OPNsense Forum

English Forums => Tutorials and FAQs => Topic started by: tronix on August 24, 2019, 05:09:09 pm

Title: [solved] Help on my first setting - no internet
Post by: tronix on August 24, 2019, 05:09:09 pm

Hi all!
I ask you to help me in my first setting of OPNsense because I've been trying for two days without success. :'(

The network is very simple:

internet -- modem -- (79.41.107.165)firewall(192.168.1.1) -- (192.168.1.100)host

computer host 192.168.1.100 DHCP IP from OPNsense (192.168.1.1 gateway and DNS)

firewall OPNsense on NF692 Intel celeron J3455 with:
 - WAN interface 79.41.107.165 DHCP IP from ISP
 - LAN interface 192.168.1.1 static (network 192.168.1.0/24)

The LAN interface on firewall has:
-Block private networks unchecked
-Block bogon networks unchecked
-DHCPv4 service enabled
-unbound DNS service enabled
-DNSSEC support unchecked
-DNS Query forwarding enabled

The WAN interface on firewall has:
-Block private networks checked
-Block bogon networks checked

The rules are attached, all permitted in LAN and WAN interfaces

I can't connect to https://opnsense.org/ or other website from my browser

If I try ping from interfaces/diagnostics
Ping from default:

Code: [Select]

# /sbin/ping -c '3' '8.8.8.8'
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 127.0.0.1: icmp_seq=0 ttl=64 time=0.153 ms
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.118 ms
64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.142 ms

--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.118/0.138/0.153/0.015 ms
Ping from LAN:

Code: [Select]

# /sbin/ping -S '192.168.1.1' -c '3' '8.8.8.8'
PING 8.8.8.8 (8.8.8.8) from 192.168.1.1: 56 data bytes

--- 8.8.8.8 ping statistics ---
3 packets transmitted, 0 packets received, 100.0% packet loss
Ping from WAN:

Code: [Select]

# /sbin/ping -S '79.41.107.165' -c '3' '8.8.8.8'
PING 8.8.8.8 (8.8.8.8) from 79.41.107.165: 56 data bytes
64 bytes from 127.0.0.1: icmp_seq=0 ttl=64 time=0.156 ms
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.129 ms
64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.121 ms

--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.121/0.135/0.156/0.015 ms
Ping to 8.8.8.8 from host LAN (192.168.1.100)

Code: [Select]

l@l-schenker:~$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
^C
--- 8.8.8.8 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 70ms
Ping www.google.com from default, LAN, WAN, host in LAN:

Code: [Select]

ping: cannot resolve www.google.com: Host name lookup failure
ping the host (192.168.1.100) from default, LAN, WAN is OK!

I'm sure i forgot something, but what? Can you help my?

thanks
Luca

Title: Re: Help on my first setting - no internet
Post by: phoenix on August 24, 2019, 05:48:13 pm

If you can ping by IP address and not by domain name it would indicate that you have a DNS problem, that's also indicated by this error you've posted:

Code: [Select]

ping: cannot resolve www.google.com: Host name lookup failureDo you actually have a DNS server installed and/or specified on the LAN?

Title: Re: Help on my first setting - no internet
Post by: tronix on August 24, 2019, 09:31:13 pm

Quote from: phoenix on August 24, 2019, 05:48:13 pm

Do you actually have a DNS server installed and/or specified on the LAN?

Yes,
from host settings I read:

IP: 192.168.1.100
gateway: 192.168.1.1
DNS: 192.168.1.1

OPNsense is DHCP server and DNS server for LAN

On Services/Unbound DNS I read: "If Unbound is enabled, the DHCP service (if enabled) will automatically serve the LAN IP address as a DNS server to DHCP clients so they will use Unbound resolver. If forwarding is enabled, Unbound will use the DNS servers entered in System: General setup or those obtained via DHCP or PPP on WAN if the "Allow DNS server list to be overridden by DHCP/PPP on WAN" is checked."

Unbound DNS is enabled
DHCPv4 is enabled
Enable forwarding mode checked

Quote from: phoenix on August 24, 2019, 05:48:13 pm

If you can ping by IP address and not by domain name it would indicate that you have a DNS problem

I can ping by IP address only from WEBGUI of OPNsense to internet and on LAN from host to gateway

luca

Title: Re: Help on my first setting - no internet
Post by: tronix on August 26, 2019, 09:39:22 am

If I stay on firewall and try to ping (Interfaces/Diagnostics/ping)

ping default and WAN to 8.8.8.8: 0% packet loss
ping LAN to 8.8.8.8: 100% packet loss

ping default, LAN and WAN to 192.168.1.100: 0% packet loss

Isn't this a strange behavior?

I expect the opposite behavior: ping WAN to host blocked and ping host to WAN allowed

Luca

Title: Re: Help on my first setting - no internet
Post by: tronix on August 29, 2019, 08:30:54 pm

I found the problem! ;D

I changed the modem. :-\
Now it isn't set in bridge mode, but I don't know if this is the the reason for the malfunction of opnsense.
I have to investigate.

Luca