FRESH 2.2.6 install, no resolution

  • Hey all,

    I'm having a problem getting a fresh install of 2.2.6 to access the Internet…. Or even ping anything outside an IP address. I can ping my router. With the Pfsense box in place and can access it in a browser, but cannot access anything past it. If I remove the Pfsense box and connect directly to the router, I can surf as normal.

    I've checked cabling, tried multiple installs, (2.2.2 and 2.2.6)... But cannot seem to get it to work.

    All firewall rules are default to setup (anti lockout, default allow for IPv4 and IPv6)
    Wan side has block private networks and block Bogon networks (tried without these selected to see if that was the problem)

    Default Gateway is (the router's ip)
    LAN interface has an ip of
    Wan interface ip is with default gateway selected (using for dns)
    (Allows me to ping, but not access it via browser)
    When using dhcp for wan interface, I have allow override selected on general setup.
    (Allows me to ping but cannot ping or any other domain)

  • Update: found that nap was turned off on the router and was reporting in as 2012 instead of 2016. I can now sometimes do a successful dns lookup from Pfsense, but still cannot access anything directly through a browser.

    Edited: seems lookup isn't working 100%. Have to perform 2-3 lookups to get a result and even after getting a result, can still get several failures before getting another successful lookup.

    Again… Everything this works 100% if I simply remove Pfsense from the architecture.

  • LAYER 8 Global Moderator

    "When using dhcp for wan interface, I have allow override selected on general setup."

    Which has noting to do with using the resolver out of the box which is the default now.

    If your having dns issues, try the forwarder vs the resolver.

  • Thanks johnpoz. Forwarding worked. Any ideas why resolver wouldn't?

  • Rebel Alliance Developer Netgate

    The resolver defaults to non-forwarding mode with DNSSEC enabled, so if your clock is not right or if you have any upstream DNS fiddling happening it can be touchy, though for most it's a more functional, safer, and secure default.