Configure Comcast static IP on WAN

AccidentalIT · Dec 30, 2021, 1:35 AM

Our Comcast Business static IP and the pfSense WAN do not like each other. When we use DHCP, comcast assigns us an IP which connects to the internet. When I try configuring it to the static address, our internet connection fails. Here's what I'm doing.

Desired static IP: 50.a.b.49
Gateway: 50.a.b.50
Subnet mask: 255.255.255.252

In pfSense I go to Interfaces -> WAN and make these changes:

IPv4 Configuration Type: Static IPv4.
IPv6 Configuration Type: Leave it DHCP6
IPv4 Address: 50.a.b.49 /30
Click Add New Gateway
Gateway IPv4: 50.a.b.50

I don't change anything else. I save the change and reboot pfSense device. When it finishes, I cannot connect to the internet.

What am I doing wrong?

serbus · Jan 7, 2022, 3:54 AM

@accidentalit

Maybe related to https://redmine.pfsense.org/issues/12632
?

John

stephenw10 · Dec 30, 2021, 9:44 PM

It could be that although the ticket suggest setting via the gui works OK.

Why are you trying to set it statically to the same IP the DHCP server is giving you though?
Are you sure it's not a static lease and needs to be assigned via DHCP in order to route traffic to you?

Steve

AccidentalIT · Dec 30, 2021, 10:38 PM

@stephenw10
The DHCP IP that Comcast assigns us is different, 73.c.d.51.

stephenw10 · Dec 31, 2021, 12:33 AM

Ah OK, and they have instructed you to just set it? It's not an IP they route to you via the DHCP IP?

If so set it again then run ifconfig against the WAN interface from the command line to check it's actually set correctly. Then check Diag > Routes to be sure it's using the new gateway correctly.

If those things are in place though it can only be that Comcast is not routing the traffic to you.

Steve

steve1515 · Jan 7, 2022, 4:37 AM

@accidentalit

I also have a Comcast static IP, so I'm guessing the setup is similar to mine.

The things that come to mind are...

For IPv6 Type, I have "None". You might want to set that for now, just to get IPv4 working.
After your gateway is created, go back to the Interfaces -> WAN page and make sure that the new gateway is actually set in the "IPv4 Upgrade Gateway" option in the Static IPv4 Configuration setction.
How are you testing if you have Internet access? Are you using a web browser on a PC? Do you have DNS setup correctly? You can verify internet access from the pfSense box by going to Diagnostics -> Ping and trying to ping 1.1.1.1 (Don't ping a hostname, use an IP address, just to validate it's working without relying on DNS.)

AccidentalIT · Jan 7, 2022, 3:54 AM

@serbus I have the latest prod release Netgate pfSense Plus 21.05.2-RELEASE (arm64). How does that relate to pfSense 2.5.2 mentioned in the article?

JonathanLee · Jan 7, 2022, 4:33 AM

@accidentalit can you connect with a rj45 cable directly to the Comcast router with a laptop that is set to dhcp and run ipconfig in dos/Windows or ifconfig if you use Unix/Linux. Just to see if it can issue ip addresses to devices in ipv6 or ipv4 if you get 169 it's not handing out IP addresses. Is this modem a all in one? What model Comcast modem are you using?

AccidentalIT · Jan 7, 2022, 4:37 AM

@steve1515

I've set IPv6 to None. On the LAN side I've also turned off IPv4 and IPv6 DHCP server. Our domain controller handles DHCP.
If I try saving the new gateway in System > Routing > Gateways before trying to switch the WAN IP to static, I get an error that the gateway address 50.199.13.50 does not lie within one of the chosen interface's subnets.
I'm testing from a client trying to browse to google and pinging 8.8.8.8.

This morning, after doing the above, tried changing the WAN to static, creating the gateway during the creation. When it was saved, I could not reach the internet from a browser or using ping on a client. I did not try doing the ping from within pfSense. Interestingly enough, Windows 10 network icon claimed that I did have internet access, but nothing that I did could reach the internet, google.com or 8.8.4.4. Windows on several of our computers claimed it had internet access, but nothing worked.

Now if Comcast has assigned us these static IP's:

Static IP Range: 50.199.13.49 - 50.199.13.49
CIDR Block Number: 50.199.13.48/30
Gateway IP Address: 50.199.13.50
Subnet Mask IP Address: 255.255.255.252

Should I be able to ping any of them when I still have not gotten the static IP assigned to my WAN port? None of them ping for me. Could this be related to my problem?

Can anyone recommend a pfSense guru in the south Seattle area that we could hire to get this thing working? For this project I'm merely a volunteer that only marginally knows what I'm doing.

I apologize My day job is Friday thru Tuesday and doesn't leave me a lot of time to have fun with computers.

JonathanLee · Jan 7, 2022, 5:52 AM

@accidentalit hello don't get discouraged, you should try some YouTube videos on doing configuration on this. Netgate also has a support number. I love my Netgate I just got the URL blacklist running today amazing technology.

Network address translation NAT might be what you need to research more on. Lan side should be handing out private IP addresses with DHCP however they need to be NATed over to the public IP (Comcast IP) so they can communicate.

Side note, This link below is one of my favorite guides for the proxy side. There is another one for Squidguard.

It-monkey. Configure pfSense as HTTPS \ SSL Proxy filter using Squid and SquidGuard! (n.d.). Retrieved January 7, 2022, from https://forum.it-monkey.net/index.php?topic=23.0

Tech glossary. Computer Dictionary of Information Technology. (n.d.). Retrieved January 7, 2022, from https://www.computer-dictionary-online.org/glossary.html

Tech glossary might help you I don't know your experience level, if you want to understand some terms better. pfSense has everything in it a glossary is handy sometimes. It's like any profession it has it's own language at times.

steve1515 · Jan 7, 2022, 1:48 PM

@accidentalit

In my case, I am able to ping my modem (the 50.199.13.50 address in your case). I did have to log into my modems web page and disable all the firewalls check the options for "true static IP". It's basically puts the modem in as close to bridge mode as Comcast will allow for a static IP configuration. It might help if you post some screen shots of the modem setup and also the pfSense WAN and Gateway setup pages. (You can blur out the first 3 octets if you don't want to show the real IP's.)

stephenw10 · Jan 7, 2022, 3:31 PM

@accidentalit said in Configure Comcast static IP on WAN:

Static IP Range: 50.199.13.49 - 50.199.13.49
CIDR Block Number: 50.199.13.48/30
Gateway IP Address: 50.199.13.50
Subnet Mask IP Address: 255.255.255.252

If they have assigned you those IPs you should just be able to enter them in pfSense and it will work. There's nothing else you can do in pfSense to make that work.
If it's not working it's with the Comcast modem that isn't configured to use it or Comcast is not routing that subnet to you.

It sounds like your connection is configured for a dynamic IP and hasn't been reconfigured as static yet.

Steve