OPNsense Forum

Archive => 18.7 Legacy Series => Topic started by: tre4bax on September 15, 2018, 06:08:05 pm

Title: DNS packets are the only ones that seem to do anything
Post by: tre4bax on September 15, 2018, 06:08:05 pm

Having fought OpnSense for a bit I now seem to have achieved a connection to the internet.

My only issue right now is that only DNS queries seem to travel it!  Looking at the status page in routes I am struggling to understand what is there as it talks about Link#3 and Link#9 with no reference to what those are.  However as I can make NSlookup queries against 1.0.0.1 I am assuming that routing is actually working.

This means that something else is stopping me getting information too and from the internet.  I thought the basic setup of OpnSense would get things basically working.  Seems something might be missing though and again I need pointing in the right direction.

I have IPv4 "Any" rules defined by default in the LAN firewall rules as part of the setup and I thought that this would be all I needed firewall wise.  There are now Floating or Wan rules.  Similarly NAT is set to Autogenerate only so again I thought I would be okay.  Essentially I have done a factory reset, configured the local LAN on 192.168.0.x/24 and the WAN as PPPoE with my broadband password and that is it.  I have verified that all else is disabled so there should be nothing else interfering right now. I have disabled the resolver on UnBound and pointed my client directly at 1.0.0.1 to avoid local DNS issues as a challenge.

What am I missing?  I know someone is going to say something that makes me feel like a complete idiot.  Right now though I just cannot figure it out.

Title: Re: DNS packets are the only ones that seem to do anything
Post by: ab5g on September 17, 2018, 05:12:25 pm

Starting with some questions

1. I assume you terminate the link. directly on the opnsense box
2. Do you get an ip on the WAN ?  Dashboard >> Interfaces widget
3. In the status page, do you have a default route ? It should say default >> gateway ISP IP addr >> MTU >> Interface name etc.
4. Have you installed this in a vm or a physical box ? What is the NIC make ?
5. IF you dont get an IP on the WAN do you need to let you ISP know your MAC?
6. What does Interfaces>> Overview say? Can you post some screenshots

Title: Re: DNS packets are the only ones that seem to do anything
Post by: tre4bax on September 17, 2018, 09:37:24 pm

Hi ab5g

It goes Vodafone -> Dg612 (unlocked) -> OpnSense box.

I reset both to factory then configured the LAN to one port and the WAN to a pppoe connection.

These things are nigh on impossible to debug as the family want to be using the internet all the time!  Currently I have to plug it all in and out when I get up for work at 530 in the morning ;-)

Both interfaces work fine and the broadband connects when it is plugged in and shows as down when it is not so all is okay.  I can NSlookup from the OpnSense device or any PC on the LAN and it works fine.  Nothing else does though.  I can tracert to the dns servers from the OpnSense box but only those and nowhere else.

When I look at routes table:

Proto   Destination   Gateway   Flags   Use   MTU   Netif   Netif (name)
ipv4   1.0.0.1   212.158.250.36   UGHS   32   1492   pppoe0   wan
ipv4   8.8.8.8   212.158.250.36   UGHS   0   1492   pppoe0   wan
ipv4   90.255.226.54   link#9   UHS   0   16384   lo0   
ipv4   127.0.0.1   link#6   UH   0   16384   lo0   
ipv4   192.168.0.0/24   link#3   U   1214   1500   em2   lan
ipv4   192.168.0.1   link#3   UHS   0   16384   lo0   
ipv4   212.158.250.36   link#9   UH   32   1492   pppoe0   wan
ipv6   ::1   link#6   UH   0   16384   lo0   
ipv6   fe80::%em2/64   link#3   U   0   1500   em2   lan
ipv6   fe80::ee8:5cff:fe68:bac2%em2   link#3   UHS   0   16384   lo0   
ipv6   fe80::%em3/64   link#4   U   0   1500   em3   
ipv6   fe80::ee8:5cff:fe68:bac3%em3   link#4   UHS   0   16384   lo0   
ipv6   fe80::%lo0/64   link#6   U   0   16384   lo0   
ipv6   fe80::1%lo0   link#6   UHS   0   16384   lo0   
ipv6   fe80::%pppoe0/64   link#9   U   0   1492   pppoe0   wan
ipv6   fe80::ee8:5cff:fe68:bac0%pppoe0   link#9   UHS   0   16384   lo0   

I have no default route.  I DO have the destinations for the DNS servers in going to the gateway 212.  Both have pppoe() as their route and they work.  212 is the providers network and where I would expect packets to go.  What I don't get is why there is no default route being setup.  Interfaces overview is fine two both interfaces are up.

Title: Re: DNS packets are the only ones that seem to do anything
Post by: tre4bax on September 17, 2018, 09:55:11 pm

This shows the current Routes -> Status better.

Title: Re: DNS packets are the only ones that seem to do anything
Post by: marjohn56 on September 17, 2018, 09:57:49 pm

Have a look at your system.log, it's in /var/log


Look for ROUTING: IPv4 entries


You should see something like this:



Sep 14 09:41:18 gateway opnsense: /usr/local/etc/rc.newwanip: ROUTING: entering configure using 'wan'
Sep 14 09:41:18 gateway opnsense: /usr/local/etc/rc.newwanip: ROUTING: IPv4 default gateway set to wan
Sep 14 09:41:18 gateway opnsense: /usr/local/etc/rc.newwanip: ROUTING: IPv6 default gateway set to wan
Sep 14 09:41:18 gateway opnsense: /usr/local/etc/rc.newwanip: ROUTING: setting IPv4 default route to 51.148.*.*
Sep 14 09:41:18 gateway opnsense: /usr/local/etc/rc.newwanip: ROUTING: keeping current default gateway '51.148.*.*

Title: Re: DNS packets are the only ones that seem to do anything
Post by: marjohn56 on September 17, 2018, 09:58:30 pm

Where is this 1.0.0.1 coming from?


OK.. DNS server?

Title: Re: DNS packets are the only ones that seem to do anything
Post by: tre4bax on September 18, 2018, 09:07:59 am

yeah.  1.0.0.1 is the DNS server.  I used 8.8.8.8 to just diversify in case it was the DNS service causing the issues, the second would normally be 1.1.1.1