Internet config help



  • Hi there,

    Im migrating from DD-WRT to Pfsense in my home network.

    Due to my slightly complicated internet access Im having a hard time getting it to work.

    Basically my service is an IPTV bundle(Internet, VoIP(landline phone), IPTV) and my ISP sends that over 2 Vlans (Vlan10 is internet and Vlan12 for VoIP/IPTV) with PPPoE authentication. Although we will only bother with VLan10 since I handle Vlan12 with a smart switch before pfsense. My internet connection uses a dynamic IP btw.

    Interface wise:
    re0 is lan
    re1 is wan
    re2 is lan2 not being used atm.

    I managed to get the Vlan to work and authenticate grabbing an external IP but nothing on the network, including PFSense, has internet access.

    Here is my configs so far:










    Any idea what is wrong?

    Thanks.



  • The interface tabs control what leaves the interface so your rules should be on your LAN and LAN2 tabs.  Get rid of those last 5 WAN rules.  Create a rule on LAN (or LAN2 depending on which interface your connected to) that allows All from Source * to Destination *.



  • @KOM:

    The interface tabs control what leaves the interface so your rules should be on your LAN and LAN2 tabs.  Get rid of those last 5 WAN rules.  Create a rule on LAN (or LAN2 depending on which interface your connected to) that allows All from Source * to Destination *.

    Ok, I have those rules on. Im trying to get this to work for a week already so I got to the point of allow all in all interfaces although I know that some of them arent needed and wont stay like this at the end. Specially the wan one lol.



  • Just to get it initially working, create one single LAN rule that looks like rule 4 in your WAN rules above.  Basically allow everything on LAN to go anywhere using any protocol.  Once you get your access problems solved, then you can worry about inter-LAN rules if required.



  • @KOM:

    Just to get it initially working, create one single LAN rule that looks like rule 4 in your WAN rules above.  Basically allow everything on LAN to go anywhere using any protocol.  Once you get your access problems solved, then you can worry about inter-LAN rules if required.

    Exactly, but like that I said, I have the firewall completely open on all interfaces to try troubleshoot the issue:




  • Any chance you could do a simple diagram of how this is all connected?

    The fact that you can get an external IP is a good sign, but if you're using VLANs, the device connection requirements can be a little more complicated than otherwise.

    A diagram will help make sure we're all on the same page.



  • @divsys:

    Any chance you could do a simple diagram of how this is all connected?

    The fact that you can get an external IP is a good sign, but if you're using VLANs, the device connection requirements can be a little more complicated than otherwise.

    A diagram will help make sure we're all on the same page.

    This?



  • What happens if you take all the extra gear out of the equation and simply connect pfSense WAN to your ONT?



  • @KOM:

    What happens if you take all the extra gear out of the equation and simply connect pfSense WAN to your ONT?

    PFsense receives both VLans (10 and 12).

    The ISP sends 2 VLans and I cant do anything about it. The switch is just a easy way to handle the Vlan12 by sending it to the ISP router for TV and Voip, the only thing I use it for.



  • Does it have Internet access at this point?



  • @KOM:

    Does it have Internet access at this point?

    I havent tested but I dont understand your question and how would that differ from my current setup.

    Either way its gona receive Vlan 10 with internet and that will have to be handled some way.
    I will be changing 1 of the network adapters today on my PFSense box so I will reset it to default. I will test what you are asking although I dont understand what for.



  • I havent tested but I dont understand your question and how would that differ from my current setup.

    I asked you to remove the extraneous gear and then I asked if you now had Internet access.  The point of the question was to determine if your switch was causing you grief by seeing if your connectivity problems magically went away.

    I don't have an PPPoE experience and there must be something about your setup that I'm not understanding so I'll just bow out at this point.  Hope you get it working.



  • Your setup looks basically correct, and as I said before the fact that you get what looks like an external address is a good sign.

    I don't have a PPPoE setup either, but I can make some suggestions for troubleshooting:

    Have you rebooted the ONT and/or attached Smart Switch ?
    Changing out the dd-wrt device presents a "new" WAN Mac address to the setup that needs to be recognized.
    Bit of a long shot, but simple to test.

    If you put the DD-WRT back into the setup, does it work properly?
    Hopefully yes, so you can verify that nothing has changed at your ISP end.

    For debugging your pfSense setup I would take a backup of your current config (Diagnostics->Backup/Restore, click on Download Configuration) for safekeeping.
    Next I would reset to Factory Defaults (Diagnostics->Factory Default) to get to a clean setup.
    Make the absolute minimal changes to a clean start to allow the box to get an external IP:  Changes to the WAN interface for PPPoE.

    Make sure you get an external IP before you test/change LAN connections.
    It might be helpful if you can get to the physical console of the box.
    From the console menu you can press "8" to get a command shell and try some "ping" commands to try and reach the internet.
    Type "ping 8.8.8.8" then "ping google.com" (Ctrl-C stops the ping command) to see if you can talk to the internet at all.
    Doing this from the console gets you as "close" to your internet connection as possible without the layers required to make a normal PC work.

    If you can get to the outside from here, move back to the GUI and make sure you add only 1 firewall rule (if necessary) to allow all traffic on the LAN tab.
    Try a single PC to see if it will get a LAN address and talk to the internet.

    If you work at this one step at a time, you have a chance to solve the problem and we can help as much as possible when you limit the initial changes from a default setup.

    Once you have a working setup we can try and bring back the changes you need from the previous config.



  • @divsys:

    Your setup looks basically correct, and as I said before the fact that you get what looks like an external address is a good sign.

    I don't have a PPPoE setup either, but I can make some suggestions for troubleshooting:

    Have you rebooted the ONT and/or attached Smart Switch ?
    Changing out the dd-wrt device presents a "new" WAN Mac address to the setup that needs to be recognized.
    Bit of a long shot, but simple to test.

    If you put the DD-WRT back into the setup, does it work properly?
    Hopefully yes, so you can verify that nothing has changed at your ISP end.

    For debugging your pfSense setup I would take a backup of your current config (Diagnostics->Backup/Restore, click on Download Configuration) for safekeeping.
    Next I would reset to Factory Defaults (Diagnostics->Factory Default) to get to a clean setup.
    Make the absolute minimal changes to a clean start to allow the box to get an external IP:  Changes to the WAN interface for PPPoE.

    Make sure you get an external IP before you test/change LAN connections.
    It might be helpful if you can get to the physical console of the box.
    From the console menu you can press "8" to get a command shell and try some "ping" commands to try and reach the internet.
    Type "ping 8.8.8.8" then "ping google.com" (Ctrl-C stops the ping command) to see if you can talk to the internet at all.
    Doing this from the console gets you as "close" to your internet connection as possible without the layers required to make a normal PC work.

    If you can get to the outside from here, move back to the GUI and make sure you add only 1 firewall rule (if necessary) to allow all traffic on the LAN tab.
    Try a single PC to see if it will get a LAN address and talk to the internet.

    If you work at this one step at a time, you have a chance to solve the problem and we can help as much as possible when you limit the initial changes from a default setup.

    Once you have a working setup we can try and bring back the changes you need from the previous config.

    Hi there,

    Last night I decided to reset PFSense to defaults and try to do as little changes as possible but the issue remains. After I get the wan working I can ping my ISP gateway and ISP DNSs and that is it, nothing else. I tried with either the switch between or directly to the ONT and I get the exact same result.

    I havent tried with DD-WRT but last time I tried I didnt manage to get internet either, was the same issue which is weird that only started to happend.

    I'm considering contacting my ISP although I bet they will give 0 craps about it since they just dont care. They will tell me to use their garbage router that crashes every other day. Oh well, lets see.

    Thanks for the tips everyone.



  • Im getting desperate and super sad. Nothing seems to work this last 2 weeks with me.

    So, I pretty much gave up on the proper way I wanted to do it, which was having PFSense straight to the ISP. Since I cant get that to work after 2 freaking weeks, I gave up and tried to setup my ISP router with DMZ to PFSense so that way PFSense would control almost everything anyway.

    To my surprise not even that crap is working and leaving me really angry about everything to be honest.

    So the setup:

    ISP Router:
    IP: 192.168.1.254 (default)DHCP Enabled (192.168.1.50 - 192.168.1.200)

    PfSense:
    Wan: DHCP from ISP router (it got 192.168.1.64)
    Lan: 10.20.10.100 (DHCP enabled PfSense 10.20.10.150 - 10.20.10.200)

    Everything works fine except subnet communications.

    Pings:
    pfsense Wan port –--> 8.8.8.8 success
    pfsense default -----> 8.8.8.8 Host not found
    PC (10.20.10.150) ---> 8.8.8.8 Host unreachable
    PC (10.20.10.150) ---> 10.20.10.100 Success
    PC (10.20.10.150) ---> Another PC 10.20.10.130 Success
    PC (10.20.10.150) ---> Wan Port (192.168.1.64) Host Unreachable
    PC (10.20.10.150) ---> Non Existing PC 10.20.10.170 Host Unreachable

    Please please help me, I got to such a block that I just want to burn everything and not use anything at this point.

    Thanks,
    Ralms.



  • It's not that nobody cares, I think this is just one of the craziest internet setups I have ever seen. It is the combo of the VLANs plus the PPPoE that really sends it over the top….



  • @router_wang:

    It's not that nobody cares, I think this is just one of the craziest internet setups I have ever seen. It is the combo of the VLANs plus the PPPoE that really sends it over the top….

    Is not like I had an option on that. But, its a lot simpler than people think about it.

    People that dont use either of them, pppoe or vlans, seems to always freak out for some reason.

    Anyway, Im trying to setup pfsense without any of those and still cant get it to work which is super frustrating. Do you have any idea what might be causing the issue now?



  • Ok, so I left PFSense connected to my ISP router all night.

    Today I go check on it and its working.

    Most likely it was PFSense taking 2 centuries to update the routing table.

    Thank you to everyone with their tips even though we didn't achieve the intended result :)


Log in to reply