Troubles setting up my PfSense Machine

Hello,

I am a new user to PFSense and would appreciate some help. I was able to get through the main install very quickly. I was able to setup a LAN and a WAN. I even got my Realtek 8125 2.5G Ethernet NIC installed through this process.

First I downloaded the driver via pkg manager in the shell

fetch -v https://pkg.opnsense.org/FreeBSD:13:amd64/snapshots/latest/All/realtek-re-kmod

Then I ran this command in the shell to install it.
pkg install -f -y realtek-re-kmod

Then I got it to load on start up by cd-ing in the shell to /boot/, installing nano and then opening and editing my loader.conf. There I added my two lines

if_re_load=“YES”

if_re_name=“/boot/modules/if_re.ko”

Then I also made a loader.conf.local file with those same lines. I was able to sucessfully install my NIC. This also takes a WAN connection.

I also have an Intel 4 port One Gigabit NIC that I have my LAN port on. I mapped my WAN port to the motherboard NIC.

However every time I try to add a second interface, whether it be LAN/VLAN, I can’t get internet connection through that LAN or VLAN.

Steps that I have tried to get internet connection.

Specifying Static IPv4 IP for each VLAN/LAN, port 24.
Then I turned on the DHCP server and specified ranges within the custom ranges.
Then I added the firewall rules to allow all outgoing connections from IPv4 and IPv6.

I am still only able to get internet connection on my main LAN port.

What more can I do to get this working? Which log files do I have to be on the lookout for?

Here is my computer specs if this matters.
HP ProDesk 600 G1
Intel Core i5 4590
16GB of DDR3 1600 RAM
60GB Kingston SSD NOW! 2.5 HDD
iGPU
x1 Realtek 2.5 Gigabit 4 Port RTL8125 NIC
x1 RTL8111H(S) 4 Port 1 Gigabit NIC

I also tried a Intel I340-T4 Fujitsu D2745-A11 GS 3 NIC but also the same problem. So I don’t think it’s an NIC issue.

I was also able to at times be able to ping Google.com, but never actually be able to connect to the internet. Maybe a DHCP error?

If you read this far, thanks for reading and I hope someone can help me out.

Tom has many videos on setting up PFSense - the setup still applies to the latest version of pfsense

Thanks for the links. It is because of Tom that I got this far in the first place. But I made this post because now, I’m stuck on another problem.

I was able to get internet by converting the VLAN to a LAN. However, whenever I want to switch ports, I was unable to get internet unless I restarted my Pf Sense system.

I suspect that I have to allow the DHCP server through the firewall?

As your are using vlans, on one of the networks ports on pfsense - have you configured the switch ports for vlans ?

Please explain your network setup in more details. A diagram would help

Screenshot_20240411_0933151256×948 63.1 KB

Here’s my network overlay.

I’ve skipped the VLANs (since I’m using headless switches to try and spread the network throughout the house). Do I need VLANs for my use case or no?

Virtual LANs (VLANs) | pfSense Documentation This here says VLANs can’t be used with unmanaged switches. Hence I went with the LAN.

I was able to get internet some of the time with each LAN by pinging 9.9.9.9 three times. In this config, there was a TP-Link TL-R600 VPN router in between the PF Sense Box and the ISP modem and I was able to get internet. However, if I added or removed a device, the device was unable to grab an IP from the DHCP server, so I had to restart my PF Sense box to get internet.

When I removed the TL-R600 VPN router from the network, I was unable to an IP through the WAN using DHCP. What do I have to do here? There was no IP for the WAN, hence I was unable to connect to the internet at all, but I was able to connect to the PF Sense box.

Do I need to call my ISP for a Mac Address?

Also does doing this Network Problem(there is no default ip , and can't able to assign permanent ip) | Netgate Forum

On System → Advanced → Admin tick the box to disable DNS Rebind check and Save.

It is preferred to access the pfSense web GUI from the LAN interface to reduce security risk.

I was able to get internet some of the time with the TP-Link TL-R600 VPN in the way. Is this safe?

Also I used this guide to set firewall rules as well.

https://docs.netgate.com/pfsense/en/latest/solutions/xg-7100/opt-lan.html#id9

My Firewall rules now are looking like this.

image1151×408 67 KB

Thanks for all your help so far though and I did watch the videos another time just to make sure that I didn’t do anything wrong.

So I looked in the logs of the DHCP server and found that sometimes it failed to give an IP to the client with the error DHCPSRV_LEASE_SANITY_FAIL. This would result in the PC unable to connect to the router and out to the internet.

Then I tried switching the DNS mode from resolver to forwarder ((Services → DNS Forwarder (Resolver needs to be off)) and the the clients were able to instantly connect.

Last thing I did before I got the internet working to all the clients was resetting my modem from the ISP and voila it worked as the PfSense box recieved a DHCP lease from both IPv4 and IPv6.

Is using the DNS forwarder safe? Is there a reason why PF Sense defaults to the resolver? The forwarder to me works more consistently because every time I plug in a new device, it receives a lease from the DHCP server?

If I read your firewall rules correctly, you are blocking dhcp to the firewall

You are allowing dns and ping traffic to the firewall.

How do I allow DHCP through the firewall? Services — DHCPv4 & DHCPv6 Relay | pfSense Documentation I didn’t see anything on the docs about it…

DHCP is setup per interface and not the firewall itself.

Yeah I turned it on for each interface. However, my client machines were unable to get their IP leases unless I changed the DNS from resolver to forwarding.

I think forwarding allows for each new device to gain a IP address each time it’s plugged in?