pfsense lan doesn't have internet

[Tursiops]

I just installed a pfsense brand new install on a ITX form machine I built myself, and after assining the lan and wan network ports, and going over the web gui first run wizard, I haven't touched anything else.

The box itself has no problem to connect to internet via the WAN interface. When I use the included ping and dns query tools, there's no problem there.

When I do the same with the LAN interface then 100% packet lost.

I checked what was recommended on other forum posts I see by googling it, and this is what I've done so far:

The gateway is correct, the ports are correctly assigned, I didn't cross connect them or anything.

the box is acting as DHCP and all my hardware is receiving ip's correctly from it.

Still no hardware connected to it has any access to internet.

I have included a packet capture to see if anyone of you network guru's find anything wrong with it.

It shows my iphone trying to connect to facebook when I launch the facebook app.

 

For reference my pfsense box is 192.168.1.120 and my iphone is 192.168.1.130

My ISP router is 192.168.1.1

 

I can add any detail or information you want, I would really like this box to work.

Thank you!

packetcapture.cap

[Bittenfleax]

So you have turned off DHCP on your ISP router? - Probably won't do anything as long as you are directly into the pfSense box, just checking  

 

Why not replace your ISP router with your pfSense box?

 

What are your exact settings??

 

Also, is your phone connecting to the router or the pfSense box? What is connected to your pfSense box - or what will be?

 

[Tursiops]

41 minutes ago, Bittenfleax said:

So you have turned off DHCP on your ISP router? - Probably won't do anything as long as you are directly into the pfSense box, just checking  

 

Why not replace your ISP router with your pfSense box?

 

What are your exact settings??

 

Also, is your phone connecting to the router or the pfSense box? What is connected to your pfSense box - or what will be?

 

OK when I try to disable the dhcp on my isp box it tells me that I cannot disable it. 

 

I didn't know that I could just replace the isp router with the pfsense box, how would I do that? I suppose I would have to know exactly how the isp box connects to the network.

 

For the settings as I said i left everything on default except for the wizard at the beginning where I set the iP for my lan to 192.168.1.120 and I activated the dhcp.

 

I don't have home phone, my isp router is connected to a mute phone line.

 

The cabling is done as so: isp router connected to muted phone line

Pfsense box connected to isp router with wan port

Pfsense box connected to devolo 1200+ Wi-Fi enabled plug with lan port.

 

Every hardware in the house connected to devolo plugs on different plugs around the house. IPhone and other Wi-Fi devices connected to devolo Wi-Fi.

 

Hope this is clear enough.

 

Thank you for your help.

[Tursiops]

1 hour ago, Bittenfleax said:

So you have turned off DHCP on your ISP router? - Probably won't do anything as long as you are directly into the pfSense box, just checking  

 

Why not replace your ISP router with your pfSense box?

 

What are your exact settings??

 

Also, is your phone connecting to the router or the pfSense box? What is connected to your pfSense box - or what will be?

 

I looked at your proposal to replace my isp router with my pfsense box and here what I need: modem/router VDSL(2) "Dual mode VDSL2/ADSL2+ functionality" and also QoS and IGMP (v3)

 

Is that a possibility?

[Bittenfleax]

13 hours ago, Tursiops said:

I looked at your proposal to replace my isp router with my pfsense box and here what I need: modem/router VDSL(2) "Dual mode VDSL2/ADSL2+ functionality" and also QoS and IGMP (v3)

 

Is that a possibility?

When I did mine, I have my phone line going into my modem (which I already had) then from my modem to my ISP router. I just changed my ISP router with my pfSense one and changed PPoE settings so that I can connect (you will see what I mean when you are reading about it). 

 

So yeah, basically a modem/router that can take your phone connection and spit it out has an ethernet. (Which your ISP router is acting as). - That is the best way of putting it

 

However, if you cannot disable DHCP it is kinda cr*p. Have a Google of your ISP and have a look at other people trying to replace the router and see what they did. Not necessarily with pfSense although that would help more.

[Tursiops]

3 hours ago, Bittenfleax said:

When I did mine, I have my phone line going into my modem (which I already had) then from my modem to my ISP router. I just changed my ISP router with my pfSense one and changed PPoE settings so that I can connect (you will see what I mean when you are reading about it). 

 

So yeah, basically a modem/router that can take your phone connection and spit it out has an ethernet. (Which your ISP router is acting as). - That is the best way of putting it

 

However, if you cannot disable DHCP it is kinda cr*p. Have a Google of your ISP and have a look at other people trying to replace the router and see what they did. Not necessarily with pfSense although that would help more.

Hello. That's actually what I did to get the information. It seems my TV and Internet needs those protocols. 

Still this doesn't solve my issue with my box lan port not having access to Internet. 

[Bittenfleax]

10 minutes ago, Tursiops said:

Still this doesn't solve my issue with my box lan port not having access to Internet. 

Yes, true.

 

Sooooo... about the problem.

 

Are both your WAN and LAN ports on a network card or is one the on-board motherboard ethernet port and the other a network card?

[zMeul]

21 hours ago, Tursiops said:

For reference my pfsense box is 192.168.1.120 and my iphone is 192.168.1.130

My ISP router is 192.168.1.1

couple of problems there - you are routing on the same network

either disable the routing on the ISP box and turn it into a bridge or change the IP of the pfsense box to something like 192.168.0.1

 

but you still need to disable routing on the ISP box, because you're basically double NATing

 

to test the connection, manually assign the IP of the test machine to the same class the pfsense box is

gateway: IP of the pfsense box

DNS1: IP of the pfsense box

DNS2: you can leave it blank or use google's DNS (8.8.8.8)

[Tursiops]

6 hours ago, Bittenfleax said:

Yes, true.

 

Sooooo... about the problem.

 

Are both your WAN and LAN ports on a network card or is one the on-board motherboard ethernet port and the other a network card?

Both nics are on the same board. They are detected correctly and work fine. It's really a matter of configuration 

[Tursiops]

5 hours ago, zMeul said:

couple of problems there - you are routing on the same network

either disable the routing on the ISP box and turn it into a bridge or change the IP of the pfsense box to something like 192.168.0.1

 

but you still need to disable routing on the ISP box, because you're basically double NATing

 

to test the connection, manually assign the IP of the test machine to the same class the pfsense box is

gateway: IP of the pfsense box

DNS1: IP of the pfsense box

DNS2: you can leave it blank or use google's DNS (8.8.8.8)

OK thanks for the advice. I've disabled the nat on my isp router. 

OK I will change the iP of my box and renew my lease my iPhone that I use for testing. 

 

So I've changed the iP of the lan port as advised and also changed my test device iP and gateway + dns but the result stays the same. Internet still works fine on WAn  port but not on lan. I've taken a picture of the ping test I made,

[zMeul]

13 hours ago, Tursiops said:

So I've changed the iP of the lan port as advised and also changed my test device iP and gateway + dns but the result stays the same. Internet still works fine on WAn  port but not on lan. I've taken a picture of the ping test I made,

I don't have experience with pfsense but I don't think pining google DNS from a LAN source is correct

you should ping google from your iPad - aren't there any PING tools in the App Store?

[Bittenfleax]

Keep your router on 192.168.1.1. On the 192.168.1.0 subnet.

 

Change your pfSense to go on a different subnet.

 

I like 192.168.10.0.

Then your pfSense box on 192.168.10.0.

You may want to do a fresh install of pfSense and redo it with those settings.

 

Then

 

 Go to: Firewall\NAT\Outbound

 

Check for an auto created rule that should look like this yours should be 192.168.10.0 - not 192.168.0.0 because you changed it earlier:

 

If it is already there, great. But change it and make sure that "Static Port" in that rule is checked.

 

What this will do is ensure that the local ports for your devices (eg each browser tab has its own "local port" - Google local ports for more info) stay the same as they fly out your pfSense box to the internet. (Because pfSense likes to change them for "security" reasons although it is not essential). - This also fixes the problem of OPEN/CLOSED NAT in games with pfSense.

 

If it is not there:

Create a "Static NAT". Make sure you set it to "Manual".

 

Then add the rule with the settings above. 

 

[Tursiops]

2 hours ago, zMeul said:

I don't have experience with pfsense but I don't think pining google DNS from a LAN source is correct

you should ping google from your iPad - aren't there any PING tools in the App Store?

From what I understand pinging from the lan port should be equivalent to pinging from any other device on my lan, as the ping will have to reach the lan port and go over the wan to have a reply valid.

Still I did it with my ipad and a network tool I have and it failed the same.

[Tursiops]

1 hour ago, Bittenfleax said:

Keep your router on 192.168.1.1. On the 192.168.1.0 subnet.

 

Change your pfSense to go on a different subnet.

 

I like 192.168.10.0.

Then your pfSense box on 192.168.10.0.

You may want to do a fresh install of pfSense and redo it with those settings.

 

Then

 

 Go to: Firewall\NAT\Outbound

 

Check for an auto created rule that should look like this yours should be 192.168.10.0 - not 192.168.0.0 because you changed it earlier:

 

If it is already there, great. But change it and make sure that "Static Port" in that rule is checked.

 

What this will do is ensure that the local ports for your devices (eg each browser tab has its own "local port" - Google local ports for more info) stay the same as they fly out your pfSense box to the internet. (Because pfSense likes to change them for "security" reasons although it is not essential). - This also fixes the problem of OPEN/CLOSED NAT in games with pfSense.

 

If it is not there:

Create a "Static NAT". Make sure you set it to "Manual".

 

Then add the rule with the settings above. 

 

Ok I will change the ip from my lan port to 192.168.10.0 and if that doesn't work I'll reinstall it from sratch. I'll check the rules too.

Thanks.

[Tursiops]

On 17 août 2016 at 11:48 AM, Tursiops said:

Ok I will change the ip from my lan port to 192.168.10.0 and if that doesn't work I'll reinstall it from sratch. I'll check the rules too.

Thanks.

You're a genius! I did exactly what you said and it works now!

Thanks million!