[Solved] Can't connect to Internet


xman111

Recommended Posts

here is pfsense to Unraid.   then log into unraid and ping back to pfsense? or my desktop?  just logged into unraid and it can ping pfsense and also my desktop computer. 

 

So basically the problem is I cannot log into the web gui on the same subnet and unraid doesn't get internet unless i enter that route manually AFTER it is booted.

 

 

pfsense to unraid.jpg

Edited by xman111
Link to comment
  • Replies 78
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Posted Images

Right sorry about that.

from your desktop

please ping the unraid server

also run traceroute (tracert) to the unraid server

tracert 192.168.10.100
tracert 8.8.8.8

as well as show the routing table

route print

Same with the laptop

 

I'm curious as to what route does the desktop take to connect to unraid that's different from the laptop.

usually you get this (from unRAID),

root@Tower:~# traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
 1  router.lan (192.168.71.1)  0.462 ms  0.405 ms  0.443 ms
 2  112.205.224.1.pldt.net (112.205.224.1)  3.293 ms  2.894 ms  3.014 ms
 ...
 22  google-public-dns-a.google.com (8.8.8.8)  28.890 ms  28.639 ms  28.307 ms
root@Tower:~# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         router.lan      0.0.0.0         UG    0      0        0 br0
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
192.168.71.0    0.0.0.0         255.255.255.0   U     0      0        0 br0

this simply shows that unRAID is supposed to talk to the subnet directly using the br0 interface, and everything else via the gateway.

This is how routes are typically setup.

A device with connectivity to some site-site VPNs (I don't give the entire network access to the VPN, but make the clients use a different interface/IP) has

# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         192.168.2.1     0.0.0.0         UG    0      0        0 br0
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
192.168.2.0     0.0.0.0         255.255.255.0   U     0      0        0 br0
192.168.3.0     192.168.2.4     255.255.255.0   UG    0      0        0 br0
192.168.5.0     192.168.2.81    255.255.255.128 UG    0      0        0 br0
192.168.5.128   192.168.2.4     255.255.255.128 UG    0      0        0 br0
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0

 

Link to comment

it looks like as soon as i put that route into unraid, it lets unraid resolve www.google.com but then i seem to lose connectivity from the desktop to unraid but can still reach unraid from my laptop.  Unraid can always get a ping back from 8.8.8.8 but can't resolve names unless i put that route in.

 

edit... that isn't true, i rebooted unraid and desktop can still not connect.. 

Edited by xman111
Link to comment

First. There is no need to add the route statement, if your network is properly set up.

Looking at your picture it seems networks 192.168.10.x (LAN) and 192.168.20.x (WLAN) are grouped together. I would separate these two and place the WLAN network in VLAN 20.

Since your server and desktop are connected to the same Cisco switch, and are in the same network (192.168.10.x) they can talk directly to each other without involvement of the other switch and pfsense router. If this isn't possible you need to check the configuration of the switch SG300-10.

 

Does your desktop learn the MAC address of the server?

arp -a

Interface: 10.0.101.11 --- 0x9
  Internet Address      Physical Address      Type
  10.0.101.1            f0-9f-c2-05-9f-cd     dynamic
  10.0.101.5            0c-c4-7a-98-b6-50     dynamic

.1  = my gateway

.5 = my server

.11 = my desktop

 

Remark 1: A wireless device will talk to the server by passing the pfsense firewall/router, because they are in different networks.

Remark 2: Make sure the LAN ports on the SG300-10 are NOT configured as private (this forces all traffic to pass the pfsense firewall/router)

Edited by bonienl
Link to comment

hey man, thanks for responding..  my lan is separate from my wlan, wlan is in VLAN 20.  Basically I have an single ethernet cable connected directly to PFsense that brings all the networks up to my SG300-10 in my bedroom.  I have both the server and my desktop connected to that switch (just for testing).   Normally the server is in a different room and connected directly to my main SG300-28 switch.   Here is the arp command from the laptop.  Botom one is from desktop.

 

 

arp from laptop.png

arp from desktop.png

Edited by xman111
Link to comment

Cisco switches support a feature called "private" lan, this isolates LAN ports from each other and forces devices to talk to the router.

If this is used in your case, it should be switched off (i.e. make it a standard LAN port).

 

Can you do arp on your server too.

root@vesta:~# arp -n
Address                  HWtype  HWaddress           Flags Mask            Iface
10.0.101.11              ether   d0:50:99:28:7c:91   C                     br0
10.0.101.1               ether   f0:9f:c2:05:9f:cd   C                     br0

 

Link to comment

The arp table of your server suggests that there is another device with IP address 192.168.10.100.

Perhaps there is an IP address conflict (double assignment)?

 

What is the output of

root@vesta:~# ifconfig br0
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 9198
        inet 10.0.101.5  netmask 255.255.255.0  broadcast 0.0.0.0
        inet6 2a02:a448:32d5:101:52ff:4ea6:76ba:dac9  prefixlen 64  scopeid 0x0<global>
        inet6 fe80::4cce:d8ff:fe69:acfd  prefixlen 64  scopeid 0x20<link>
        ether 0c:c4:7a:98:b6:50  txqueuelen 1000  (Ethernet)
        RX packets 260167  bytes 128075781 (122.1 MiB)
        RX errors 0  dropped 13  overruns 0  frame 0
        TX packets 726261  bytes 32349883269 (30.1 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

 

Edited by bonienl
Link to comment

i just checked pfsense and saw server 2, was I think the same computer but the other network card in it.  When i thought i might have a flakey intel network card.   I removed it and rebooted pfsense, still not connecting.. maybe reboot unraid?

Edited by xman111
Link to comment

If you don't mind. Reboot your server and show its routing table.

root@vesta:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.0.101.1      0.0.0.0         UG    0      0        0 br0
10.0.101.0      0.0.0.0         255.255.255.0   U     0      0        0 br0
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0

The first two entries with default route (0.0.0.0) and local subnet (192.168.10.0 in your case) pointing to default should be there.

Link to comment
  • xman111 changed the title to [Solved] Can't connect to Internet

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.