Pfsense sees LAN but no WAN
-
hi all,
my pfsense can see the LAN network and i can access it using another PC but my WAN interface says its UP but i dont see a DHCP ip address
when i unplug the ethernet cable on the WAN it says its DOWN so i know its seeing something but its not picking up an ip address
i tried to enter my WAN ip statically as my DHCP address hasnt changed since day dot but that didnt help either, i could see the ip address this time but still didnt work
On my windows machine i have given myself a static ip
Ip 192.168.1.5
Mask 255.255.255.0
Router 192.168.1.1 - pfsense computerDns 194.168.4.100 - my isps one
any help please
thanks, rob
-
And your pfsense wan plugs into what? Cable modem - have you rebooted the cable modem since you connected pfsense?
Did it ever work?
-
My pfsense wan plugs in my cable modem/router but obviously its acting just as a modem as in testing out this pfsense
didn't even think to realise to reset my modem to renew my ip as prob that ip is attached to my old routers mac more than likely they reserve ip addresses via mac addresses of devices
-
If you change the mac of the device connected to a cable modem - you almost always need to power cycle the cable modem
-
what about if i spoof my mac address to the one of my old router? under WAN spoof mac address?
-
Sure ok you can do that, have you validated the spoof is working - what does pfsense show for its mac when you do a ifconfig?
Its possible your isp has locked you to the mac it was seeing before.. Did you try a power cycle of your cable modem?
-
exactly, my ISP may have my mac for my old router and i may need to call them up to change that for my pfsense one but i may just try the spoof mac and enter in my old routers mac in it
or it just may be a simple solution of just doing a reset of my my cable modem/router (i have disabled the router function) for it to see the new pfsense router instead of the old one
what do you mean "have you validated spoof is working"?
-
Dude simple question - have you REBOOTED your cable yet or not?? It takes all of 1 minute to do. Why are we still having this conversation without such a simple thing being performed.
As to validate - once you put the mac you want to spoof in pfsense interface settings.. Look on pfsense with ifconfig - does it show that as the new mac for your wan interface.. Is traffic flowing using that mac, etc.
-
Because ive been at work today, sorry should have said and i doubt Il have time to do it tonight as in still on train home :(
-
awesome!!!
got it working and you were right all i needed to do was restart my cable modem and im picking up a different DHCP address that my old router had as a consequence but it doesnt bother me
thanks man much appreciate it
-
Thread necro… Thought you guys would appreciate how elusive the simple solutions can be...
I've had pfSense running on a VM for years now. I recently configured some new (to me) R610 servers with vSphere 6.0 and I made some network topology changes. I decided to re-create the pfSense VM from scratch on my new vSphere nodes so I didn't keep the old VM (the physical server was retired and its disks gutted).
So I create the appropriate virtual switches, make the appropriate physical network connections, and do a vanilla install of pfSense. It wouldn't get a DHCP address from my ISP. With the amount of change in my environment, I figured I had botched something in the network. So I inspected and thought and re-thought, and everything seemed right.
To rule out any sort of problem with my ISP or the cable modem, I temporarily connected a virtualized windows box to my "WAN" virtual switch for 10 seconds and it picked up a DHCP lease (a public IP address, gateway info, DNS info, etc) just fine and was able to browse websites. So I ruled out an issue with Comcast or the modem.
I then spent HOURS creating and re-creating this pfSense virtual machine, each time doing certain things differently. I even recreated the virtual switch a few times as well as trying different physical ports. Mind you that when I messed with the physical network connections, I was 5 feet away from the cable modem and could have rebooted it just in case. But no, I had already concluded that wasn't needed!
I eventually gave up and came here to see if I could figure out how to diagnose the issue at a deeper level in logs. Came across this thread but keep in mind my Windows test had proved in my mind that the cable modem was fine. But this thread made me think "sure why not, I'll go reboot the modem". Rebooted it, pfSense picks up WAN DHCP lease, everything worked.
So the advice someone gave on this thread to always reboot the modem after you change the MAC presented in the DHCP lease request is good advice. I can't believe that in 2015 a cable modem needs a reboot for this reason but whatever.
I want 2 hours of my life back but it was my own fault :)
PS - I'm surprised this is my first post, I've been lurking on the forums for years but guess I never posted. Kudos and huge thanks to all of you involved on this project - I love it!
-
I have yet to figure out exactly what needs to be done to get a cable modem/provider to give you a lease when it doesn't want to.
Reboot the modem, nope.
Call company and have them reset it, nope.
Sniff it, DHCPREQUESTs go unacknowledged.Then it just starts working after a couple hours.
I maintain it is some DHCP DoS they are (understandably) protecting themselves against, but it's a total PITA. Luckily, (for me) it's a pretty rare occurrence.
My ADSL backup does it to a lesser extent. I can usually coerce a new lease out of it.
-
Have never seen a issue where could not get an IP on new machine connected to cable modem after reboot of modem.
If you change the mac of the device - reboot the cable modem. I personally have lots of different vms running different distros I can bring up as my router/firewall.. All I do to move to different one other than my main pfsense one is just use the same mac on the wan side connected to the cable modem via the vswitch.
I maintain my public IP this way and don't have to reboot my cable modem.
Now what I would like to see is a way to maintain my IPv6 PD so that is not changing every time you turn around ;) Then I could go native vs tunnel…
