static
224.0.0.252 01-00-5e-00-00-fc static
239.255.255.250 01-00-5e-7f-ff-fa static
255.255.255.255 ff-ff-ff-ff-ff-ff staticC:\Users\Lenovo>
-
The Pfsense's LAN mac is:
fc:f8:ae:02:cd:6c
-
The Pfsense's LAN mac is:
fc:f8:ae:02:cd:6c
Not good! Plug in a cable. Turn off the wifi. Try again.
P.S. Can you please use the CODE tags? This really is painful to read.
-
I lie, I got the mac from "insert local mac" thinking that it would insert it's local mac… Not my clients mac address.
I got the correct PfSense's LAN mac though "status_interfaces"
00:11:43:d8:e5:31
Sorry about the mix up.
-
That still does NOT match!
192.168.1.1 48-f8-b3-5a-f6-a6 dynamicRe-read the previous post.
-
The Pfsense's LAN mac is:
fc:f8:ae:02:cd:6c
Not good! Plug in a cable. Turn off the wifi. Try again.
P.S. Can you please use the CODE tags? This really is painful to read.
The results are the same even if I plug the cilint right into the back of the Pfsense firewall. Sorry I will use the code blocks.
-
Turn OFF the wifi. Look, you cannot have a computer connected to two different pieces of equipment with the same IP.
48:F8:B3 Cisco-Linksys, LLC - what's that?
-
48:F8:B3 Cisco-Linksys, LLC - what's that?
That is a hidden DHCP server is what that is! Strange that it worked with the Tomato but not pfsense. That part really though me for a loop! I would have be my life that I check all the switches for such before I started. Guess I missed one.
I really appreciate you guys walking me though this. Could I send ether/both of you a case of beer?