Adding new WAN Connection - Ping Yes, Use No
-
I am adding a second WAN port (Verizon connection) to an existing PFSense installation.
The Network looks like this:
173.xxx.xxx.133
_____________
173.xxx.xxx.134 | |
–-- Comcast ---- | em0 | ____________________
| | | |
| pfsense em1|-------- LAN -------| PC @ 192.168.1.135 |
| | 192.168.1.1 |____________________|
---- Verizon ---- | ue0 |
10.1.1.1 |_____________|
10.1.1.10-
I have my interface and gateway added and routes to allow traffic. The gateway monitor for the new interface is set to 8.8.4.4 and shows green on Status –> Gateways page.
-
I can ping from the LAN side all the way to the GW 10.1.1.1 address, but I can't get webGUI of the gateway router connected there.
-
If I move my PC to the 10.1.1.x network I can log into the webGUI.
What am I missing in my config? What would you look at/for?
Thanks,
a very frustrated padapa
-
-
are you missing NAT on the new wan?
-
I would think if NAT wasn't working, I wouldn't be able to ping the 10.1.1.1 gateway address???
Applied to the LAN interface I have a new rule that looks like this:
https://www.dropbox.com/s/b1f260jxswvlzbm/Firewall%20-%20Rule%20-%20LAN%202015-11-06%20at%2012.55.56%20PM.png?dl=0and in the outbound NAT setting I have this:
I am preparing to send all 166.0.0.0 traffic out the new port, once it's working.
Heper, what else can I show you so you can help me see the issue?
padapa
-
are you missing NAT on the new wan?
So where do I check that?
BTW… I can ping out to the next IP interface on the front of the Verizon path (10.10.1.1), but can't see it's webgui either??? >:(
If I do a traceroute to a public address like 166.xxx.xxx.125 it fails to see beyond the path to 10.1.1.1 and 10.10.1.1... like this:
traceroute 166.xxx.xxx.125
traceroute to 166.xxx.xxx.125 (166.xxx.xxx.125), 64 hops max, 52 byte packets
1 10.1.1.1 (10.1.1.1) 3.967 ms 3.045 ms 3.038 ms
2 10.10.1.1 (10.10.1.1) 9.783 ms 4.958 ms 4.836 ms
3 * * *
4 * * *
5 * * *If I traceroute on the Verizon interface, I see the following: (So I know the outbound path is working correctly.)
traceroute 166.xxx.xxx.125
traceroute to 166.xxx.xxx.125 (166.xxx.xxx.125), 64 hops max, 52 byte packets
1 my.jetpack (10.10.1.1) 144.029 ms * 3.016 ms
2 241.sub-66-174-12.myvzw.com (66.174.12.241) 47.605 ms 40.756 ms 39.191 ms
3 244.sub-69-83-28.myvzw.com (69.83.28.244) 35.273 ms 44.141 ms 36.294 ms
4 17.sub-69-83-28.myvzw.com (69.83.28.17) 41.110 ms 37.837 ms 46.419 ms
5 170.sub-69-83-28.myvzw.com (69.83.28.170) 33.923 ms 37.562 ms 30.134 msAny more ideas?
padapa
-
I was checkin the system logs and found this: kernel: arpresolve: can't allocate llinfo for 10.1.1.1 on ue0
ue0 is my new wireless WAN connection. It is a USB to Ethernet adapter…
I can ping all the way out to public addresses, but I still can't use port 80/443 for webGUI access to anything?
Any Ideas??? Anyone!
-
You need an additional outbound NAT rule to get traffic for the gateway router UI originating from the correct subnet.
| Interface: | USB_VZN_WWAN |
| Protocol: | any |
| Source: | any |
| Destination: | Network: 10.1.1.1/32, Port:<leave blank=""></leave> |
| Translation: | Address: Interface address, Port: <leave blank="">, Static port:</leave> |You might have to make this rule higher priority (i.e. above) the automatically created rule to get everything working correctly.