Static Configuration won't work - Ideas where to look?
-
I HAVE $25 THAT I WILL PAY TO WHOEVER HELPS ME SOLVES THIS! DESPERATE THIS IS A PRODUCTION MACHINE I HAVE GOT TO GET THIS WORKING
-
I have run the setup wizard and changed from DHCP to static configuration on the WAN interface. Nothing else has been changed.
That would suggest you haven't given a DNS server or a default gateway, both of which are normally supplied by DHCP.
Your ISP apparently provides a DHCP server to your WAN interface. Why not use it to get the minimum three configuration items (IP address, IP address of DNS, IP address of default gateway) rather than having to maintain them all yourself?
Edit:
I just realised @natelabo:changed from DHCP to static configuration
might have meant you disabled DHCP server on the WAN interface (for some reason you posted a screen shot showing DHCP server on WAN disabled) but I initially thought you meant you had changed the WAN interface type (on Interfaces -> WAN) from DHCP to Static
-
Confirm that your client has actually got good settings from DHCP:
ipconfig /all
Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : localdomain Description . . . . . . . . . . . : Intel(R) 82577LC Gigabit Network Connecti on Physical Address. . . . . . . . . : 1C-C1-DE-BC-5D-DC DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::3062:b201:f6bc:21a7%13(Preferred) IPv4 Address. . . . . . . . . . . : 10.49.46.208(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Thursday, 4 October 2012 7:09:48 AM Lease Expires . . . . . . . . . . : Thursday, 4 October 2012 10:09:48 AM Default Gateway . . . . . . . . . : 10.49.46.1 DHCP Server . . . . . . . . . . . : 10.49.46.1 DHCPv6 IAID . . . . . . . . . . . : 287097310 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-FE-C3-63-1C-C1-DE-BC-5D-DC DNS Servers . . . . . . . . . . . : 10.49.46.1 NetBIOS over Tcpip. . . . . . . . : Enabled
The client interface in use should normally have Default Gateway, DHCP Server and DNS Servers all with the same IP address of the pfSense router, in a simple LAN with 1 router network.
Then try:tracert 8.8.8.8
The first hop reported should be the IP address of your pfSense router, then the gateway of your ISP, then off to lots of hops in Internet-land. -
That would suggest you haven't given a DNS server or a default gateway, both of which are normally supplied by DHCP.
Your ISP apparently provides a DHCP server to your WAN interface. Why not use it to get the minimum three configuration items (IP address, IP address of DNS, IP address of default gateway) rather than having to maintain them all yourself?
I setup DNS servers in the setup wizard they also appear in the general settings. I set up the default gateway in the static setup portion of the setup wizard. The router is an SMC8014 for use on comcast biz class service. DHCP is offered but you can't access the static IP's. To bind the firewall to a static IP you must manually setup and the router passes it through.
might have meant you disabled DHCP server on the WAN interface (for some reason you posted a screen shot showing DHCP server on WAN disabled) but I initially thought you meant you had changed the WAN interface type (on Interfaces -> WAN) from DHCP to Static
I'm confused I did mean that I swapped Interfaces->WAN from DHCP to Static. But in my Services: DHCP Server the "Enable DHCP Service on WAN Interface" is unchecked. DHCP service is enabled on the LAN interface. Is DHCP supposed to be setup on the WAN interface?
-
Confirm that your client has actually got good settings from DHCP:
ipconfig /all
Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : private Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller Physical Address. . . . . . . . . : 00-24-BE-DD-03-F2 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::19cd:97cd:fe09:94ac%13(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.0.200(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Wednesday, October 03, 2012 11:26:01 PM Lease Expires . . . . . . . . . . : Thursday, October 04, 2012 1:40:55 AM Default Gateway . . . . . . . . . : 192.168.0.1 DHCP Server . . . . . . . . . . . : 192.168.0.1 DHCPv6 IAID . . . . . . . . . . . : 285222078 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-CA-22-B3-00-24-BE-DD-03-F2 DNS Servers . . . . . . . . . . . : 192.168.0.1 NetBIOS over Tcpip. . . . . . . . : Enabled
-
Then try:
tracert 8.8.8.8
The first hop reported should be the IP address of your pfSense router, then the gateway of your ISP, then off to lots of hops in Internet-land.C:\Users\nate>tracert 8.8.8.8 Tracing route to google-public-dns-a.google.com [8.8.8.8] over a maximum of 30 hops: 1 2 ms <1 ms <1 ms pfsense.private [192.168.0.1] 2 * * * Request timed out. 3 * * * Request timed out. 4 * * * Request timed out. 5 * * * Request timed out. 6 * * * Request timed out. 7 * * * Request timed out. 8 * * * Request timed out. 9 * * * Request timed out. 10 * * * Request timed out. 11 * * * Request timed out. 12 * * * Request timed out. 13 ^C
-
I can't believe that Comcast is putting that modem in true bridge mode for you.
When you set up your WAN for DHCP what address does it get?
-
I'm confused I did mean that I swapped Interfaces->WAN from DHCP to Static. But in my Services: DHCP Server the "Enable DHCP Service on WAN Interface" is unchecked. DHCP service is enabled on the LAN interface. Is DHCP supposed to be setup on the WAN interface?
That is correct. The pfSense DHCP Server is enabled on LAN, to give DHCP to the LAN clients (your PC etc). The WAN has a DHCP client only, which asks for DHCP network settings from a DHCP Server that your ISP provides.
Your LAN client PC network settings look fine - it goes to your pfSense for all network stuff - gateway, DHCP and DNS.
The traceroute goes to your pfSense then after that goes nowhere, presumably pfSense does not have a useful/valid default route.
The issue is presumably somewhere in getting useful DHCP settings on WAN from the ISP DHCP server.
What does Status:Interfaces show for WAN?
What does Diagnostics:Routes show for the default route? -
I can't believe that Comcast is putting that modem in true bridge mode for you.
When you set up your WAN for DHCP what address does it get?
I'm a little confused I have tested this setup with a 2 low grade routers. Both routers can access WAN through the assigned Static IP and pass the connection to internal LAN. It is definately something with the pf box. It is not passing the packets? to the LAN.
The SMC box by default is setup to apply 10.1.10.X addresses to hardware that is looking for DHCP. When I use DHCP on the pf box it receives a DHCP address of 10.1.10.X and a gateway address of 10.1.10.1. WAN works on anything given a DHCP address on the internal LAN from the pf box. It just won't pass when configured with a Static IP.
-
Comcast business does not allow static ips past the gateway device in the same manner as many other ISP's do. Ive fought with them over this in the past. The only true bridge modem they will allow is a Motorola 6000 series and they wont let you use it if you have a static IP address.
I believe in order to use your static IP your gonna need to leave the primary WAN as DHCP and use a VIP for the static. I wont use Comcast anywhere I need a static and have been lucky enough so far to have another solution available at those locations.
Did Comcast tech support provide you with instructions or any kind of direction?
If you set the WAN of any of your other routers up as DHCP they get a 10.x.x.x address, correct?
Unless Comcast has changed things in the last 6 mos. this is the way they do things.
-
The traceroute goes to your pfSense then after that goes nowhere, presumably pfSense does not have a useful/valid default route.
The issue is presumably somewhere in getting useful DHCP settings on WAN from the ISP DHCP server.
What does Status:Interfaces show for WAN?
What does Diagnostics:Routes show for the default route?
-
Okay just noticed this…
Gateway Status: Offline
-
http://www.dslreports.com/forum/r23503059-Business-Comcast-Business-gateway-bridge-mode-forwarding-iss
And there might be more here…
http://www.dslreports.com/nsearch?boardlist=141&cat=remark&advanced=1&141=1&p=10&o=r&q=SMC8014+static
-
This one caught my eye.
http://www.dslreports.com/forum/remark,25742306?hilite=smc8014+static
-
Comcast business does not allow static ips past the gateway device in the same manner as many other ISP's do. Ive fought with them over this in the past. The only true bridge modem they will allow is a Motorola 6000 series and they wont let you use it if you have a static IP address.
I believe in order to use your static IP your gonna need to leave the primary WAN as DHCP and use a VIP for the static. I wont use Comcast anywhere I need a static and have been lucky enough so far to have another solution available at those locations.
Did Comcast tech support provide you with instructions or any kind of direction?
If you set the WAN of any of your other routers up as DHCP they get a 10.x.x.x address, correct?
Unless Comcast has changed things in the last 6 mos. this is the way they do things.
This is a whole another discussion… and yes I can't stand the confusing setup of Comcast Routers for Biz Class. But you select two options and the router when faced with device presenting an external IP completely bypasses the router itself. As I stated the low grade routers work perfectly fine when configured with the exact static information that I am using on the pf box. Also yes this is how Comcast tells you to do this. I have a cPanel sever currently working on this router/connection setup the same way... Obviously different Static IP.
-
Gateway Status: Offline
I guess that the ISP Gateway does not respond to ping. So pfSense thinks that the WAN is down (no response from the Monitor IP).
Edit the Gateway settings and put in a Monitor IP of something real out in Internet-land that should always be up and respond to ping - I use 8.8.8.8 (Google DNS address). If that doesn't get you joy, then check the tickbox "Disable Gateway Monitoring" - pfSense will then always try to use the WAN interface, it won't appear "down".
If you don't have multi-WANs available on the pfSense box, then there is no real benefit in monitoring the only WAN Gateway and having it declared "down". -
Is your configured gateway (75.x.79.146) in the same subnet as the static IP you configured?
Where is the machine with this IP address? Is it your SMC modem?
If I recall correctly, some operating systems will talk directly to systems on the same LAN which aren't in the same subnet but FreeBSD takes a stricter view. So, for example, if your pfSense WAN interface has IP address 75.x.80.10/24 then pfSense won't talk directly to 75.x.79.156 because the two interfaces are in different subnets. I believe I have seen reports that Linux and/or Windows aren't so strict and that might explain why the two "low end" routers you mentioned are able to work in your configuration.
-
I am calling it quits… After a lengthy conversation with a Comcast tech I apparently using a hidden static IP that I am not supposed to have access to. I don't know why I have access with the low end routers and can't get it with pfSense. I don't know how I even originally found it. It would be nice to figure it out because it would save me the money of adding 3 extra unneeded Statics. But I will call Comcast tomorrow and add additional IP's. :-\
Thanks to all that attempted to help with my issue...
-
If you decide to try again I would try what phil.davis suggested above. Disable gateway monitoring or change the IP being monitored.
Also it doesn't look like you ran any ping tests from the pfSense console. This would determine if it was a routing problem or something upstream.
Steve
-
If you decide to try again I would try what phil.davis suggested above. Disable gateway monitoring or change the IP being monitored.
Also it doesn't look like you ran any ping tests from the pfSense console. This would determine if it was a routing problem or something upstream.
Steve
Well I'm still here… I got ticked off because I want to solve this. I have set the monitoring to watch 8.8.8.8. The status is now saying online but I still have no connection on my internal LAN devices.
I have run almost every test on the webconfigurator available. Nothing fails! It has been like this since the beginning. nslookup = good, ping LAN and WAN (google, ebay, and 8.8.8.8) = all good, tracert (google, ebay) = all working. Still my devices on internal LAN cannot resolve past the pfsense gateway address (192.168.0.1) as shown in the picture way earlier.