Overclock.net banner
Cancel

Pfsense box done, can't connect to internet, possible dhcp problem

13610 Views 6 Replies 2 Participants Last post by  cokelight
C
I currently have a WGR614v2 wireless router and I'm trying to just make it do wireless duties, with the pfsense computer doing all the work.

I set it up as follows:

DSL modem -> WAN of pfsense -> LAN of pfsense -> LAN of wireless router

I had the pfsense box do the PPPoE, with the correct username and password for my internet connection. As for the LAN setting, it's not bridged into anything.

I then configured the DHCP server,
From the GUI:

Subnet 192.168.1.0
Subnet mask 255.255.255.0
Available range 192.168.1.0 - 192.168.1.255

pfsense sets the range at 192.168.1.10 to 192.168.1.245

The question is, I've tried assigning each computer here an ip address, but I get errors saying that 192.168.1.xxx is inside the range you specified. I don't quite understand this, is this a good thing as it's within the range or should it not give me this error? Can someone help me with the correct values for this setting with regard to Subnet, mask, available range, and usable ip addresses for the computers in here (I'll be connecting around 15-20 devices in all, both wired and wireless). I've already entered their mac addresses too.

The box could dial and achieve an internet connection since it shows pppoe as UP in the interface status section, but looking at the dhcp leases, it seems that none of the computers are getting any.

As for the WGR614v2, I removed all the previous settings, its status right now is DHCP client, with everything off except wireless router radio and SSID broadcast.

How do I go about resolving this? Both wireless and wired (connected directly to the wireless router-acting-as-switch-and-access point) computers can't access the internet
Reply
Save
Like
1 - 7 of 7 Posts
ComGuards
If you don't anticipate that many clients connecting simultaneously to your network, you should probably make the DHCP range smaller. Probably start from 192.168.1.100 - 200. That gives you 101 IP address to lease.

You mentioned you're trying to assign each computer an IP address, what exactly do you mean? Are you assigning a DHCP Reservation on the DHCP server? Or are you manually assigning the IP address on the client? If the former, is there a particular reason you're using DHCP reservations?

Never used the pfsense appliance, but technically there shouldn't be any "errors" for assigning DHCP reservations that's inside or outside of the DHCP scope.

With regards to the WGR614v2, you should assign a static IP address to the LAN so it doesn't change. Probably assign it on the device itself.

Moving forward - I'd probably remove the WGR614v2 from the equation first and see if you can connect directly to the pfsense with a computer and get internet working on that one client computer first. i.e. make sure DHCP works, routing is configured properly, DNS is set properly, etc.
See less See more
Reply
Save
Like
  • Rep+
Reactions: 1
C
3
Quote:

Originally Posted by ComGuards View Post
If you don't anticipate that many clients connecting simultaneously to your network, you should probably make the DHCP range smaller. Probably start from 192.168.1.100 - 200. That gives you 101 IP address to lease.
Ok that makes sense, the only reason it's set like that is because that's how pfsense assigned it.

Quote:

Originally Posted by ComGuards View Post
You mentioned you're trying to assign each computer an IP address, what exactly do you mean? Are you assigning a DHCP Reservation on the DHCP server? Or are you manually assigning the IP address on the client? If the former, is there a particular reason you're using DHCP reservations?

Never used the pfsense appliance, but technically there shouldn't be any "errors" for assigning DHCP reservations that's inside or outside of the DHCP scope.
Yes I'm assigning dhcp reservations for each computer that will be connected to the router. Hm actually, this was how I did it with my old WGR614v2 so that each connected computer will have internet access and not worry about disconnects due to conflicts and such, so I'm just doing what's sort of familiar to me. It also allows properly forwarded ports due to the static ip addresses. Is there a better way of doing things?

How do I go about assigning the reservations? If given the dhcp range of 192.168.1.100-192.168.1.200, should I set them starting at 192.168.1.1-20 or should they fall between the 192.168.1.100-200 range? Or does it not really matter in the grand scheme of things?

Quote:

Originally Posted by ComGuards View Post
With regards to the WGR614v2, you should assign a static IP address to the LAN so it doesn't change. Probably assign it on the device itself.

Moving forward - I'd probably remove the WGR614v2 from the equation first and see if you can connect directly to the pfsense with a computer and get internet working on that one client computer first. i.e. make sure DHCP works, routing is configured properly, DNS is set properly, etc.
I set pfsense to 192.168.1.32, the modem to 192.168.1.1, and the WGR614v2 to 192.168.1.33. I'll see about removing the router out of the equation and connecting this computer directly; that's actually a very good idea, thanks.

EDIT:
I connected it directly and wasn't able to access the internet either. I was given a dhcp lease, pppoe was up etc., but I just couldn't browse or ping any sites.
See less See more
Reply
Save
Like
ComGuards
If you connected directly to the pfsense box and you weren't able to even ping, I'd check to make sure that the pfsense box has the necessary routing information configured between the WAN and LAN interfaces.

If you have machines that *require* a static IP address, you should have a range of IP addresses that are not part of the DHCP scope that can be manually assigned. For me:

192.168.1.1 - 10 : Network Devices (Routers, switches, etc)
192.168.1.11 - 99 : Static IP addresses (Servers, printers, etc)
192.168.1.100 - 199 : DHCP range for client machines
192.168.1.200 - 254 : Static IP addresses for Virtual Servers

It doesn't really matter what range you choose since it's really just a logical organization. For you, I doubt you'll run into a situation where you'll use up all your leases or static addresses
.

You *could* manually assign static IP addresses on the clients instead of using DHCP reservations. If you have a dedicated range of static IP addresses, you shouldn't run into DHCP conflicts since the DHCP scope won't assign any address from the static range. I normally do this *and* assign a DHCP reservation just in case something on the physical computer breaks and it resets the IP address to DHCP - it would still get the same address from the DHCP server. But I run Windows Server DHCP.
See less See more
Reply
Save
Like
  • Rep+
Reactions: 1
C
2
Quote:

Originally Posted by ComGuards View Post
If you connected directly to the pfsense box and you weren't able to even ping, I'd check to make sure that the pfsense box has the necessary routing information configured between the WAN and LAN interfaces.

If you have machines that *require* a static IP address, you should have a range of IP addresses that are not part of the DHCP scope that can be manually assigned. For me:

192.168.1.1 - 10 : Network Devices (Routers, switches, etc)
192.168.1.11 - 99 : Static IP addresses (Servers, printers, etc)
192.168.1.100 - 199 : DHCP range for client machines
192.168.1.200 - 254 : Static IP addresses for Virtual Servers

It doesn't really matter what range you choose since it's really just a logical organization. For you, I doubt you'll run into a situation where you'll use up all your leases or static addresses
.

You *could* manually assign static IP addresses on the clients instead of using DHCP reservations. If you have a dedicated range of static IP addresses, you shouldn't run into DHCP conflicts since the DHCP scope won't assign any address from the static range. I normally do this *and* assign a DHCP reservation just in case something on the physical computer breaks and it resets the IP address to DHCP - it would still get the same address from the DHCP server. But I run Windows Server DHCP.
I just set the LAN to be bridged to the WAN and guess what? Internet access! Thanks so much! Now I just have to tweak this for QoS and I'll be all set

******

I can't figure out how to port forward with this thing. I tried disabling the nat mirroring option, as per the guide I read, but my ports are still closed. Do I have to open ports on my router as well as the pfsense box or what?
See less See more
Reply
Save
Like
ComGuards
Quote:

Originally Posted by cokelight View Post
I just set the LAN to be bridged to the WAN and guess what? Internet access! Thanks so much! Now I just have to tweak this for QoS and I'll be all set

******

I can't figure out how to port forward with this thing. I tried disabling the nat mirroring option, as per the guide I read, but my ports are still closed. Do I have to open ports on my router as well as the pfsense box or what?
I hate to be a pain in the a$$ about terminology, but did you "bridge" the WAN & LAN ports, or did you configure NAT between the two, or did you configure "routing" between the two? Differences in technology with each term.

Anyways, I apologize beforehand - I haven't used pfSense in a while, and even then only a brief trial - I decided that a DD-WRT router was more than capable of what I needed.

Anyways, port-forwarding from pfsense Docs (can you confirm you did all these steps?)

------

When adding a port forward, you must also add a firewall rule to allow traffic in to the internal IP address designated by the port forward. There is an option to automatically add this rule when creating a port forward definition.

1. Go to the Firewall menu, select NAT, then click on the Port Forward tab.
2. Click on the + icon at the top or bottom of the screen.
3. Choose the Interface for the port forward (likely WAN) and if needed, pick a virtual IP address from the External Address drop-down.
4. Enter your forwarded port in the External Port range box(es)
5. Enter the internal IP address you'd like to send that port to in the NAT IP box.
6. Fill in a local port if it differs from the external port.
7. Check the Auto-add a firewall rule checkbox (1.2.x) or choose "Add (un)associated filter rule" (2.0).
8. Click Save which will return you to the Port Forward NAT screen, showing you all the NAT entries.
9. Finally, click Apply Changes - wait a few seconds and test.

------
See less See more
Reply
Save
Like
C
Quote:

Originally Posted by ComGuards View Post
I hate to be a pain in the a$$ about terminology, but did you "bridge" the WAN & LAN ports, or did you configure NAT between the two, or did you configure "routing" between the two? Differences in technology with each term.

Anyways, I apologize beforehand - I haven't used pfSense in a while, and even then only a brief trial - I decided that a DD-WRT router was more than capable of what I needed.

Anyways, port-forwarding from pfsense Docs (can you confirm you did all these steps?)

------

When adding a port forward, you must also add a firewall rule to allow traffic in to the internal IP address designated by the port forward. There is an option to automatically add this rule when creating a port forward definition.

1. Go to the Firewall menu, select NAT, then click on the Port Forward tab.
2. Click on the + icon at the top or bottom of the screen.
3. Choose the Interface for the port forward (likely WAN) and if needed, pick a virtual IP address from the External Address drop-down.
4. Enter your forwarded port in the External Port range box(es)
5. Enter the internal IP address you'd like to send that port to in the NAT IP box.
6. Fill in a local port if it differs from the external port.
7. Check the Auto-add a firewall rule checkbox (1.2.x) or choose "Add (un)associated filter rule" (2.0).
8. Click Save which will return you to the Port Forward NAT screen, showing you all the NAT entries.
9. Finally, click Apply Changes - wait a few seconds and test.

------
Yup I did all the steps outlined above minus the add exceptions, but I remember looking at the rules and having those ports being allowed access. I think the newest version automatically adds it to firewall exceptions; still closed ports unfortunately.

As for the LAN-WAN, I went to the tab that drops down to (assign), LAN, WAN, picked LAN, and set it to bridge. My dsl modem is actually a modem-router and is set to bridge if that counts for anything.

Something happened, I suddenly can't access my pfsense box, which means I'm back to the WGR614v2. I don't get "connection timed out" when I type 192.168.1.32 (pfsense address) but I do get a white, blank screen.

Now here's the weird part, I can't open the ports using my WGR614v2 either (but I was able to back then). This is actually the worst time to be worrying about this as I have a number of exams lined up this week haha, but thanks very much for the help, I'll probably get it sorted out by next week. I'm gonna bump this thread again once I get stable access to the pfsense box and my exams are done.

But if you know exactly what the problem is, feel free to post, I hate having loose ends about.
See less See more
Reply
Save
Like
1 - 7 of 7 Posts
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Overclock.net
A forum community dedicated to overclocking enthusiasts and testing the limits of computing. Come join the discussion about computing, builds, collections, displays, models, styles, scales, specifications, reviews, accessories, classifieds, and more!
Full Forum Listing
Explore Our Forums
Hardware News Intel CPUs PC Gaming NVIDIA Water Cooling
Top