Return to Level1Techs.com

Hit a wall trying to set up pfSense router

#1

I built myself a little pfSense box, and I’ve been following along with the guides, videos and the official manual, but I hit a spot where I’m stuck.

Since I can’t really screen shot anything and put it here, I’ve linked to the appropriate time in this video about where I am in the process, so you know where I’m stuck.

The problem I’m having is I can’t get an address to show up for my LAN. I have an address for the WAN and it’ll show up as 10.0.0.13/37, but the lan slots all stay blank.

Now I’ve tried a couple things here. I swapped in different NICs, which didn’t make a difference. I’ve tried connecting the LAN to by network switch, and directly to my laptop, neither came up with an address. I can get it to say the LAN is up, the light is on and green and all that, but I just can’t get an address.

I did try putting in a manual address, I think I tried 192.168.2.1/24, but that didn’t help. I can’t connect to the WebGUI, can’t get on the internet with it. I’m just stuck at this point and I don’t know what to try next.

0 Likes

#2

Wait; I’m not sure I understand the comment that, “the LAN slots all stay blank.” Are you saying that the LAN address is blank, when viewed in the console, or are you saying that when you connect to the LAN port, your laptop is not receiving a network address via DHCP?

0 Likes

#3

The LAN address is blank when viewed in the pfsense console. I don’t really know how to check on the other end (laptop side) if it’s receiving an address, I just kinda expect to be able to connect to the internet, like with a regular router, but this kind of stuff is always over my head, so when I follow along with step by step tutorials (which is about the only way I can learn anything) and something doesn’t go right, I end up stuck.

0 Likes

#4

My recollection is that once you identify which is the WAN port and which is the LAN port, pfSense automatically configures the LAN NIC as 192.168.1.1 /24. This obviously can be changed in the console to 192.168.2.1, or anything else that you like. Are you remembering to tell pfSense what the network mask should be, when you attempt to configure the LAN address?

IIRC, the DHCP server should automatically be enabled for the LAN NIC, but you must manually enable it for any additional NIC/subnet that you may wish to configure.

0 Likes

#5

Right, it’s not automatically configuring the LAN address at all. I got the WAN address to work and identified. So I tried to set it manually because I saw that recommended somewhere, I have no desire to do it manually if I don’t have to.

0 Likes

#6

When I select Option 1, Configure Interfaces, I don’t really want to configure any VLANs in the console (IMHO, that is easier to accomplish in the GUI), so I am next prompted to identify the WAN port. I can do that a couple of different ways. I can plug a live Internet connection (from my modem) into the preferred NIC port, or I can select the name which pfSense has assigned that NIC port, such as em0, em1, igb0, or igb1, for instance (for popular Intel NICs). Once that is accomplished, pfSense wants to know if this port should receive an address via DHCP (from your ISP), or if it should be manually configured. It sounds like you have successfully gotten this far.

Next, we walk through that same identical process for the LAN port/NIC, (followed by any additional OPT ports/NICS). On the initial install, I’m pretty sure that, once identified, pfSense will configure the LAN port as 192.168.1.1 with a mask of /24. But since that ship has sailed, you may very well need to manually configure an address for this port. It can be anything you like, within the private address space, so if you like 192.168.2.1, which is typically configured with a /24 network mask, that should work just fine.

So, walk me through the process as you experience it, after you select Option 1, Configure Interfaces and perhaps we can identify where you are getting off track.

0 Likes

#7

Okay

When I select option 1 to configure interfaces, if I attempt to auto-detect, it never works. it always says something like “not found” or something, I don’t remember the exact wording. So I configure it manually, which is easy enough. I plugged the cable from my modem into the NIC in the mobo, which is em0, so I configure that port as my WAN

Then I have a 4 port Intel NIC in a PCIe slot, igb0 thru 3. Again if I try to plug an ethernet cable from either my laptop, or my network switch, when I try to auto-detect, I get the same failure thing. It can’t do it. So again I manually configure which port is my main LAN, with the three optionals.

So since it won’t automatically configure an IP address (the area in the console where you would see the IP address remains blank after manual configuration) I tried doing it manually.

I selected option 2 to set the interface IP address, and I chose the address 192.168.2.1/24 and after I did that, the line shows it, it says it’s configured.

However, when I try then to access the router through a browser, the browser can’t connect. Since I’m not entirely sure which address to use, I’ve tried both the WAN and the LAN addresses, but I can’t connect to the router.

0 Likes

#8

OK, so the desired configuration is:
em0 is WAN,
igb0 is LAN
and igb1 through igb3 are OPT ports.

Yeah, you won’t be able to connect to the WAN address, due to the default firewall rules.

So, if you manually configure the NIC in your laptop to something like 192.168.2.100 /24, can you access the pfSense GUI via the LAN port?

0 Likes

#9

I don’t know how to do that, is that something you have to do in BIOS, or can it be done in Windows?

0 Likes

#10

Nope, you can do that in Windows. Are you on W10?

0 Likes

#11

Wait a second, I just tried again on my laptop and I got a log in screen. Now I just have to remember my creds…I build this box months ago, but never tried to set it up…

1 Like

#12

Progress!!!

Default:
User = admin
PW = pfsense

1 Like

#13

Wait, nope…this is not the pfsense router, it’s trying to log into my wifi router. So I must be using the same address as the existing wifi router.

What other addresses should I try, I don’t fully understand which numbers to change around.

0 Likes

#14

Popular home addresses begin with 192.168.
For the third octet you can choose 1 through 255.
The last octet is typically 1, by convention.

So, choose something easily remembered, like 192.168.68.1, or 192.168.10.1, or whatever grabs you. Append a /24 mask to it and Bob’s your uncle!

0 Likes

#15

Do I want to enable DHCP server on LAN (y/n)

0 Likes

#16

y - unless you plan to set up IPv4’s on every device in your network manually

0 Likes

#17

Yes

It will also ask the address range, which should be handed out via DHCP to your devices. You need to plan out a strategy here, but to get you started I would suggest:

Hand out addresses 192.168.10.100 through 192.168.10.254 via DHCP.
This reserves addresses 192.168.10.2 through 192.168.10.99 for your infrastructure (networked printers, file servers, etc.) where you won’t want the addresses to change.

1 Like

#18

EUREKA!

I’ve got the pfsense login page.

Thanks so much, now I’ll get back to my video and see what comes next.

2 Likes

#19

So, I don’t know your plans for your OPT ports, but those must be manually configured and the DHCP server manually configured and enabled for each OPT interface.

Another thing. pfSense will automatically configure firewall rules for the LAN port. It will not configure any firewall rules for the OPT interfaces. Until you add firewall rules, you will not be able to access the Internet (or anything else) from the OPT ports. This assumes that you use the OPT ports for subnets. You could optionally choose to bridge these ports to the LAN interface. pfSense provides lots of flexibility.

0 Likes

#20

Once I get that far, what I’d like to do is have on LAN set up with the VPN for internet traffic, cellphones over wifi and whatnot, then another one that’s not going through the VPN for streaming television on another wifi network. So I’d like to essentially have VPN wifi/network, and nonVPN wifi/network running through separate switches/WAPs

0 Likes