Installed Pfsense but doesn't work



  • Hello.

    I'm wondering if someone could help me. I can not access the web interface of pfsense. Yesterday i installed Pfsense with the following setup:

    Modem -> Pfsense -> Router -> Computer

    Pfsense with onboard + Intel Dual MT Pro 1000 NIC w. Asus RT-AC66U

    Port 1: WAN with DHCP
    Port 2: LAN with 192.168.1.1 (IP range 192.168.1.3 - 192.168.1.254)
    Port 3: Optional LAN

    Made sure everything is plugged correctly, changed router IP to 192.168.1.2 so it doesn't interfere with the pfsense IP. Turned off DHCP on router(Changed to AP mode), made sure Pfsense is connected to LAN on router.

    I cannot access the WebConfigurator at all, my next step will be to see if it works without a router connected.

    Might be a stupid mistake i've been missing, can anyone tell from what i've been writing what has gone wrong?

    Regards,
    Deaven



  • @Deaven:

    Port 2: LAN with 192.168.1.1 (IP range 192.168.1.3 - 192.168.1.254)

    Made sure everything is plugged correctly, changed router IP to 192.168.1.2 so it doesn't interfere with the pfsense IP.

    If your router IP is 192.168.1.2, then this implies your WAN address is in the 192.168.1.x range - which is the same as your LAN address range. The WAN and LAN address blocks have to be different in order for your routing and general firewall functionality to work properly. Change your LAN address block to something like 172.16.1.x - something completely different from the WAN - and see if that helps.



  • @muswellhillbilly:

    If your router IP is 192.168.1.2, then this implies your WAN address is in the 192.168.1.x range - which is the same as your LAN address range. The WAN and LAN address blocks have to be different in order for your routing and general firewall functionality to work properly. Change your LAN address block to something like 172.16.1.x - something completely different from the WAN - and see if that helps.

    Hello.

    Thanks for the answer.

    It didnt help changing the LAN address. My WAN IP starts with 92, which my friend thought was wierd. Also he was saying the modem had to be in bridged mode, and the WAN ip then should start with 81.
    I have a feeling it's something with the modem that is wrong right even though Modem -> Router works perfectly with the same WAN IP. Also i can add that my computer gets unidentified network when connected(correctly in my opinion, but obviously something wrong)



  • Instead of making us guess, perhaps you could post screenshots of your WAN and LAN interface details (Interfaces - WAN, LAN).  If WAN is DHCP, please post it's assigned IP address.


  • LAYER 8 Netgate

    My WAN IP starts with 92, which my friend thought was wierd.

    92 or 192.168? Details matter here.

    Also he was saying the modem had to be in bridged mode, and the WAN ip then should start with 81.

    It doesn't have to be but it's generally better to bypass all routing functionality in your modem (bridge mode) and let pfSense get a public IP address directly from the ISP.

    Turned off DHCP on router(Changed to AP mode)

    This likely means that pfSense cannot pull a DHCP address on WAN at all.

    Your best bet is to turn off everything in the modem (wireless AP, etc) and put it in bridge mode.  If you do that, it'll all just work unless you've click-clicked around and broke it, in which case just restore to factory and reboot or reinstall.



  • @Derelict:

    92 or 192.168? Details matter here.

    92 it is

    @Derelict:

    It doesn't have to be but it's generally better to bypass all routing functionality in your modem (bridge mode) and let pfSense get a public IP address directly from the ISP.

    The box doesn't have any wireless capabilites, does it matter then? If yes i might need to make a call to the provider.

    @Derelict:

    This likely means that pfSense cannot pull a DHCP address on WAN at all.

    I thought i was supposed set DHCP on the pfSense and instead disable it on the router, because there is no router between the pfSense and the "Modem"/"Fiber Box"

    @Derelict:

    Your best bet is to turn off everything in the modem (wireless AP, etc) and put it in bridge mode.  If you do that, it'll all just work unless you've click-clicked around and broke it, in which case just restore to factory and reboot or reinstall.

    The "Modem as i call it is a box where the fiber is connected to on the wall where PC, Phone, TV and everything goes out from. It doesnt have any wireless capabillites. I also do not have any controls on that box. I guess "Modem" is not exactly the right word for it but i couldn't find any other word in english to explain it.


  • LAYER 8 Netgate

    OK then you're getting a public IP address on WAN. Good.

    Can pfSense itself resolve names and get out?

    Diagnostics > DNS Lookup try www.google.com

    Diagnostics > Ping try 8.8.8.8

    I didn't notice that you had a "Router" behind pfSense. Let's figure out whether pfSense WAN is working then worry about your "Router."

    Get rid of the router and plug your workstation directly into pfSense. See if you can bring up the webgui then.



  • I thought the problem you had was with accessing the management page internally. Or am I missing something? Looking at the basic info you've provided, I'm not sure why you have your router sitting between your firewall and your client(s), unless by 'router' you mean 'switch'?

    @KOM:

    Instead of making us guess, perhaps you could post screenshots of your WAN and LAN interface details (Interfaces - WAN, LAN).  If WAN is DHCP, please post it's assigned IP address.

    Might be worth doing as KOM asked originally and posting some screenshots or even a proper network diagram showing your layout.



  • @Deaven:

    Made sure everything is plugged correctly, changed router IP to 192.168.1.2 so it doesn't interfere with the pfsense IP. Turned off DHCP on router(Changed to AP mode), made sure Pfsense is connected to LAN on router.

    I cannot access the WebConfigurator at all, my next step will be to see if it works without a router connected.

    Might be a stupid mistake i've been missing, can anyone tell from what i've been writing what has gone wrong?

    Regards,
    Deaven

    On an Asus router set to AP mode, you connect it's WAN port to the LAN section of your primary router. Also, do a check for updated firmware. Some of their initial release firmware can be incredibly flaky.

    There are some finicky checks for internet access on WAN that the Asus firmware does which interferes with the access through it when there is no internet connectivity on WAN when it powers up.



  • Hello.

    Good news, i've come further!

    I can now access the webconfigurator through both router and directly from pfSense, but i do not get any internet connection.

    Here is something:

    • I do not get any connection when connected Modem -> pfSense -> Router -> Client

    • I do not get any connection when connected Modem -> pfSense -> Client

    • I cannot ping google from the pfSense computer

    Onboard ethernet port is now running WAN with DHCP(92.xxx..), and the 1st port on the Intel NIC is running LAN with 192.168.1.1 and DHCP(192.168.1.10 - 192.168.1.254) while the other one is optional.

    WAN IP from modem is public.


  • LAYER 8 Netgate

    @Deaven:

    • I cannot ping google from the pfSense computer

    Can you not ping 8.8.8.8 or can you not ping www.google.com? There's a difference.



  • @Derelict:

    @Deaven:

    • I cannot ping google from the pfSense computer

    Can you not ping 8.8.8.8 or can you not ping www.google.com? There's a difference.

    I couldn't ping any of them.

    Anyways i ended up getting my friends config file and uploaded it on mine.. And suddenly ended up with internet connection.

    Do you have any idea what might have went wrong?


  • LAYER 8 Global Moderator

    without seeing what your config was no..

    pfsense works out of the block clickity clickity..  The base will just work, so where you adjusting stuff?  Common issue is even though pfsense never asks for it, and even when you setup IP lan interface with cli it says [none for lan] common problem is users put a gateway on their lan interface..  Pointing to itself sometimes, pointing to the wan, etc. etc..

    I would have to say this is the most common issues with the clickity clickity install that users mess up.



  • @johnpoz:

    without seeing what your config was no..

    pfsense works out of the block clickity clickity..  The base will just work, so where you adjusting stuff?  Common issue is even though pfsense never asks for it, and even when you setup IP lan interface with cli it says [none for lan] common problem is users put a gateway on their lan interface..  Pointing to itself sometimes, pointing to the wan, etc. etc..

    I would have to say this is the most common issues with the clickity clickity install that users mess up.

    I see.

    It doesn't work when i'm connected to the LAN port on the Asus router, i have to connect the pfSense to the WAN port(atleast with this setup).

    Also if i disable DHCP on router it doesn't give out any IP address when using Wifi, but cable works.. Is this common?


  • LAYER 8 Netgate

    How are we supposed to troubleshoot your ASUS router?

    Yes, it's common for people to screw up your type of install.



  • @Derelict:

    How are we supposed to troubleshoot your ASUS router?

    Yes, it's common for people to screw up your type of install.

    It was just a statement incase someone have had a similar problem and knew what it is.

    I believe the reason why i have to have it connected to the WAN port, and also have the DHCP on for WiFi users is because its currently in Wireless mode and not in AP..



  • Buy a switch. Stick ASUS(APmode) in switch, stick Computer(s) in switch. Put switch in pfSense(LAN). Connect pfSense(WAN) to MoDem…



  • @hda:

    Buy a switch. Stick ASUS(APmode) in switch, stick Computer(s) in switch. Put switch in pfSense(LAN). Connect pfSense(WAN) to MoDem…

    I'm fully aware that this works, but thanks for the tips! :)



  • @Deaven:

    Hello.

    I'm wondering if someone could help me. I can not access the web interface of pfsense. Yesterday i installed Pfsense with the following setup:

    Modem -> Pfsense -> Router -> Computer

    Pfsense with onboard + Intel Dual MT Pro 1000 NIC w. Asus RT-AC66U

    Port 1: WAN with DHCP
    Port 2: LAN with 192.168.1.1 (IP range 192.168.1.3 - 192.168.1.254)
    Port 3: Optional LAN

    Made sure everything is plugged correctly, changed router IP to 192.168.1.2 so it doesn't interfere with the pfsense IP. Turned off DHCP on router(Changed to AP mode), made sure Pfsense is connected to LAN on router.

    I cannot access the WebConfigurator at all, my next step will be to see if it works without a router connected.

    Might be a stupid mistake i've been missing, can anyone tell from what i've been writing what has gone wrong?

    Regards,
    Deaven

    Well, a lot of people are able to access what you do not…
    This is computational of course, and still...
    a lot of people are able to access what you do not...


  • LAYER 8 Global Moderator

    I have no idea what your doing wrong with your asus router, maybe its broken..

    Here is the thing.. Its got a switch on it, wifi is bridged too it..  To use any wifi router as just AP, turn off its dhcp server..  Connect it to your network with on if its lan switch ports… Then yes you can connect other devices to the other switch ports.. Just don't use wan.

    What mode you put it in I have no idea, maybe it disables the lan ports?  Maybe its broken?  Simple connectivity testing at this point..  Maybe you have a cable issue that your using between pfsense and the asus and asus and your pc?  Simple layer 2 connectivity issue if you forget its modes and just turn off its dhcp and use its switch ports.  Do you get lights, does pfsense show its connected at speed and duplex.  Same for your machine connected to another port..  Do you see the mac address of pfsense interface, does pfsense see the mac of your machines interface..



  • Everything is working perfectly now as i want it.

    I managed to figure it all out, thanks alot for the help to all of you =)



  • Your solution was…?

    Inquiring minds want to know.


Log in to reply