Netgate SG-1000 microFirewall

Author Topic: Issue accessing internet  (Read 154 times)

0 Members and 1 Guest are viewing this topic.

Offline Stevenateha

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Issue accessing internet
« on: February 16, 2018, 03:53:49 am »
Greetings everyone,

I am new to pfsense and trying to configure it. the problem I am facing is related DNS resolution. When I enter DNS manually for client system internet works but when removed it doesn't. I have enabled DHCP, still I cannot access internet.

Kindly help.

Regards
Steven

Offline KOM

  • Hero Member
  • *****
  • Posts: 5609
  • Karma: +688/-23
    • View Profile
Re: Issue accessing internet
« Reply #1 on: February 16, 2018, 08:11:43 am »
In your DHCP Server config, are you offering any DNS servers to your clients?

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 15193
  • Karma: +1414/-206
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Issue accessing internet
« Reply #2 on: February 16, 2018, 08:34:54 am »
Out of the box pfsense would resolve and its dhcp server would point to pfsense IP the dhcp server is running on for clients.

If dns resolving it not working, you would have to troubleshoot why.. Maybe your isp is intercepting dns which is breaking resolving, etc.  Under diagnostic menu of pfsense can it look up stuff like www.google.com or pfsense.org?

- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.4.2-RELEASE-p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)

Offline Stevenateha

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: Issue accessing internet
« Reply #3 on: February 16, 2018, 12:10:44 pm »
@KOM first i offered 8.8.8.8 n 8.8.4.4 as dns but didnt make any difference.

Offline Stevenateha

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: Issue accessing internet
« Reply #4 on: February 16, 2018, 12:13:07 pm »
@john
I hv tested using dns lookup. Results came ok.

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 15193
  • Karma: +1414/-206
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Issue accessing internet
« Reply #5 on: February 16, 2018, 01:37:57 pm »
Ok then from a client do a query.. simple nslookup or dig or host, etc..

> dig www.google.com

; <<>> DiG 9.11.2-P1 <<>> www.google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64214
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.google.com.                        IN      A

;; ANSWER SECTION:
www.google.com.         3600    IN      A       172.217.4.100

;; Query time: 62 msec
;; SERVER: 192.168.9.253#53(192.168.9.253)
;; WHEN: Fri Feb 16 13:37:05 Central Standard Time 2018
;; MSG SIZE  rcvd: 59

You can see that is client asking pfsense for www.google.com

Here is same thing with nslookup

> nslookup www.google.com
Server:  sg4860.local.lan
Address:  192.168.9.253

Non-authoritative answer:
Name:    www.google.com
Addresses:  2607:f8b0:4009:800::2004
          172.217.4.100
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.4.2-RELEASE-p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)

Offline Visseroth

  • Sr. Member
  • ****
  • Posts: 332
  • Karma: +7/-1
    • View Profile
Re: Issue accessing internet
« Reply #6 on: February 21, 2018, 12:40:54 am »
If you are on satellite they are notorious for hijacking DNS and blocking all other DNS traffic.

Make sure either DNS Forwarder or DNS resolver is enabled but NOT both. Most use DNS Resolver.

Make sure you've selected your network interfaces correctly and selected Localhost but not Localhost on the Outgoing Network Interfaces. Outgoing is for querying up stream DNS servers for Internet related stuff.

Go to System -> General Setup and at the bottom tick "Allow DNS server list to be overridden by DHCP/PPP on WAN" and test again and see if you get any traffic. Restart the machine to be sure all services fired correctly if you still don't get traffic.

If you still don't get traffic thing do something like...

ping 8.8.8.8

and

ping google.com

and see if one gets traffic. If no on both then you have another issue. Could be rule related. If yes on the IP but no on google.com then you have a DNS resolution issue.