No internet connection after upgrade

Started by greY, August 02, 2017, 10:01:28 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 02, 2017, 10:01:28 PM
Hi guys!
after upgrade from 17.1.11 to 17.7 no internet connection is possible.

-WAN interface is online and gets an IP over DHCP
-WAN DHCP gateway is also shown as online

But still no connection is possible (no ping, no dns lookup possible)

Do you have any ideas where to check for the issue?

Alex
August 02, 2017, 10:19:14 PM #1
Check for firewall rule denies in the logs. Are you trying from the firewall itself or an internal host?

Bart...
August 03, 2017, 07:42:12 AM #2
Do you use floating rules? Specifically, vital floating rules with gateway routes that are set to "quick" ?
August 03, 2017, 06:29:07 PM #3
Thanks for the tip, I had a related issue with a VLAN after the update, and removing the "quick" from the floating rules made it work again...after a few min.
August 03, 2017, 06:42:49 PM #4
There is a patch mentioned in the release notes:

o A regression in floating rules in 17.7 does not honour the non-quick setting[5]. Run "opnsense-patch f25d8b" from the command line to correct this problem.

It will be part of 17.7.1.


Cheers,
Franco
August 03, 2017, 07:32:32 PM #5 Last Edit: August 03, 2017, 07:35:47 PM by greY
Hi,

no, there are no floating rules defined.
WAN rules are: http://www.directupload.net/file/d/4803/ou9kk9em_png.htm
LAN rules are: http://www.directupload.net/file/d/4803/9b3r9z87_png.htm

This is how my WAN interface looks like: http://www.directupload.net/file/d/4803/zlm4792c_png.htm

The box itself has no internet connection too, I cannot apply those hotfix.

br, Alex

August 03, 2017, 07:38:48 PM #6 Last Edit: August 03, 2017, 07:46:06 PM by remd
Quote from: franco on August 03, 2017, 06:42:49 PM
There is a patch mentioned in the release notes:

o A regression in floating rules in 17.7 does not honour the non-quick setting[5]. Run "opnsense-patch f25d8b" from the command line to correct this problem.

It will be part of 17.7.1.


Cheers,
Franco
Thanks but the patch didnt seem to work for me, I still have the same problem afterwards, one particular pc in a vlan should be able to access the firewall, it can't if I check "quick" and its a hit and miss if I uncheck, seems like the rules are not always applied in order?
I'll look more into it tomorrow, didnt mean to hijack this thread so I'll open a new one if needed.
EDIT: I left the "quick" on in the block rule, now that I removed it, it seems to treat the rules in order. The "quick" option however still doesnt seem to work
August 03, 2017, 08:17:22 PM #7 Last Edit: August 03, 2017, 08:29:09 PM by greY
Is it possible to completely disable the firewall for testing?

*if I try to ping any host from the internet via local console, I get "No route to host"
Are there maybe some standard routes missing?
Print
Go Up Pages1
User actions