Static Configuration won't work - Ideas where to look?
-
I just setup a new VMWARE pfsense machine. I cannot for the life of me get my WAN static IP configured. I have DHCP configured for the internal LAN. When the WAN is configured for DHCP the internet connection works. When I attempt to change WAN DHCP to my static configuration it loses internet connectivity. Here is my configuration:
WAN Static Configuration:
This configuration worked perfect on the Dlink router that it is replacing and a static configuration on my laptop.Comcast -> SMC8014 -> pfsense WAN Nic -> pfsense Firewall -> pfsense LAN Nic -> Internal LAN Switch
IP Configuration:
WAN Static IP - 75.XXX.79.144
Subnet Mask - 255.255.255.0
Gateway - 75.XXX.79.146DNS Primary - 75.75.75.75
DNS Secondary - 75.75.76.76When I have the Static WAN configured I can ping google.com from WAN and LAN interface in the webconfigurator diagnostics. But I cannot ping from the computers that have received DHCP addresses from the LAN interface. Please help I have to get this working where I can I begin to look.
-
I cannot ping from the computers that have received DHCP addresses from the LAN interface.
You can help me help you by providing more details, especially more details than "cannot ping". The ping response is almost always more informative than "cannot ping". Please provide the ping command and response for the following:
-
ping to name of pfSense box
-
ping to IP address of pfSense LAN IP address
-
ping to www.google.com
-
ping to 8.8.8.8
-
-
First guess, you don't have a gateway chosen under Interfaces>WAN.
-
I will get the information for you in just on sec… Just did a complete reinstall...
-
-
ping to name of pfSense box
-
ping to IP address of pfSense LAN IP address
-
ping to www.google.com
-
ping to 8.8.8.8
C:\Users\nate>ping pfSense.private Pinging pfSense.private [192.168.0.1] with 32 bytes of data: Reply from 192.168.0.1: bytes=32 time<1ms TTL=64 Reply from 192.168.0.1: bytes=32 time<1ms TTL=64 Reply from 192.168.0.1: bytes=32 time<1ms TTL=64 Reply from 192.168.0.1: bytes=32 time<1ms TTL=64 Ping statistics for 192.168.0.1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms C:\Users\nate>ping 192.168.0.1 Pinging 192.168.0.1 with 32 bytes of data: Reply from 192.168.0.1: bytes=32 time<1ms TTL=64 Reply from 192.168.0.1: bytes=32 time<1ms TTL=64 Reply from 192.168.0.1: bytes=32 time<1ms TTL=64 Reply from 192.168.0.1: bytes=32 time<1ms TTL=64 Ping statistics for 192.168.0.1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms C:\Users\nate>ping www.google.com Pinging www.google.com [74.125.225.82] with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. Ping statistics for 74.125.225.82: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), C:\Users\nate>ping 8.8.8.8 Pinging 8.8.8.8 with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. Ping statistics for 8.8.8.8: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), -
-
-
In Services:DHCP Server, Gateway should be blank. Then it will automatically give clients the pfSense LAN address as the gateway.
(If you have put something like the WAN Gateway address in there, then the clients will have trouble, as they can't directly reach the WAN Gateway address.) -
In Services:DHCP Server, Gateway should be blank. Then it will automatically give clients the pfSense LAN address as the gateway.
(If you have put something like the WAN Gateway address in there, then the clients will have trouble, as they can't directly reach the WAN Gateway address.)I have not modified any default settings. I have run the setup wizard and changed from DHCP to static configuration on the WAN interface. Nothing else has been changed.
-
I HAVE $25 THAT I WILL PAY TO WHOEVER HELPS ME SOLVES THIS! DESPERATE THIS IS A PRODUCTION MACHINE I HAVE GOT TO GET THIS WORKING
-
I have run the setup wizard and changed from DHCP to static configuration on the WAN interface. Nothing else has been changed.
That would suggest you haven't given a DNS server or a default gateway, both of which are normally supplied by DHCP.
Your ISP apparently provides a DHCP server to your WAN interface. Why not use it to get the minimum three configuration items (IP address, IP address of DNS, IP address of default gateway) rather than having to maintain them all yourself?
Edit:
I just realised @natelabo:changed from DHCP to static configuration
might have meant you disabled DHCP server on the WAN interface (for some reason you posted a screen shot showing DHCP server on WAN disabled) but I initially thought you meant you had changed the WAN interface type (on Interfaces -> WAN) from DHCP to Static
-
Confirm that your client has actually got good settings from DHCP:
ipconfig /all
Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : localdomain Description . . . . . . . . . . . : Intel(R) 82577LC Gigabit Network Connecti on Physical Address. . . . . . . . . : 1C-C1-DE-BC-5D-DC DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::3062:b201:f6bc:21a7%13(Preferred) IPv4 Address. . . . . . . . . . . : 10.49.46.208(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Thursday, 4 October 2012 7:09:48 AM Lease Expires . . . . . . . . . . : Thursday, 4 October 2012 10:09:48 AM Default Gateway . . . . . . . . . : 10.49.46.1 DHCP Server . . . . . . . . . . . : 10.49.46.1 DHCPv6 IAID . . . . . . . . . . . : 287097310 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-FE-C3-63-1C-C1-DE-BC-5D-DC DNS Servers . . . . . . . . . . . : 10.49.46.1 NetBIOS over Tcpip. . . . . . . . : EnabledThe client interface in use should normally have Default Gateway, DHCP Server and DNS Servers all with the same IP address of the pfSense router, in a simple LAN with 1 router network.
Then try:tracert 8.8.8.8
The first hop reported should be the IP address of your pfSense router, then the gateway of your ISP, then off to lots of hops in Internet-land. -
That would suggest you haven't given a DNS server or a default gateway, both of which are normally supplied by DHCP.
Your ISP apparently provides a DHCP server to your WAN interface. Why not use it to get the minimum three configuration items (IP address, IP address of DNS, IP address of default gateway) rather than having to maintain them all yourself?
I setup DNS servers in the setup wizard they also appear in the general settings. I set up the default gateway in the static setup portion of the setup wizard. The router is an SMC8014 for use on comcast biz class service. DHCP is offered but you can't access the static IP's. To bind the firewall to a static IP you must manually setup and the router passes it through.
might have meant you disabled DHCP server on the WAN interface (for some reason you posted a screen shot showing DHCP server on WAN disabled) but I initially thought you meant you had changed the WAN interface type (on Interfaces -> WAN) from DHCP to Static
I'm confused I did mean that I swapped Interfaces->WAN from DHCP to Static. But in my Services: DHCP Server the "Enable DHCP Service on WAN Interface" is unchecked. DHCP service is enabled on the LAN interface. Is DHCP supposed to be setup on the WAN interface?
-
Confirm that your client has actually got good settings from DHCP:
ipconfig /all
Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : private Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller Physical Address. . . . . . . . . : 00-24-BE-DD-03-F2 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::19cd:97cd:fe09:94ac%13(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.0.200(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Wednesday, October 03, 2012 11:26:01 PM Lease Expires . . . . . . . . . . : Thursday, October 04, 2012 1:40:55 AM Default Gateway . . . . . . . . . : 192.168.0.1 DHCP Server . . . . . . . . . . . : 192.168.0.1 DHCPv6 IAID . . . . . . . . . . . : 285222078 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-CA-22-B3-00-24-BE-DD-03-F2 DNS Servers . . . . . . . . . . . : 192.168.0.1 NetBIOS over Tcpip. . . . . . . . : Enabled -
Then try:
tracert 8.8.8.8
The first hop reported should be the IP address of your pfSense router, then the gateway of your ISP, then off to lots of hops in Internet-land.C:\Users\nate>tracert 8.8.8.8 Tracing route to google-public-dns-a.google.com [8.8.8.8] over a maximum of 30 hops: 1 2 ms <1 ms <1 ms pfsense.private [192.168.0.1] 2 * * * Request timed out. 3 * * * Request timed out. 4 * * * Request timed out. 5 * * * Request timed out. 6 * * * Request timed out. 7 * * * Request timed out. 8 * * * Request timed out. 9 * * * Request timed out. 10 * * * Request timed out. 11 * * * Request timed out. 12 * * * Request timed out. 13 ^C -
I can't believe that Comcast is putting that modem in true bridge mode for you.
When you set up your WAN for DHCP what address does it get?
-
I'm confused I did mean that I swapped Interfaces->WAN from DHCP to Static. But in my Services: DHCP Server the "Enable DHCP Service on WAN Interface" is unchecked. DHCP service is enabled on the LAN interface. Is DHCP supposed to be setup on the WAN interface?
That is correct. The pfSense DHCP Server is enabled on LAN, to give DHCP to the LAN clients (your PC etc). The WAN has a DHCP client only, which asks for DHCP network settings from a DHCP Server that your ISP provides.
Your LAN client PC network settings look fine - it goes to your pfSense for all network stuff - gateway, DHCP and DNS.
The traceroute goes to your pfSense then after that goes nowhere, presumably pfSense does not have a useful/valid default route.
The issue is presumably somewhere in getting useful DHCP settings on WAN from the ISP DHCP server.
What does Status:Interfaces show for WAN?
What does Diagnostics:Routes show for the default route? -
I can't believe that Comcast is putting that modem in true bridge mode for you.
When you set up your WAN for DHCP what address does it get?
I'm a little confused I have tested this setup with a 2 low grade routers. Both routers can access WAN through the assigned Static IP and pass the connection to internal LAN. It is definately something with the pf box. It is not passing the packets? to the LAN.
The SMC box by default is setup to apply 10.1.10.X addresses to hardware that is looking for DHCP. When I use DHCP on the pf box it receives a DHCP address of 10.1.10.X and a gateway address of 10.1.10.1. WAN works on anything given a DHCP address on the internal LAN from the pf box. It just won't pass when configured with a Static IP.
-
Comcast business does not allow static ips past the gateway device in the same manner as many other ISP's do. Ive fought with them over this in the past. The only true bridge modem they will allow is a Motorola 6000 series and they wont let you use it if you have a static IP address.
I believe in order to use your static IP your gonna need to leave the primary WAN as DHCP and use a VIP for the static. I wont use Comcast anywhere I need a static and have been lucky enough so far to have another solution available at those locations.
Did Comcast tech support provide you with instructions or any kind of direction?
If you set the WAN of any of your other routers up as DHCP they get a 10.x.x.x address, correct?
Unless Comcast has changed things in the last 6 mos. this is the way they do things.
-
The traceroute goes to your pfSense then after that goes nowhere, presumably pfSense does not have a useful/valid default route.
The issue is presumably somewhere in getting useful DHCP settings on WAN from the ISP DHCP server.
What does Status:Interfaces show for WAN?
What does Diagnostics:Routes show for the default route?
-
Okay just noticed this…
Gateway Status: Offline
