Anyone with pfSense w/FibreOP experience? - Page 2 - Canadian TV, Computing and Home Theatre Forums

killabytes · 2012-06-04, 07:21 PM

Sorry for the delay. Here are the latest screenshots with my pfsense box connect to the ONT and a valid IP.

https://picasaweb.google.com/KillaBy...eat=directlink

And yes, I have no route out to the Internet still

sgu222e · 2012-06-05, 07:43 PM

Since I'm still looking at this (pfsense is installed in Virtualbox... with working vlan tagging, but probably not the way I need it)
Have you looked at this thread? http://digitalhome.ca/forum/showthread.php?t=146044
File did a custom pfsense build that might work

killabytes · 2012-06-06, 12:05 PM

Thanks again for the help.

I did see his custom build. Only issue is the WatchGuard box is only 32-Bit. The old PC I'm using for testing is only 32-Bit as well. Kinda got my hands tied!

killabytes · 2012-06-07, 11:12 AM

Well I tried again:

I released my IP last night at 11PM.
Turned off the ONT and Router
Around 7AM I connected a freshly imaged pfSense 2.0.1 machine.
Got a valid IP
Gateway, offline. No route out.

I'm lost. I've done just about everything I could think of. I've ensure it's not the firewall rules, I opened them up fully. I've tried different machines, I added VLAN tags 33, 34 and 35. Nothing is making a difference.

I see file moved onto a different project, an Asus router, not really my cup of tea so to speak. I want to have my own dedicated hardware running what I want. I keep seeing people post here saying how they got it working. There must be something I'm missing!

EDIT: I'm adding some error logs. The one that stands out to me is this...

apinger: ALARM: WAN(156.34.188.1) *** down ***

Code:

Jun 7 10:00:23	dnsmasq[56708]: compile time options: IPv6 GNU-getopt no-DBus I18N DHCP TFTP
Jun 7 10:00:23	dnsmasq[56708]: reading /etc/resolv.conf
Jun 7 10:00:23	dnsmasq[56708]: using nameserver 8.8.8.8#53
Jun 7 10:00:23	dnsmasq[56708]: using nameserver 142.177.2.130#53
Jun 7 10:00:23	dnsmasq[56708]: using nameserver 142.166.145.137#53
Jun 7 10:00:23	dnsmasq[56708]: ignoring nameserver 127.0.0.1 - local interface
Jun 7 10:00:23	dnsmasq[56708]: ignoring nameserver 127.0.0.1 - local interface
Jun 7 10:00:23	dnsmasq[56708]: read /etc/hosts - 2 addresses
Jun 7 10:00:24	dhcpd: Internet Systems Consortium DHCP Server 4.2.3
Jun 7 10:00:24	dhcpd: Copyright 2004-2011 Internet Systems Consortium.
Jun 7 10:00:24	dhcpd: All rights reserved.
Jun 7 10:00:24	dhcpd: For info, please visit https://www.isc.org/software/dhcp/
Jun 7 10:00:24	check_reload_status: updating dyndns wan
Jun 7 10:00:26	apinger: Exiting on signal 15.
Jun 7 10:00:27	check_reload_status: Reloading filter
Jun 7 10:00:27	apinger: Starting Alarm Pinger, apinger(1927)
Jun 7 10:00:27	php: /interfaces.php: Creating rrd update script
Jun 7 10:00:37	apinger: ALARM: WAN(156.34.188.1) *** down ***
Jun 7 10:00:47	check_reload_status: Reloading filter
Jun 7 10:01:01	check_reload_status: Syncing firewall
Jun 7 10:01:03	check_reload_status: Reloading filter
Jun 7 10:01:22	check_reload_status: Syncing firewall
Jun 7 10:01:24	check_reload_status: Reloading filter
Jun 7 10:01:27	apinger: Error while feeding rrdtool: Broken pipe
Jun 7 10:01:48	check_reload_status: Syncing firewall
Jun 7 10:01:55	check_reload_status: Syncing firewall
Jun 7 10:01:56	check_reload_status: Reloading filter
Jun 7 10:02:27	apinger: /usr/local/bin/rrdtool respawning too fast, waiting 300s.
Jun 7 10:03:01	kernel: xl0: promiscuous mode enabled
Jun 7 10:03:01	kernel: xl0_vlan35: promiscuous mode enabled
Jun 7 10:03:02	apinger: alarm canceled: WAN(156.34.188.1) *** down ***
Jun 7 10:03:12	check_reload_status: Reloading filter
Jun 7 10:03:15	kernel: xl0: promiscuous mode disabled
Jun 7 10:03:15	kernel: xl0_vlan35: promiscuous mode disabled
Jun 7 10:03:24	apinger: ALARM: WAN(156.34.188.1) *** down ***
Jun 7 10:03:35	check_reload_status: Reloading filter
Jun 7 10:04:11	check_reload_status: Syncing firewall
Jun 7 10:04:12	check_reload_status: Reloading filter
Jun 7 10:07:09	check_reload_status: Syncing firewall
Jun 7 10:07:10	check_reload_status: Reloading filter
Jun 7 10:08:09	syslogd: exiting on signal 15
Jun 7 10:08:09	syslogd: kernel boot file is /boot/kernel/kernel
Jun 7 10:09:18	check_reload_status: Syncing firewall
Jun 7 10:09:19	check_reload_status: Reloading filter
Jun 7 10:09:35	syslogd: exiting on signal 15
Jun 7 10:09:35	syslogd: kernel boot file is /boot/kernel/kernel
Jun 7 10:10:06	check_reload_status: Syncing firewall
Jun 7 10:10:06	check_reload_status: Reloading filter
Jun 7 10:10:44	syslogd: exiting on signal 15
Jun 7 10:10:44	syslogd: kernel boot file is /boot/kernel/kernel

sgu222e · 2012-06-07, 06:21 PM

That should help a little... I'm also surprised to see this in the logs:

Quote:

Jun 7 10:03:01 kernel: xl0: promiscuous mode enabled
Jun 7 10:03:01 kernel: xl0_vlan35: promiscuous mode enabled

I should have some extra time this weekend to toss a 4 port 10/100 card into an old P4 and do some further testing.

killabytes · 2012-06-07, 06:29 PM

Thanks.

I'll take any help I can get.

pablito1755 · 2013-02-03, 01:55 PM

I just tried installing a fresh (unmodified) 2.0.2 pfSense box. As reported here, I too have managed to get an IP address from the ONT so everything "looks up", but I can't ping anything. I was wondering if it was a DNS issue.

I read in this thread: http://digitalhome.ca/forum/showpost...8&postcount=20 that file needed to tweak and rebuild pfsense for 2.0.1 so I was wondering what exactly needs to be changed. I certainly looks like the 'issue' (feature?) isn't resolved in 2.0.2 either.

Maybe I'll try Smoothwall next. Anyone give that a go... or one of the other firewall boxes?

Pab

gingerbreadman · 2013-02-05, 08:13 AM

Check out this thread:

http://digitalhome.ca/forum/showthre...=134496&page=6

I think maybe post #73

A couple of us are using pfSense...

pablito1755 · 2013-02-07, 11:58 AM

You were right GB. As soon as I un-spoofed my pfSense MAC address, it connected to the ONT (as before), but now I have routes out to the internet. Nice! So the moral of the story is that all you need to do is tag the WAN port with VLAN 35 and it just works!

Thanks!

file · 2013-02-07, 02:48 PM

Bell Aliant recently changed their DHCP server to be less ... stupid.

pablito1755 · 2013-02-09, 08:47 AM

Less stupid in what sense? They've gotten rid of a MAC address white list or something? I'm curious as to why spoofing a MAC address that they surely can't be blocking given it is their own kit would cause route blocking that way when on a non-Actiontek box. Interesting...

file · 2013-02-09, 09:51 AM

Effectively, yes. Why it did not work while spoofed unknown. May have wanted specific info in the request only present from the Actiontec initial request.

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

2012-06-04, 07:21 PM	#16
killabytes Rookie Join Date: Apr 2010 Location: Quispamsis, NB Posts: 14	Sorry for the delay. Here are the latest screenshots with my pfsense box connect to the ONT and a valid IP. https://picasaweb.google.com/KillaBy...eat=directlink And yes, I have no route out to the Internet still

2012-06-05, 07:43 PM	#17
sgu222e Join Date: Dec 2011 Location: 127.0.0.1 Posts: 124	Since I'm still looking at this (pfsense is installed in Virtualbox... with working vlan tagging, but probably not the way I need it) Have you looked at this thread? http://digitalhome.ca/forum/showthread.php?t=146044 File did a custom pfsense build that might work

2012-06-06, 12:05 PM	#18
killabytes Rookie Join Date: Apr 2010 Location: Quispamsis, NB Posts: 14	Thanks again for the help. I did see his custom build. Only issue is the WatchGuard box is only 32-Bit. The old PC I'm using for testing is only 32-Bit as well. Kinda got my hands tied!

2012-06-07, 06:29 PM	#21
killabytes Rookie Join Date: Apr 2010 Location: Quispamsis, NB Posts: 14	Thanks. I'll take any help I can get.

2013-02-03, 01:55 PM	#22
pablito1755 Join Date: Oct 2008 Location: Greater Moncton Posts: 30	I just tried installing a fresh (unmodified) 2.0.2 pfSense box. As reported here, I too have managed to get an IP address from the ONT so everything "looks up", but I can't ping anything. I was wondering if it was a DNS issue. I read in this thread: http://digitalhome.ca/forum/showpost...8&postcount=20 that file needed to tweak and rebuild pfsense for 2.0.1 so I was wondering what exactly needs to be changed. I certainly looks like the 'issue' (feature?) isn't resolved in 2.0.2 either. Maybe I'll try Smoothwall next. Anyone give that a go... or one of the other firewall boxes? Pab

2013-02-05, 08:13 AM	#23
gingerbreadman Rookie Join Date: Aug 2012 Posts: 14	Check out this thread: http://digitalhome.ca/forum/showthre...=134496&page=6 I think maybe post #73 A couple of us are using pfSense...

2013-02-07, 11:58 AM	#24
pablito1755 Join Date: Oct 2008 Location: Greater Moncton Posts: 30	You were right GB. As soon as I un-spoofed my pfSense MAC address, it connected to the ONT (as before), but now I have routes out to the internet. Nice! So the moral of the story is that all you need to do is tag the WAN port with VLAN 35 and it just works! Thanks!

2013-02-07, 02:48 PM	#25
file Join Date: Nov 2010 Location: Riverview, NB Posts: 761	Bell Aliant recently changed their DHCP server to be less ... stupid.

2013-02-09, 08:47 AM	#26
pablito1755 Join Date: Oct 2008 Location: Greater Moncton Posts: 30	Less stupid in what sense? They've gotten rid of a MAC address white list or something? I'm curious as to why spoofing a MAC address that they surely can't be blocking given it is their own kit would cause route blocking that way when on a non-Actiontek box. Interesting...

2013-02-09, 09:51 AM	#27
file Join Date: Nov 2010 Location: Riverview, NB Posts: 761	Effectively, yes. Why it did not work while spoofed unknown. May have wanted specific info in the request only present from the Actiontec initial request.