Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Virtual Bridge ??

    Scheduled Pinned Locked Moved NAT
    5 Posts 2 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      Burger
      last edited by

      Hello

      We use Comcast as our ISP. We have 5 WAN Static IPs provided by Comcast. Comcast has our modem in what they call a virtual bridge mode. internally, this side of the modem, pfSense is assigned an IP via DHCP - i.e. what they told me and what pfSense reports as the WAN IP - i.e. 10.1.10.10. Our LAN uses a different IP scheme. I am not familiar with "virtual bridge" mode. When I asked about standard bridge mode, they told me we would lose our WAN static IPs. That may be the answer.

      I am attempting to add port forwarding, but pfSense just is not playing nice. I suspect it has to do with the destination field not matching. When I enter the WAN static IP that I plan to use, the port remains blocked. When I select "any," well pfSense goes nuts and locks me out of the pfSense GUI interface and redirects me to the internal device - both use port 80. I do appreciate the restore feature built into pfSense. Thanks to whomever!

      I tried adding a virtual IP. I was not successful in changing anything. I am not seeing anything in the logs, not even a block. The internal device on port 80 works as desired, so there are no issues there.

      To be clear, I choose WAN with a TCP protocol. The source is the default any. The destination is I believe my problem. The destination port is 80. The redirected target IP is an internal IP listening on port 80. This device is working and listening on said port. I can access it internally as designed. I have NAT reflection set to native mode (my system default) and I am adding an associated filter rule.

      Anyway, I am stumped. I Google "virtual bridge" mode and get nothing. I attempted to ask intelligent questions of the service support person on the phone, but they were not following my questions.

      Any help on how to deal with "virtual bridges" in a Comcast modem would be appreciated.

      Thanks

      1 Reply Last reply Reply Quote 0
      • B
        Burger
        last edited by

        I'll add to this thread should anyone else have the same issue. I talked to a different Comcast internal tech. In their virtual bridge mode they had all the ports blocked. Thanks guys. This tech declared that DHCP should be turned off. I can agree with that. I updated the pfSense WAN from DHCP to static and made the appropriate entry - including adding a gateway. No Internet access. Time passed. More time passed. Now Comcast wants to send out a technician. Their modem may have issues. Or, I may have issues. I can read between the lines.

        1 Reply Last reply Reply Quote 0
        • B
          Burger
          last edited by

          In part, I'll answer my own question. The Comcast tech showed up. He asked what I was trying to do, verified settings, but said he did not do anything. He had an older laptop and needed to reboot, so while he rebooted, I walked next door to my office to find everything working. The only thing that changed was two days before he arrived, our Internet stopped working. I unplugged our modem, waited 20 seconds, plugged it back in and our Internet started working again. I do that twice a year. I asked the tech about that issue. He insisted that our service is just fine and our modem does not show any issues. He suggested that was poor troubleshooting on my part. Perhaps, but I'll take a 20 second solution any day.

          Back to pfSense. Comcast's virtual bridge solution is to serve DHCP. They want anyone plugging a laptop into their modem/router to have Internet access. They also want to use a standard IP address to access modem set-up. Thus, on my pfSense box, my WAN is set to DHCP. I then set up a virtual IP for my WAN static IP. My NAT Port Forwarding rule has a destination pointing to the virtual IP for my WAN static IP. The redirected target IP is of course an internal IP address of the port forwarding actual destination.

          I mention the above because several have indicated that they set their WAN to the WAN static IP. A static IP does not work with Comcast, or at least when we have more than one WAN IP. Of course, I tested all of the above before rebooting my modem. I talked to Comcast tech support earlier and they supposedly soft booted the modem. I hope this is helpful to anyone dealing with Comcast.

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            I have read over this thread multiple times, and still can not figure out what your trying to say or if your working or not working?

            What I can tell you is we have a location with business connection from comcast, and we use the static IP without any issues on pfsense sg-2240

            comcast_static.png
            comcast_static.png_thumb

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.7.2, 24.11

            1 Reply Last reply Reply Quote 0
            • B
              Burger
              last edited by

              pfSense is working as desired.

              I am sorry that you are not following my notes.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.