Virtual Bridge ??
-
Hello
We use Comcast as our ISP. We have 5 WAN Static IPs provided by Comcast. Comcast has our modem in what they call a virtual bridge mode. internally, this side of the modem, pfSense is assigned an IP via DHCP - i.e. what they told me and what pfSense reports as the WAN IP - i.e. 10.1.10.10. Our LAN uses a different IP scheme. I am not familiar with "virtual bridge" mode. When I asked about standard bridge mode, they told me we would lose our WAN static IPs. That may be the answer.
I am attempting to add port forwarding, but pfSense just is not playing nice. I suspect it has to do with the destination field not matching. When I enter the WAN static IP that I plan to use, the port remains blocked. When I select "any," well pfSense goes nuts and locks me out of the pfSense GUI interface and redirects me to the internal device - both use port 80. I do appreciate the restore feature built into pfSense. Thanks to whomever!
I tried adding a virtual IP. I was not successful in changing anything. I am not seeing anything in the logs, not even a block. The internal device on port 80 works as desired, so there are no issues there.
To be clear, I choose WAN with a TCP protocol. The source is the default any. The destination is I believe my problem. The destination port is 80. The redirected target IP is an internal IP listening on port 80. This device is working and listening on said port. I can access it internally as designed. I have NAT reflection set to native mode (my system default) and I am adding an associated filter rule.
Anyway, I am stumped. I Google "virtual bridge" mode and get nothing. I attempted to ask intelligent questions of the service support person on the phone, but they were not following my questions.
Any help on how to deal with "virtual bridges" in a Comcast modem would be appreciated.
Thanks
-
I'll add to this thread should anyone else have the same issue. I talked to a different Comcast internal tech. In their virtual bridge mode they had all the ports blocked. Thanks guys. This tech declared that DHCP should be turned off. I can agree with that. I updated the pfSense WAN from DHCP to static and made the appropriate entry - including adding a gateway. No Internet access. Time passed. More time passed. Now Comcast wants to send out a technician. Their modem may have issues. Or, I may have issues. I can read between the lines.
-
In part, I'll answer my own question. The Comcast tech showed up. He asked what I was trying to do, verified settings, but said he did not do anything. He had an older laptop and needed to reboot, so while he rebooted, I walked next door to my office to find everything working. The only thing that changed was two days before he arrived, our Internet stopped working. I unplugged our modem, waited 20 seconds, plugged it back in and our Internet started working again. I do that twice a year. I asked the tech about that issue. He insisted that our service is just fine and our modem does not show any issues. He suggested that was poor troubleshooting on my part. Perhaps, but I'll take a 20 second solution any day.
Back to pfSense. Comcast's virtual bridge solution is to serve DHCP. They want anyone plugging a laptop into their modem/router to have Internet access. They also want to use a standard IP address to access modem set-up. Thus, on my pfSense box, my WAN is set to DHCP. I then set up a virtual IP for my WAN static IP. My NAT Port Forwarding rule has a destination pointing to the virtual IP for my WAN static IP. The redirected target IP is of course an internal IP address of the port forwarding actual destination.
I mention the above because several have indicated that they set their WAN to the WAN static IP. A static IP does not work with Comcast, or at least when we have more than one WAN IP. Of course, I tested all of the above before rebooting my modem. I talked to Comcast tech support earlier and they supposedly soft booted the modem. I hope this is helpful to anyone dealing with Comcast.
-
I have read over this thread multiple times, and still can not figure out what your trying to say or if your working or not working?
What I can tell you is we have a location with business connection from comcast, and we use the static IP without any issues on pfsense sg-2240
-
pfSense is working as desired.
I am sorry that you are not following my notes.