Press J to jump to the feed. Press question mark to learn the rest of the keyboard shortcuts
4

Help needed with pfSense and HughesNet Satlink

I'm trying to setup a pfSense firewall with HughesNet Satellite internet service. Later on, I intend to balance that connection with a 3G external antenna to improve internet speeds and data allowance (Sat is expensive) in a remote location. But thats not really the problem.

I cannot get pfSense to serve internet from the HughesNet HT1200 modem. I can ping every IP I attempt, with the usual 600ms round trip. But there is no way to make DNS work. I've tried many workarounds, including using the DNS provided by Hughes.

I believe there is something to do with the web acceleration feature in the modem, but I cannot disable that (I tried).

Basically, every time I cycle power to the modem, I get at most 5 minutes of good internet before DNS stops. Then I can only access sites with addresses cached by Safari. That is also affecting every other device on the network, including the firewall. I even tried to disable all packet filtering, to no avail.

Another interesting thing is that the modem doesn't even load the web accelerator configuration webpage after DNS stops working. And even when it does, unchecking the option that should disable it has no effect. Upon refreshing, it's still enabled, and there is no "save" button.

Can anyone shed some light? Without pfSense the internet is working, and pfSense is working with other connections.

8 comments
66% Upvoted
What are your thoughts? Log in or Sign uplog insign up
2 points · 2 days ago

Asking the stupid question here. Are you sure the satellite modem is a modem and not a router or gateway? If it is the later have you confirmed that PFSense is not using the same subnet (possibly 192.168.1.0) as the sat router?

Original Poster1 point · 2 days ago

Modem does give an IP address to pfSense, both ipv4 and ipv6. The IP is public 177.xxx.xxx.xxx, and pfSense uses a static 192.168.xxx.1 that is different from the modem access 192.168.0.1 and 192.168.1.1. pfSense is also receiving an ipv6, but LAN is ipv4 only.

So your client is pointing to the pfsense box for DNS?

What if you set the client to cut straight through to 8.8.8.8 and bypass the pfsense DNS? See if that works.

Otherwise you'd likely need to look at the configuration of the resolver (probably bind) in pfsense and see if it has timeout tolerances that need adjusting or something.

Original Poster1 point · 2 days ago

I tried, but sadly didn't work. I tried getting DNS from pfSense, from Hughes DNS and from Google.

Sr. Beard
1 point · 2 days ago

You're lacking a lot of information that would be helpful in diagnosing this, is this a home networking setup?

Info that would be useful:

  • Can you DNS hostnames directly from the pfsense box or have you only been trying from LAN clients?

  • What response are you getting back when trying to have pfsense resolve something using 8.8.8.8?

  • Have you tried a packet capture on the external interface to verify DNS requests are actually being sent properly and check what you received back?

  • Is the MTU on your pfsense external interface set correctly?

  • In those first few minutes where DNS works, is that to your ISP DNS servers or something like 8.8.8.8?

  • Examine the difference in packet captures between when DNS works and when it doesn't.

  • What happens if you SSH into the pfsense box and try using the dig command manually?

Original Poster1 point · 2 days ago

It's a small business setup. pfSense suffered the same as LAN clients, having DNS only for a brief moment.

No response using 8.8.8.8 as DNS after a few minutes.

Will try the packet capture.

MTU is set to default 1500.

It doesn't seem to matter whether is to ISP DNS or Google DNS.

Will do.

I read that dig doesn't work in FreeBSD anymore, will try drill instead.

Sr. Beard
1 point · 2 days ago

You could also take it a step further and get a free or cheap vps with bind on it, then point your queries to that. This way when it stops working you can do a packet capture on that dns server and see if your requests are even getting out.

CCNP
1 point · 12 hours ago

Try hooking the modem directly to a workstation. If the problem persists, it is with the service and they should help you trouble shoot.

I used to have hughesnet at my house and the latency does play hell with dns. I ended up running dnsmasq for dns caching locally, and pfSense as a KVM virtual appliance as my router.

Community Details

123k

Subscribers

667

Online

###Enterprise Networking Routers, switches and firewalls. Network blogs, news and network management articles. Cisco, Juniper, Brocade and more all welcome.

Create Post
r/networking Rules
1.
Rule #1: No Home Networking.
2.
Rule #2: No Certification Brain Dumps / Cheating.
3.
Rule #3: No BlogSpam / Traffic re-direction.
4.
Rule #4: No Low Quality Posts.
5.
Rule #5: No Early Career Advice.
6.
Rule #6: Educational Questions must show effort.
Cookies help us deliver our Services. By using our Services or clicking I agree, you agree to our use of cookies. Learn More.