"
OK, forum guidelines state to not start a new thread if a topic already exists. This sounds like my issue; I hope I'm not kidnapping the thread.....
Short story: after upgrade to 17.1.8, clients on the LAN side of the firewall cannot resolve address names. Pinging IP (v4) addresses, works fine (i.e. ping 8.8.8.8); pinging names does not (i.e. ping google.com)...."host unreachable". Pinging from firewall (both web GUI and physical console) works fine for both IP and name.
Longer story: Earlier this week I finally got around to upgrading in the 16-series. Had to pause while I replaced 3 e1000/emx NICs. Once I replace one of those, lost 2 unused OPT networks, and shuffled some connections around, I made sure stuff worked, then did the 17-series upgrade all the way to 17.1.8. I worked from the physical console, and all appeared (to a non-BSD-familiar fairly technical person) to go smoothly. It was shortly after this point that I discovered I was not able to browse anywhere on the internet.
We have narrowed the issue down to the firewall, as a computer attached directly to the cable modem works fine, and resolves addresses properly. Rebooting (cable modem, firewall, clients) has not helped. I have several times gone through the firewall GUI and checked/set/unset various DHCP/DNS settings, testing between updates, and nothing has changed [settings such as DNS forwarder, DNS Resolver]. Checking on a linux client "route -n" shows a good route and gateway, "ifconfig" shows the proper IP address, and "nmcli dev show | grep DNS" shows the DNS servers listed in the System -> Settings -> General -> DNS Servers.
Does anyone have any hints: "check this or that", or "make sure yadda-yadda is set this way"? Is there a known/suspected issue with this version? Is it possible to back-level the firewall software? And is there a known-better-version?
Is there any more information I can provide? I am linux-knowledgeable, but a total noob on BSD. I had to do quite a bit of research to figure out even IF I was affected by dropping the e1000 driver.
Thanks much.
Short story: after upgrade to 17.1.8, clients on the LAN side of the firewall cannot resolve address names. Pinging IP (v4) addresses, works fine (i.e. ping 8.8.8.8); pinging names does not (i.e. ping google.com)...."host unreachable". Pinging from firewall (both web GUI and physical console) works fine for both IP and name.
Longer story: Earlier this week I finally got around to upgrading in the 16-series. Had to pause while I replaced 3 e1000/emx NICs. Once I replace one of those, lost 2 unused OPT networks, and shuffled some connections around, I made sure stuff worked, then did the 17-series upgrade all the way to 17.1.8. I worked from the physical console, and all appeared (to a non-BSD-familiar fairly technical person) to go smoothly. It was shortly after this point that I discovered I was not able to browse anywhere on the internet.
We have narrowed the issue down to the firewall, as a computer attached directly to the cable modem works fine, and resolves addresses properly. Rebooting (cable modem, firewall, clients) has not helped. I have several times gone through the firewall GUI and checked/set/unset various DHCP/DNS settings, testing between updates, and nothing has changed [settings such as DNS forwarder, DNS Resolver]. Checking on a linux client "route -n" shows a good route and gateway, "ifconfig" shows the proper IP address, and "nmcli dev show | grep DNS" shows the DNS servers listed in the System -> Settings -> General -> DNS Servers.
Does anyone have any hints: "check this or that", or "make sure yadda-yadda is set this way"? Is there a known/suspected issue with this version? Is it possible to back-level the firewall software? And is there a known-better-version?
Is there any more information I can provide? I am linux-knowledgeable, but a total noob on BSD. I had to do quite a bit of research to figure out even IF I was affected by dropping the e1000 driver.
Thanks much.
