Text only | Text with Images

OPNsense Forum

English Forums => Tutorials and FAQs => Topic started by: tronix on August 24, 2019, 05:09:09 PM

Title: [solved] Help on my first setting - no internet
Post by: tronix on August 24, 2019, 05:09:09 PM
Hi all!
I ask you to help me in my first setting of OPNsense because I've been trying for two days without success. :'(

The network is very simple:

internet -- modem -- (79.41.107.165)firewall(192.168.1.1) -- (192.168.1.100)host

computer host 192.168.1.100 DHCP IP from OPNsense (192.168.1.1 gateway and DNS)

firewall OPNsense on NF692 Intel celeron J3455 with:
- WAN interface 79.41.107.165 DHCP IP from ISP
- LAN interface 192.168.1.1 static (network 192.168.1.0/24)

The LAN interface on firewall has:
-Block private networks unchecked
-Block bogon networks unchecked
-DHCPv4 service enabled
-unbound DNS service enabled
-DNSSEC support unchecked
-DNS Query forwarding enabled

The WAN interface on firewall has:
-Block private networks checked
-Block bogon networks checked

The rules are attached, all permitted in LAN and WAN interfaces

I can't connect to https://opnsense.org/ or other website from my browser

If I try ping from interfaces/diagnostics
Ping from default:
Code Select

# /sbin/ping -c '3' '8.8.8.8'
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 127.0.0.1: icmp_seq=0 ttl=64 time=0.153 ms
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.118 ms
64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.142 ms

--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.118/0.138/0.153/0.015 ms

Ping from LAN:
Code Select

# /sbin/ping -S '192.168.1.1' -c '3' '8.8.8.8'
PING 8.8.8.8 (8.8.8.8) from 192.168.1.1: 56 data bytes

--- 8.8.8.8 ping statistics ---
3 packets transmitted, 0 packets received, 100.0% packet loss

Ping from WAN:
Code Select

# /sbin/ping -S '79.41.107.165' -c '3' '8.8.8.8'
PING 8.8.8.8 (8.8.8.8) from 79.41.107.165: 56 data bytes
64 bytes from 127.0.0.1: icmp_seq=0 ttl=64 time=0.156 ms
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.129 ms
64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.121 ms

--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.121/0.135/0.156/0.015 ms

Ping to 8.8.8.8 from host LAN (192.168.1.100)
Code Select

l@l-schenker:~$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
^C
--- 8.8.8.8 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 70ms

Ping www.google.com from default, LAN, WAN, host in LAN:
Code Select
ping: cannot resolve www.google.com: Host name lookup failure

ping the host (192.168.1.100) from default, LAN, WAN is OK!

I'm sure i forgot something, but what? Can you help my?

thanks
Luca
Title: Re: Help on my first setting - no internet
Post by: phoenix on August 24, 2019, 05:48:13 PM
If you can ping by IP address and not by domain name it would indicate that you have a DNS problem, that's also indicated by this error you've posted:

Code Select
ping: cannot resolve www.google.com: Host name lookup failureDo you actually have a DNS server installed and/or specified on the LAN?
Title: Re: Help on my first setting - no internet
Post by: tronix on August 24, 2019, 09:31:13 PM
Quote from: phoenix on August 24, 2019, 05:48:13 PM
Do you actually have a DNS server installed and/or specified on the LAN?
Yes,
from host settings I read:

IP: 192.168.1.100
gateway: 192.168.1.1
DNS: 192.168.1.1

OPNsense is DHCP server and DNS server for LAN

On Services/Unbound DNS I read: "If Unbound is enabled, the DHCP service (if enabled) will automatically serve the LAN IP address as a DNS server to DHCP clients so they will use Unbound resolver. If forwarding is enabled, Unbound will use the DNS servers entered in System: General setup or those obtained via DHCP or PPP on WAN if the "Allow DNS server list to be overridden by DHCP/PPP on WAN" is checked."

Unbound DNS is enabled
DHCPv4 is enabled
Enable forwarding mode checked

Quote from: phoenix on August 24, 2019, 05:48:13 PM
If you can ping by IP address and not by domain name it would indicate that you have a DNS problem

I can ping by IP address only from WEBGUI of OPNsense to internet and on LAN from host to gateway

luca
Title: Re: Help on my first setting - no internet
Post by: tronix on August 26, 2019, 09:39:22 AM
If I stay on firewall and try to ping (Interfaces/Diagnostics/ping)

ping default and WAN to 8.8.8.8: 0% packet loss
ping LAN to 8.8.8.8: 100% packet loss

ping default, LAN and WAN to 192.168.1.100: 0% packet loss

Isn't this a strange behavior?

I expect the opposite behavior: ping WAN to host blocked and ping host to WAN allowed

Luca
Title: Re: Help on my first setting - no internet
Post by: tronix on August 29, 2019, 08:30:54 PM
I found the problem! ;D

I changed the modem. :-\
Now it isn't set in bridge mode, but I don't know if this is the the reason for the malfunction of opnsense.
I have to investigate.

Luca
Text only | Text with Images