Default pfSense install no internet connectivity

A

amrogers3

Gawd
Joined
Nov 7, 2010
Messages
641
installed 2.3 and it gets WAN address and I can connect to LAN and get assigned a 192 address. I can access the web interface, however, there is no internet connectivity.

This should work out of the box, I havent changed/added any FW rules. This problem is so general google wont help me here. Been messing with this thing for hours. Any help would be most appreciated.
 
Set your WAN to DHCP? Set a gateway? What have you done exactly?
 
amrogers3 said:
installed 2.3 and it gets WAN address and I can connect to LAN and get assigned a 192 address. I can access the web interface, however, there is no internet connectivity.

This should work out of the box, I havent changed/added any FW rules. This problem is so general google wont help me here. Been messing with this thing for hours. Any help would be most appreciated.
Click to expand...
What are you considering "internet activity"? Visiting a domain in a web browser? Ping that domain? Ping 8.8.8.8? You need to provide us some basic information and troubleshooting steps you've performed for us to help. The easiest thing on a fresh install to miss is proper DNS servers... It could also be the ones you chose are down. It could also be something else going on. Tell us if you can ping a domain or public IP address first and we can go from there

Edit: just saw your earlier post, which I will assume still holds true at this time. Please don't open multiple threads about the same thing.
First recommendation is to change your DNS to Google DNS in pfsense and see if you get anything different. Also, within the pfsense diagnostics, there is a ping tool. Ping 8.8.8.8 from there. Then try pinging a domain. Tell us the results. Ping the same IP and domain from your PC and tell us the results.
Also, you can change the DNS in the nslookup command as a test. From memory, I think one of the domains was live.outlook.com that wasn't resolving... If it wasn't that one, substitute the non-working domain and do the following
Code: 
nslookup live.outlook.com 8.8.8.8
nslookup live.outlook.com
Give us the results of that too. This should narrow down or rule out any issues with DNS.
 
Last edited:
FNtastic said:
\
Give us the results of that too. This should narrow down or rule out any issues with DNS.
Click to expand...

Thanks for the reply bud. I know this is a pretty general question and could be any number of issues.

Actually, the other post was for a different issue. Older install (2.2.6) and it suddenly crapped out couple days ago. Weirdest activity I have ever seen, some sites would work, other not. Kept getting a alot of errors show up looking at traffic n Wireshark. Summed it up to HW issue, replaced motherboard and did a fresh install of 2.4. Now can't get any pages to resolve, ping 8.8.8.8, or access any public IP.

Let me run through a bit of what you suggested and see if I can get any different results.
 
What IP is it getting on the WAN side? Is it a private address from the 'modem' and do you have disable routing RFC 1918 on the wan interface?
 
amrogers3 said:
Thanks for the reply bud. I know this is a pretty general question and could be any number of issues.

Actually, the other post was for a different issue. Older install (2.2.6) and it suddenly crapped out couple days ago. Weirdest activity I have ever seen, some sites would work, other not. Kept getting a alot of errors show up looking at traffic n Wireshark. Summed it up to HW issue, replaced motherboard and did a fresh install of 2.4. Now can't get any pages to resolve, ping 8.8.8.8, or access any public IP.

Let me run through a bit of what you suggested and see if I can get any different results.
Click to expand...
Ahhh. You've got a couple of separate weird issues on your hands. I misunderstood. Any updates? Really intrigued with weird things like this.
Another side tip/note... I was having weird issues with my pfsense. Everything was fine for about a year or so. Nothing crazy was configured. Just a couple of firewall rules. It just didn't seem to want to do what I was configuring it to do. I set it back to factory defaults, then set it up again. It's been fine ever since the reset to defaults...
 
I had the same issue when I installed, you need to make a new firewall rule. for whatever reason the IPv4 TCP rule is messed up. all I did was make a new one to replace the default with the same settings and it worked.

Dont ask me why, I dont get it, but when I was googling the same connection issue thats what I had found on other forums.
 
Biznatch said:
What IP is it getting on the WAN side? Is it a private address from the 'modem' and do you have disable routing RFC 1918 on the wan interface?
Click to expand...

It is getting a 59. address and 1918 routing is checked on WAN.
 
Last edited:
FNtastic said:
Ahhh. You've got a couple of separate weird issues on your hands. I misunderstood. Any updates? Really intrigued with weird things like this.
Another side tip/note... I was having weird issues with my pfsense. Everything was fine for about a year or so. Nothing crazy was configured. Just a couple of firewall rules. It just didn't seem to want to do what I was configuring it to do. I set it back to factory defaults, then set it up again. It's been fine ever since the reset to defaults...
Click to expand...

You want wierd, the other post is definitely weird. Been working for 2+ years and all of a sudden, only certain websties would work. Some I could access like gmail but hotmail wouldnt work.

I ran packet capture and saw malformed traffic. I couldnt figure out what was causing the issue. I didnt have time to continue troubleshooting so I installed a backup motherboard and ran 2.4.
 
Last edited:
Ok, got an update for you gents and ladies (if any present). So I put in openDNS ips for the Primary and Secondary. I unchecked "Override DNS" becasue I want only queries to be directed to OpenDNS. So doing that it breaks. I have no idea why.

I dont want queries going to my ISP DNS or google but it seems there is nothing I can do about that unless I run VPN which I don't want to do.

Anyone know how to only allow DNS queries to Primary and Secondary DNS servers?


EebnC7f.png
 
amrogers3 said:
Ok, got an update for you gents and ladies (if any present). So I put in openDNS ips for the Primary and Secondary. I unchecked "Override DNS" becasue I want only queries to be directed to OpenDNS. So doing that it breaks. I have no idea why.

I dont want queries going to my ISP DNS or google but it seems there is nothing I can do about that unless I run VPN which I don't want to do.

Anyone know how to only allow DNS queries to Primary and Secondary DNS servers?


View attachment 108800
Click to expand...
Did you reset pfsense back to default before doing anything else? I think that's the screen for the initial setup wizard that you posted. But, I want to be sure you did do the reset.

This is the config you want for forcing all DNS to your DNS: https://www.netgate.com/docs/pfsense/dns/redirecting-all-dns-requests-to-pfsense.html

Just remember, the DNS you choose could be the problem too. And, it's good to try another DNS for troubleshooting
 
I did. I reset everything back to factory defaults. But shouldnt unchecking "Override DNS" prevent any additional DNSes from being added by ISP?

That is the main reason for this option, correct or no?
 
amrogers3 said:
I did. I reset everything back to factory defaults. But shouldnt unchecking "Override DNS" prevent any additional DNSes from being added by ISP?

That is the main reason for this option, correct or no?
Click to expand...
It's the opposite. You don't want to check that box
That's what I get for typing while not awake. You are exactly right. Uncheck that box and you're good to go. Depending on the ISP DNS provider (I've seen some REALLY poor ones), that could have been part of the issue if it was checked previously. Seems like you are already familiar with that as well. Let us know the results. Interested to see where this goes
 
Last edited:
FNtastic said:
Interested to see where this goes
Click to expand...



Alright, unchecked and testing. according to DNSleak, I am still getting my ISP DNS servers even though it shows openDNS in the Dashboard.

This is what shows in dashboard but still seeing DNS requests to ISP. Why?? This makes no sense!!!!!
YZAKbU9l.jpg


Opposite of what should be happening.

wAsXJzKl.jpg
 
Last edited:
amrogers3 said:
Alright, unchecked and testing. according to DNSleak, I am still getting my ISP DNS servers even though it shows openDNS in the Dashboard.

This is what shows in dashboard but still seeing DNS requests to ISP. Why?? This makes no sense!!!!!
View attachment 109059

Opposite of what should be happening.

View attachment 109061
Click to expand...
How is your modem configured? Pass through? Do you get a public IP on the WAN side of the pfsense? If not, have the ISP put the modem in pass through mode.
If it already has a public IP on the WAN side of the pfsense, then I'm even more perplexed. And, it might be time to get the ISP involved to answer the question of what they're doing with your DNS queries.
 
Just for reference, I ran the same DNS tool on my connection to see what my results would be. I am using cloudflare DNS and am redirecting all DNS queries on my network to my pfsense (even if a device has manually set their DNS, the queries will still come from my pfsense, and therefore cloudflare, unbeknownst to that device). My result was my public IP address (the pfsense).
 
I do get a pulbic IP on the WAN side. This is a pfSense issue though in how it is handling DNS request as the servers are set and queried by pfSense.

pfSense should be reaching out only to openDNS servers but it is reaching out to ISP DNS servers. Not sure why.
 
amrogers3 said:
I do get a pulbic IP on the WAN side. This is a pfSense issue though in how it is handling DNS request as the servers are set and queried by pfSense.

pfSense should be reaching out only to openDNS servers but it is reaching out to ISP DNS servers. Not sure why.
Click to expand...
You sure the DNS isn't statically set on on the PC you're using? Do an ipconfig /renew and see if anything changes.

On a side note, it is still possible for your ISP to intercept DNS queries outside of your pfsense box and redirect/inspect/modify them as they please. If you say that isn't happening, then I'll go with what you say since you are more intimate with that specific setup than any of us.
 
You must log in or register to reply here.
Back
Top