• Sign in to Neowin Faster!

    Create an account on Neowin to contribute and support the site.

  • 0
Sign in to follow this  

[pfSense] Installed but no internet

Question

Lilrich    47

Hello Everyone,

I have managed to install pfSense onto an old computer with 2 nic's i can access the web gui and it says that both the nic's are up and sending data.

However i am unable to get access to the internet and i am sure there must be something i haven't done or done wrong. Is anyone able to guide me or show me what i might have missed.

I am not sure where it says what subnet i should be using or how to sucessfully configure the DHCP..

Cheers

Rich

Share this post


Link to post
Share on other sites

Recommended Posts

  • 0
Detection    2,256

Shot in the dark, but static IPs sound more likely to be supported than DHCP ?

Blatantly should have kept quiet on this one

Share this post


Link to post
Share on other sites
  • 0
Lilrich    47

I can hit the gui 192.168.33.1 which takes me to the control panel but if i setup the network settings on the computer to use 192.168.33.1 as the gateway instead of my old modem i get no internet which makes me think i have done something wrong.

Maybe someone with pfSense installed could post some screenshots?

Rich

Share this post


Link to post
Share on other sites
  • 0
+BudMan    3,648

^ what??

If you can access the web interface then clearly your on the lan network.

"I am not sure where it says what subnet i should be using or how to sucessfully configure the DHCP.."

What?? Post a screenshot of your dashboard or interfaces screen

Been running pfsense for years now, currently using 2.0 rc1 and setup the ipv6 development stuff from 2.1, etc.

So lets see the output of your status interfaces screen so we can see what we are working with - feel free to block out the last couple of octets of your wan side.. But need to see that your on public IP on wan, and private on lan, etc.

post-14624-0-29106400-1299953848.jpg

ok so here is output of dhcp server.. this means that it will hand out IPs between 192.168.1.200 to 239, it will also tell clients to use itself 192.168.1.253 as the dns server, and that local domain is called local.lan

post-14624-0-63744700-1299953547.jpg

What questions do you have exactly?

Share this post


Link to post
Share on other sites
  • 0
Lilrich    47

Budman please forgive me i am trying to learn and i read the documentation i just can't get it to work and some of it is admittedly over my head that is why i came here.

Yes the server is on the lan network as i can access it BUT i can't access the internet when passing traffic through it.

The WAN stuff looks not right to me but i am sure you will be able to tell me what i have done wrong.

pfsense.png

Share this post


Link to post
Share on other sites
  • 0
+BudMan    3,648

Well no **** that will never work, you have the same exact network on both the wan and the lan.

Your clearly behind a NAT device with that 192.168.33 (Private) network on the wan side.

What is your pfsense box connected to?

why did you set a /25 bit mask on your lan side??? Where did you get the idea to use 192.168.33 on your lan network??

Share this post


Link to post
Share on other sites
  • 0
Lilrich    47

Nothing, i have plugged the modem in to the WAN card and the LAN into the LAN card.

This is what i get.

Share this post


Link to post
Share on other sites
  • 0
+BudMan    3,648

Lan card? And you don't have a modem you have a NAT router, I don't care if they call it a modem or not?? Its doing NAT!! you got a private IP.

What is the model number of the device your psfsense box is plugged into?

And where did you plug the lan side into?? Into the same "modems" lan ports?

goes like this

internet - modem -- <wan> pfsense <lan> -- switch - PCS

You can work with a double nat (private on the wan side of your pfsense) but I highly suggest against it..

but you could do something like this for double nat

pfsense wan = dhcp

192.168.33.?/24

gateway 192.168.1.254 <-- your "modems" IP

lan static

192.168.2.1

netmask 255.255.255.0, 24 bits

dhcp server on pfsense

192.168.2.100 - 200

dns 192.168.2.1 or opendns, whatever

Pfsense is designed to be the NAT router/firewall of your network you do not need another device in front of it doing NAT.. you just need a modem connecting you to the internet, if you have what they are calling a DSL modem, clearly its really a gateway since you getting a private IP on your wan side of your pfsense. You would want to put the device into bridge mode. -- What is the make and model number of what your calling your modem and we can look to see if supports bridge mode, ie it will not longer do nat, and your pfsense box will get a PUBLIC IP on its wan interface.

edti: btw if going to run double nat mode like that, which I do not suggest, then on your "modem" your going to want to put your pfsense boxes wan IP into the DMZ of your "modem".. So want to set it to static or set reservation on your "modem" so it always gives pfsense same IP address on the 192.168.33 network.

Share this post


Link to post
Share on other sites
  • 0
Lilrich    47

Your right - the router was still in ROUTER mode

I changed that to modem only mode and this is what i get

pf2.png

No IP At all now.

Share this post


Link to post
Share on other sites
  • 0
+BudMan    3,648

How freaking hard is to post the make and model of the "modem"???? Example I use a Motorola SB6120

Model Name: SB6120

Vendor Name: Motorola

Firmware Name: SB612X-1.0.3.3-SCM00-NOSH

Boot Version: PSPU-Boot 1.0.0.4m1

Hardware Version: 1.0

Serial Number: 1869019126052260<snipped>

Firmware Build Time: Aug 12 2010 13:58:19

Did you power cycle your "modem" before connecting a new device?

Its impossible to help you without knowing what device you plugging into.

Are you DSL - Its less likely to see cable users with a gateway, so I would assume DSL. If so do you have to use PPPoE??

Share this post


Link to post
Share on other sites
  • 0
Lilrich    47

Okay okay sorry.

Netgear DG834G

Firmware V3.01.38

Network Type PPPoA

Did you power cycle your "modem" before connecting a new device?

No, i have never done this before so didn't know it was required now.

Are you DSL - Its less likely to see cable users with a gateway, so I would assume DSL. If so do you have to use PPPoE??

ADSL using PPPoA

Share this post


Link to post
Share on other sites
  • 0
+BudMan    3,648

Well with PPPoA, I will have to look if that device supports half bridge mode - cuz I dont believe pfsense supports PPPoA.

Half bridge means you use the gateway device to login, etc. but it puts the public IP on the device behind it. Let me take a look at the manual.

if not you can use the double nat mode I already went over.

btw what version of that router - I see up to v5, with that firmware version guess OLD v1?

From a quick look does not seem to support half bridge.. found this article about doing it with different firmware on the device

http://mybroadband.co.za/vb/archive/index.php/t-139095.html

But if you have to ask about dhcp, and did not know why pfsense was not working - I would HIGHLY suggest you not do anything of the sort.

Your best bet would be to just run in double nat mode.. So put your "modem" how it it was before - setup static IP on pfsense wan to be in that 192.168.33 network. Put that IP into the DMZ of your netgear router.. And then setup lan side of pfsense to be like 192.168.2.0/24

Share this post


Link to post
Share on other sites
  • 0
Lilrich    47

Looks like i really have bitten off more than i can chew this time.

Would using PPPoE require something from the ISP?

Edit: V2

Share this post


Link to post
Share on other sites
  • 0
+BudMan    3,648

if your connection is PPPoA, you can not just switch over to PPPoE.

Yeah I would agree this is over your head if you do not even understand basic networking, ie what dhcp is, what a subnet is, etc. What a Private IP is, etc.

Share this post


Link to post
Share on other sites
  • 0
Lilrich    47

if your connection is PPPoA, you can not just switch over to PPPoE.

Yeah I would agree this is over your head if you do not even understand basic networking, ie what dhcp is, what a subnet is, etc. What a Private IP is, etc.

I know what a DHCP is and a Subnet just never done much with NAT or anything simillar.

I want to broaden my knowledge on this kind of thing...

Share this post


Link to post
Share on other sites
  • 0
+BudMan    3,648

"I know what a DHCP is and a Subnet just never done much with NAT or anything simillar."

Thats not what this statement says to me

"I am not sure where it says what subnet i should be using or how to sucessfully configure the DHCP.."

But you can still use pfsense in a double nat setup.. Like I said just put its wan IP into the dmz of your netgear and setup a lan side network that is different than your wan network and your good to do. Not best option and you might run into some issues with double nat.. But those are rare - it should work just fine.

As to not done much with NAT?? WTF you think you have been using since you've been connected to your netgear router.. 192.168.33 is a private network, ie a NAT ;)

Share this post


Link to post
Share on other sites
  • 0
Lilrich    47

Hey Budman,

Just wanted to let you know i persisted with the problems i was having with my inability to understand basic networking and finally got my pfSense box up and running after lots of reading etc.

I changed the DG834G router into modem only mode which makes it into a modem only device (i think this is called a bridge) so it won't handle any of the authentication etc.

I then went into pfSense and setup the WAN interface on PPPoE and filled in my username and password for the internet - and submitted the changes, looking on the interface status it has now connected to the ISP got my public IP and also pulled the gateway and DNS servers. :woot:

update2.png

One problem i did come across tho was pfSense seemed to 'cache' my gateway instead of pulling it from the modem so i had to reset the pfSense box back to basics and start again but after that everything is now working and seems to be lots faster than a standard router.

I just need to have a go at getting a web blocking application setup and the ability to block websites based on IP or MAC.

Thanks for all your help and being patient with me

Rich

Share this post


Link to post
Share on other sites
  • 0
+BudMan    3,648

Thought you said you were using PPPoA? But great you got it working.. Yup that is a public IP on your wan side!

If you want to do content filtering just install the squid and squidguard packages - personally don't use them, but tested them on 2.0 and working.

Yeah you'll notice net is prob a lit faster with a real router vs that little box with like 200mhz cpu and 4MB of ram to work with ;)

HAVE FUN!!!

I've been playing with the ipv6 development code lately - its a little buggy still but everything seems to be working other than having some issues the the RRD graphs, etc.

post-14624-0-58722700-1300138428.jpg

Tell you what you will never go back to a simple soho router now that you have a taste of a full featured router/firewall with some horsepower to play with ;)

edit: if me I would get away from all those isp dns, and just run your own caching recursive server - install the unbound package, and you can even do dnssec -- get borat giving you a thumbs up.

http://test.dnssec-or-not.org/

  • Like 1

Share this post


Link to post
Share on other sites
  • 0
Lilrich    47

I didn't mean to feel like a 'tool' on the weekend i just really want to try and get my head into some of this networking lark and thought this would be a cool way of jumping right in there.

"Thought you said you were using PPPoA? But great you got it working.. Yup that is a public IP on your wan side!"

Yea i am using PPPoA but i sent a email to the ISP and they said they are using pfSense with PPPoE on the network and it works great, so i gave it a shot and here i am.

"If you want to do content filtering just install the squid and squidguard packages - personally don't use them, but tested them on 2.0 and working."

Thanks :) That is my next task to get Squid up and running, need to sort out some content filtering for the Kids :devil:

I hope never to go back, i am going to get the pfSense book later in the month so i can have a proper read at what this thing can do.

Once again thanks :D

Rich

Share this post


Link to post
Share on other sites
  • 0
+BudMan    3,648

Yeah if your looking to filtering the kids, the squidguard is great and install the reporting package "lightsquid" and you can get full reports of what they are doing... You can prob even log their IM messages with imspector ;)

Looks like the imspector is only on 1.2.3 release - you running 1.2.3 or 2.0? I didn't catch it from any of the screen shots, etc.

Share this post


Link to post
Share on other sites
  • 0
Lilrich    47

Interesting :)

I have installed Squid but haven't installed Squidguard yet as i notice it is still BETA.

I am running 1.2.3-RELEASE

Logging the IM Messages seems a bit much...but could be cool just to see that it is possible ;)

Share this post


Link to post
Share on other sites
  • 0
+BudMan    3,648

The squidguard is fine even though says it beta, your really going to want that if you want to filter by categories - you can grab blacklist and then then just pick categories, etc. If you run into issues just let me know, I don't run it since my kids are now 24 and 22 and no longer even at home ;)

But I have played with them, and pretty simple to get running - there was a thread a while back about blocking bbc.co.uk I threw it on to show how easy it is with the right tools - took like 10 min tops to get it all up and running and filtering on specific urls, they wanted to block /news or something but not the main url sort of thing.

Once you feel comfortable with the product in general, 2.0 is stable enough for production use so you might want to move up to that sometime - even before it hits final release.

Share this post


Link to post
Share on other sites
  • 0
Lilrich    47

The squidguard is fine even though says it beta, your really going to want that if you want to filter by categories - you can grab blacklist and then then just pick categories, etc. If you run into issues just let me know, I don't run it since my kids are now 24 and 22 and no longer even at home ;)

But I have played with them, and pretty simple to get running - there was a thread a while back about blocking bbc.co.uk I threw it on to show how easy it is with the right tools - took like 10 min tops to get it all up and running and filtering on specific urls, they wanted to block /news or something but not the main url sort of thing.

Once you feel comfortable with the product in general, 2.0 is stable enough for production use so you might want to move up to that sometime - even before it hits final release.

I have installed Squid Squidquard tinysquid just need to configure them and get them up and running.

Will see if i can dig out that link tomorrow and find out how you blocked the BBC :) could be a good starting point.

Yea might give 2.0 a go once i have had a go with this for a while :)

Share this post


Link to post
Share on other sites
  • 0
Lilrich    47

When i enable SquidGuard i get this error

squidguard.png

squiderror.png

Rich

Share this post


Link to post
Share on other sites
  • 0
+BudMan    3,648

What squid did you install 2 or 3? Is squid up and running before you try and start squidguard?

Share this post


Link to post
Share on other sites
  • 0
Lilrich    47

Version i would need to check as i went to

General -> Packages and installed from there.

I was under the impression that Squid was up and running....

Rich

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.