Default pfSense install no internet connectivity

Discussion in 'Networking & Security' started by amrogers3, Sep 30, 2018.

  1. amrogers3

    amrogers3 Gawd

    Messages:
    570
    Joined:
    Nov 7, 2010
    installed 2.3 and it gets WAN address and I can connect to LAN and get assigned a 192 address. I can access the web interface, however, there is no internet connectivity.

    This should work out of the box, I havent changed/added any FW rules. This problem is so general google wont help me here. Been messing with this thing for hours. Any help would be most appreciated.
     
  2. Farva

    Farva King of borked Picture links

    Messages:
    36,146
    Joined:
    Feb 3, 2004
    Set your WAN to DHCP? Set a gateway? What have you done exactly?
     
  3. FNtastic

    FNtastic [H]ard|Gawd

    Messages:
    1,090
    Joined:
    Jul 6, 2013
    What are you considering "internet activity"? Visiting a domain in a web browser? Ping that domain? Ping 8.8.8.8? You need to provide us some basic information and troubleshooting steps you've performed for us to help. The easiest thing on a fresh install to miss is proper DNS servers... It could also be the ones you chose are down. It could also be something else going on. Tell us if you can ping a domain or public IP address first and we can go from there

    Edit: just saw your earlier post, which I will assume still holds true at this time. Please don't open multiple threads about the same thing.
    First recommendation is to change your DNS to Google DNS in pfsense and see if you get anything different. Also, within the pfsense diagnostics, there is a ping tool. Ping 8.8.8.8 from there. Then try pinging a domain. Tell us the results. Ping the same IP and domain from your PC and tell us the results.
    Also, you can change the DNS in the nslookup command as a test. From memory, I think one of the domains was live.outlook.com that wasn't resolving... If it wasn't that one, substitute the non-working domain and do the following
    Code:
    nslookup live.outlook.com 8.8.8.8
    nslookup live.outlook.com 
    Give us the results of that too. This should narrow down or rule out any issues with DNS.
     
    Last edited: Sep 30, 2018
  4. amrogers3

    amrogers3 Gawd

    Messages:
    570
    Joined:
    Nov 7, 2010
    Thanks for the reply bud. I know this is a pretty general question and could be any number of issues.

    Actually, the other post was for a different issue. Older install (2.2.6) and it suddenly crapped out couple days ago. Weirdest activity I have ever seen, some sites would work, other not. Kept getting a alot of errors show up looking at traffic n Wireshark. Summed it up to HW issue, replaced motherboard and did a fresh install of 2.4. Now can't get any pages to resolve, ping 8.8.8.8, or access any public IP.

    Let me run through a bit of what you suggested and see if I can get any different results.
     
  5. Biznatch

    Biznatch [H]ard|Gawd

    Messages:
    2,046
    Joined:
    Nov 16, 2009
    What IP is it getting on the WAN side? Is it a private address from the 'modem' and do you have disable routing RFC 1918 on the wan interface?
     
  6. FNtastic

    FNtastic [H]ard|Gawd

    Messages:
    1,090
    Joined:
    Jul 6, 2013
    Ahhh. You've got a couple of separate weird issues on your hands. I misunderstood. Any updates? Really intrigued with weird things like this.
    Another side tip/note... I was having weird issues with my pfsense. Everything was fine for about a year or so. Nothing crazy was configured. Just a couple of firewall rules. It just didn't seem to want to do what I was configuring it to do. I set it back to factory defaults, then set it up again. It's been fine ever since the reset to defaults...
     
  7. ChRoNo16

    ChRoNo16 [H]ard|Gawd

    Messages:
    1,291
    Joined:
    Feb 3, 2011
    I had the same issue when I installed, you need to make a new firewall rule. for whatever reason the IPv4 TCP rule is messed up. all I did was make a new one to replace the default with the same settings and it worked.

    Dont ask me why, I dont get it, but when I was googling the same connection issue thats what I had found on other forums.
     
  8. amrogers3

    amrogers3 Gawd

    Messages:
    570
    Joined:
    Nov 7, 2010
    It is getting a 59. address and 1918 routing is checked on WAN.
     
    Last edited: Oct 2, 2018
  9. amrogers3

    amrogers3 Gawd

    Messages:
    570
    Joined:
    Nov 7, 2010
    You want wierd, the other post is definitely weird. Been working for 2+ years and all of a sudden, only certain websties would work. Some I could access like gmail but hotmail wouldnt work.

    I ran packet capture and saw malformed traffic. I couldnt figure out what was causing the issue. I didnt have time to continue troubleshooting so I installed a backup motherboard and ran 2.4.
     
    Last edited: Oct 2, 2018
  10. amrogers3

    amrogers3 Gawd

    Messages:
    570
    Joined:
    Nov 7, 2010
    Ok, got an update for you gents and ladies (if any present). So I put in openDNS ips for the Primary and Secondary. I unchecked "Override DNS" becasue I want only queries to be directed to OpenDNS. So doing that it breaks. I have no idea why.

    I dont want queries going to my ISP DNS or google but it seems there is nothing I can do about that unless I run VPN which I don't want to do.

    Anyone know how to only allow DNS queries to Primary and Secondary DNS servers?


    EebnC7f.png
     
  11. FNtastic

    FNtastic [H]ard|Gawd

    Messages:
    1,090
    Joined:
    Jul 6, 2013
    Did you reset pfsense back to default before doing anything else? I think that's the screen for the initial setup wizard that you posted. But, I want to be sure you did do the reset.

    This is the config you want for forcing all DNS to your DNS: https://www.netgate.com/docs/pfsense/dns/redirecting-all-dns-requests-to-pfsense.html

    Just remember, the DNS you choose could be the problem too. And, it's good to try another DNS for troubleshooting
     
  12. amrogers3

    amrogers3 Gawd

    Messages:
    570
    Joined:
    Nov 7, 2010
    I did. I reset everything back to factory defaults. But shouldnt unchecking "Override DNS" prevent any additional DNSes from being added by ISP?

    That is the main reason for this option, correct or no?
     
  13. FNtastic

    FNtastic [H]ard|Gawd

    Messages:
    1,090
    Joined:
    Jul 6, 2013
    It's the opposite. You don't want to check that box
    That's what I get for typing while not awake. You are exactly right. Uncheck that box and you're good to go. Depending on the ISP DNS provider (I've seen some REALLY poor ones), that could have been part of the issue if it was checked previously. Seems like you are already familiar with that as well. Let us know the results. Interested to see where this goes
     
    Last edited: Oct 3, 2018
  14. amrogers3

    amrogers3 Gawd

    Messages:
    570
    Joined:
    Nov 7, 2010


    Alright, unchecked and testing. according to DNSleak, I am still getting my ISP DNS servers even though it shows openDNS in the Dashboard.

    This is what shows in dashboard but still seeing DNS requests to ISP. Why?? This makes no sense!!!!!
    YZAKbU9l.jpg

    Opposite of what should be happening.

    wAsXJzKl.jpg
     
    Last edited: Oct 4, 2018
  15. FNtastic

    FNtastic [H]ard|Gawd

    Messages:
    1,090
    Joined:
    Jul 6, 2013
    How is your modem configured? Pass through? Do you get a public IP on the WAN side of the pfsense? If not, have the ISP put the modem in pass through mode.
    If it already has a public IP on the WAN side of the pfsense, then I'm even more perplexed. And, it might be time to get the ISP involved to answer the question of what they're doing with your DNS queries.
     
  16. FNtastic

    FNtastic [H]ard|Gawd

    Messages:
    1,090
    Joined:
    Jul 6, 2013
    Just for reference, I ran the same DNS tool on my connection to see what my results would be. I am using cloudflare DNS and am redirecting all DNS queries on my network to my pfsense (even if a device has manually set their DNS, the queries will still come from my pfsense, and therefore cloudflare, unbeknownst to that device). My result was my public IP address (the pfsense).
     
  17. amrogers3

    amrogers3 Gawd

    Messages:
    570
    Joined:
    Nov 7, 2010
    I do get a pulbic IP on the WAN side. This is a pfSense issue though in how it is handling DNS request as the servers are set and queried by pfSense.

    pfSense should be reaching out only to openDNS servers but it is reaching out to ISP DNS servers. Not sure why.
     
  18. FNtastic

    FNtastic [H]ard|Gawd

    Messages:
    1,090
    Joined:
    Jul 6, 2013
    You sure the DNS isn't statically set on on the PC you're using? Do an ipconfig /renew and see if anything changes.

    On a side note, it is still possible for your ISP to intercept DNS queries outside of your pfsense box and redirect/inspect/modify them as they please. If you say that isn't happening, then I'll go with what you say since you are more intimate with that specific setup than any of us.