Possibly a routing problem

TechCF · Apr 17, 2006, 12:16 AM

I have a Netopia 3351 adsl modem/router that was configured for "bridge" mode. (Gives the pfSense box the official IP, disables NAT and Filter sets on the Netopia router) After this, most websites are not accessible. After a lot of troubleshooting, I think I have come to the conclusion that this is a routing problem. But, I don't have a clue for how to fix it. The reason I think it's a routing problem is the fact that both my pfsense box and machines connected can resolve dns names, but not ping them (some work, some doesn't). Looks to me as a problem with routing. The ARP table also looks weird, with almost all entries having the MAC adress of the lan side of the modem/router.

The Netopia box however have no problem ping'ing the hosts unavailable to the pfSense box, and the others behind it. Here is some information:

Netopia Quick View of Configuration:


                                 Quick View

Default IP Gateway:   127.0.0.2
Primary DNS Server:   217.13.4.24       Gateway installed -- Primary
Secondary DNS Server: 217.13.7.140      Domain Name: None Provided

----------------MAC Address--------IP Address-------Status--------------------
Ethernet LAN:   00-00-c5-9f-06-48  10.0.0.1         100Mbps Full Duplex
ATM ADSL WAN:   00-00-c5-9f-06-4a  84.48.110.212    Up: 7104/864 Kbps
USB LAN:        00-00-c5-9f-06-49  10.0.0.1         Down

                       Current WAN Connection Status
Profile Name--------Rate------%Use--Remote Address-----Est-More Info----------
Default Profile     7104/864  0/0                      Lsd
Nextgentel                          IP 127.0.0.2       Lsd NAT 84.48.110.212

VPN QuickView
                                LED Status
-PWR---USB---DSL Link Activity--ETHERNET Activity Link--+--------LEDS---------
                                                        | '-'= Off 'G'= Green
  G     -         G    -                  F        G    | 'R'= Red 'F'= Flash

pfSense WAN Interface Notice how Gateway is link#3.. is that correct?


 WAN interface
Status 	up
DHCP 	up  
MAC address 	00:02:a5:40:e7:ea
IP address 	84.48.110.212  
Subnet mask 	255.0.0.0
Gateway 	link#3
ISP DNS servers 	217.13.4.24
217.13.7.140
Media 	100baseTX <full-duplex>In/out packets 	2399/3359 (377 KB/225 KB)
In/out errors 	0/0
Collisions 	0</full-duplex>

Browsed the forum and saw someone else with a problem of some sites unreachable (though, with me most sites are.. google etc), and I changed MTU to as high as ping -l -f <size><adress>on one of the boxes behind the pfSense box would work (used www.vg.no as that is an address that is pingable). But, it did no change to my problem. But, ifconfig, shows an MTU of 1500 anyway:


$ ifconfig
fxp0: flags=8843 <up,broadcast,running,simplex,multicast>mtu 1500
	options=8 <vlan_mtu>inet 192.168.1.90 netmask 0xffffff00 broadcast 192.168.1.255
	inet6 fe80::2e0:18ff:fea8:29e0%fxp0 prefixlen 64 scopeid 0x1 
	ether 00:e0:18:a8:29:e0
	media: Ethernet autoselect (100baseTX <full-duplex>)
	status: active
rl0: flags=8843 <up,broadcast,running,simplex,multicast>mtu 1500
	options=8 <vlan_mtu>inet 192.168.0.254 netmask 0xffffff00 broadcast 192.168.0.255
	inet6 fe80::204:e2ff:fe00:f6b6%rl0 prefixlen 64 scopeid 0x2 
	ether 00:04:e2:00:f6:b6
	media: Ethernet autoselect (100baseTX <full-duplex>)
	status: active
fxp1: flags=8843 <up,broadcast,running,simplex,multicast>mtu 1500
	options=8 <vlan_mtu>inet6 fe80::202:a5ff:fe40:e7ea%fxp1 prefixlen 64 scopeid 0x3 
	inet 84.48.110.212 netmask 0xff000000 broadcast 255.255.255.255
	ether 00:02:a5:40:e7:ea
	media: Ethernet autoselect (100baseTX <full-duplex>)
	status: active
pflog0: flags=100 <promisc>mtu 33208
pfsync0: flags=41 <up,running>mtu 2020
	pfsync: syncdev: lo0 maxupd: 128
lo0: flags=8049 <up,loopback,running,multicast>mtu 16384
	inet 127.0.0.1 netmask 0xff000000 
	inet6 ::1 prefixlen 128 
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6</up,loopback,running,multicast></up,running></promisc></full-duplex></vlan_mtu></up,broadcast,running,simplex,multicast></full-duplex></vlan_mtu></up,broadcast,running,simplex,multicast></full-duplex></vlan_mtu></up,broadcast,running,simplex,multicast>

Tried rebooting all devices in different order, haven't tried another box after the modem/router yet. Will do that first thing in the morning. In the meantime, iif anyone is awake.. I'm will gladly accept any suggestions for how to get this working.

EDIT: Version BETA-2 built on Thu Mar 2 04:23:07 UTC 2006 Platform pfSense</adress></size>

hoba · Apr 17, 2006, 12:22 AM

Can you try with a different device than the netopia? I have seen some strange things with these (but I never used them in bridge mode yet).

TechCF · Apr 17, 2006, 1:07 PM

Sorry, I have nothing else to try than the Netopia. But I have tried to redo the configuration now, with no difference.

I tried to connect my laptop running WinXP directly to the Netopia, and I got everything working perfectly. I noticed the adresses the WinXP got was:

IP: 84.48.110.212
Subnet: 255.0.0.0
GW: 80.202.50.1

GW for the WAN port on the pfSense box is always link#3, with DHCP or manual settings (with the above values). Looks strange to me…

Netopia - WinXP: Works - Netopia - pfSense: Do partially work 80% sites unavailable

hoba · Apr 18, 2006, 3:53 PM

I somehow don't trust this subnetmask (255.0.0.0). Also note that the gateway is outside your WAN subnet. These settings don't make any sense to me.