No internet access, but webgui works
-
Hello, so I installed ESXI on my server. Then I installed pfSense. Well seems everything works fine, it gets my ISP ip which is okay. It gives ip to other network cards. So I have 3 NIC's. 1 for WAN, 2 for LAN. Wan works as it should, LAN gives IP, but I can access only pfSense web gui by lan IP 192.168.1.1 (192.168.3.1 for other nic). Web gui loads fine, no problems. I get ISP ip as I said, i can upgrade, install packages just fine. Problem is, I can't access any website, nothing! Only pfsense web gui, what's the cause of problem? Thanks!
-
Do you have firewall rule in place at the 2 LAN interfaces allowing internet access?
And are your vms behind pfSense configured to use pfSense LAN IP for default gateway?
-
I have plugged in internet cable for LAN nic to other my pc, so I need to have connection to it. I can access pfsense web gui, nothing else.
I set ipv4 rule for any port for any source, so i opened all ports, still same result.–UPDATED--
Screenshots:
http://imgur.com/a/8F7Tl
-
Post screen shots of your LAN interface details. How are your LAN clients configured?
-
http://imgur.com/a/C0J8W
Anything else?
-
I did ask for your client details, but if you can grab packages then it's likely a DNS issue. What are your clients using for DNS?
-
Here it is my client:
http://imgur.com/4uv2bLX
-
So you haven't entered any DNS server at the client.
This way you can only access website by IP address, like http://98.138.253.109 for yahoo.
-
Oh god, I can't believe.. When I entered the IP, it works.. But nothing else, how should I fix this? I entered all possible DNS combos, still same result.
-
Try 192.168.1.1 (pfSense), or 8.8.8.8 or 8.8.4.4 (Google DNS), or 4.4.4.4 (Level3 DNS), or your ISP's DNS. But you must have something to resolve hostnames to IP addresses. Networking 101.
-
@KOM:
Try 192.168.1.1 (pfSense), or 8.8.8.8 or 8.8.4.4 (Google DNS), or 4.4.4.4 (Level3 DNS), or your ISP's DNS. But you must have something to resolve hostnames to IP addresses. Networking 101.
Same problem, doesn't work. :/
-
We need more detail other than it doesn't work. What exactly did you do? Why is your win7 VM on both WAN and LAN switches? It should be on LAN only.
-
@KOM:
We need more detail other than it doesn't work. What exactly did you do? Why is your win7 VM on both WAN and LAN switches? It should be on LAN only.
Okay, small update sorry, win7 just a test, never used.
So my main LAN switch don't work same problem as I said, but my OPT1 interface (second lan), works flawlessly. If you need any info tell me, I provide.
-
Post screens of your firewall rules for both LANs.
-
@KOM:
Post screens of your firewall rules for both LANs.
Not working:
http://prntscr.com/aaq5xxWorking:
http://prntscr.com/aaq625Now i have tought just a bit, can it be ESXI management network issue?
–Update--
Okay so I found problem why my LAN don't work. There is ESXI management network running at LAN nic, which maybe causes problem with it, if I change management network to OPT1 nic then same problem appears on OPT1, but then my LAN works.
-
No, it's DNS issue. Your PC LAN rule should use * for protocol, not just IPv4 TCP, but that's not your issue. Your issue is purely DNS-related since you can access websites based on their IP address but not FQDN. Your Windows XP client that was missing DNS details, what did you do about that? I had recommended several DNS servers that you could use, and you replied that it didn't work and I then asked what exactly did you do.
-
@KOM:
No, it's DNS issue. Your PC LAN rule should use * for protocol, not just IPv4 TCP, but that's not your issue. Your issue is purely DNS-related since you can access websites based on their IP address but not FQDN. Your Windows XP client that was missing DNS details, what did you do about that? I had recommended several DNS servers that you could use, and you replied that it didn't work and I then asked what exactly did you do.
Okay so yea, what I did i set it to GET DNS AUTOMATICALLY, same settings for other LAN (OPT1, which works without problems).
ESXI have it own settings for management console (Maybe interrupting DNS with pfsense?) (photos included)
http://imgur.com/a/2AQ4b
-
Humour me and set it manual DNS, 8.8.8.8 and then try again.
-
-
Client. ESXi isn't making the DNS calls on behalf of the VM, the VM is, so we only care about setting client DNS.
-
@KOM:
Client. ESXi isn't making the DNS calls on behalf of the VM, the VM is, so we only care about setting client DNS.
http://prntscr.com/aarmyu
Same result
-
Since we have already confirmed that you can go places based on the IP address, it's definitely a DNS problem. However, use of manual DNS seems to fail. Is it possible your ISP is blocking the use of external DNS servers? In pfSense, what do you have for System - General Setup - DNS Servers?
-
@KOM:
Since we have already confirmed that you can go places based on the IP address, it's definitely a DNS problem. However, use of manual DNS seems to fail. Is it possible your ISP is blocking the use of external DNS servers? In pfSense, what do you have for System - General Setup - DNS Servers?
http://prntscr.com/aarycx
http://prntscr.com/aaryi4
http://prntscr.com/aaryo9Here you go
-
Next test: on your client, set DNS manually to 212.59.8.8 and try again. BTW you can embed images directly into your posts here without having to upload them to some 3rd-party site and then link to them.
-
@KOM:
Next test: on your client, set DNS manually to 212.59.8.8 and try again. BTW you can embed images directly into your posts here without having to upload them to some 3rd-party site and then link to them.
Same :/
-
So bizarre. Try this. On your XP client, run a Command Prompt. Type nslookup and press enter. Type server 212.59.8.8 and press enter. Type youtube.com and press enter. What happens? When I try it here, your 212.59.8.8 DNS server times out, but that might be because I'm not on their network. Does it time out for you too? If so, type server 8.8.8.8 and press enter. Type youtube.com and press enter. What happens?
-
@KOM:
So bizarre. Try this. On your XP client, run a Command Prompt. Type nslookup and press enter. Type server 212.59.8.8 and press enter. Type youtube.com and press enter. What happens? When I try it here, your 212.59.8.8 DNS server times out, but that might be because I'm not on their network. Does it time out for you too? If so, type server 8.8.8.8 and press enter. Type youtube.com and press enter. What happens?
Mhmm. That's weird. Attaching photos.
Second is from my other lan (OPT1)
-
OK now we're getting somewhere. The one that work sis using pfSense as its DNS. In pfSense, are you using the Forwarder or Resolver? Look under Services at each one and see which one is enabled. For the one that's enabled, what do you have set for Networks Interfaces / Interfaces?
-
@KOM:
OK now we're getting somewhere. The one that work sis using pfSense as its DNS. In pfSense, are you using the Forwarder or Resolver? Look under Services at each one and see which one is enabled. For the one that's enabled, what do you have set for Networks Interfaces / Interfaces?
Here it is.
-
OK, run nslookup again and this time type server 192.168.3.1 then try to resolve youtube.com. What happens?
-
@KOM:
OK, run nslookup again and this time type server 192.168.3.1 then try to resolve youtube.com. What happens?
Here
-
OK. I'm not sure why your pfSense LAN IP is 192.168.1.1, but you can resolve hosts via 192.168.1.254. Can you take a new screen of your pfSense console view (the one that lists the NICs and the menu showing options form 0 to 15)?
-
@KOM:
OK. I'm not sure why your pfSense LAN IP is 192.168.1.1, but you can resolve hosts via 192.168.1.254. Can you take a new screen of your pfSense console view (the one that lists the NICs and the menu showing options form 0 to 15)?
Alright
-
My mistake, you weren't resolving use 192.168.1.254. Your OPT1 link was resolving using 212.59.8.8. So why can't LAN resolve using the same DNS server? I'm starting to run out of ideas here. It should just work.
-
@KOM:
My mistake, you weren't resolving use 192.168.1.254. Your OPT1 link was resolving using 212.59.8.8. So why can't LAN resolve using the same DNS server? I'm starting to run out of ideas here. It should just work.
That's the problem. Im just thinking that esxi is overriding dns server?
-
No, that has nothing to do with it. Usually, your public link to your ISP is a 100 Mbit connection , and LAN connections are Gigabit. In your case though, your public is Gigabit and LAN is 100 Mbit. I'm wondering if you have your vSwitches defined incorrectly. Pull the plug on your cable to your ISP and then check which interface in vi-client shows as being disconnected.
-
@KOM:
No, that has nothing to do with it. Usually, your public link to your ISP is a 100 Mbit connection , and LAN connections are Gigabit. In your case though, your public is Gigabit and LAN is 100 Mbit. I'm wondering if you have your vSwitches defined incorrectly. Pull the plug on your cable to your ISP and then check which interface in vi-client shows as being disconnected.
Well yes, my win xp machine is netbook, so it have only 100mbit connection, don't support gigabit.
-
I'm talking about your ESXi host. ESXi seems to have Gigabit to your ISP and OPT1, but 100 Mbit to LAN. That is unusual. You don't have your XP laptop connected directly into the ESXi host, do you? It should be plugged into a switch that is also plugged into ESXi, unless you're using a crossover cable.
-
@KOM:
I'm talking about your ESXi host. ESXi seems to have Gigabit to your ISP and OPT1, but 100 Mbit to LAN. That is unusual. You don't have your XP laptop connected directly into the ESXi host, do you? It should be plugged into a switch that is also plugged into ESXi, unless you're using a crossover cable.
Actually I do…
OPT1 goes to my switch which is connected to the my pc, which works okay.
But LAN doesn't as we trying to figure it out few hours now..jpg)
.jpg_thumb)
-
I'm getting confused. Your XP PC was on LAN, I thought, since that is the one that can't resolve IP addresses. Maybe you could draw me a simple network diagram to show what is connected where?
