Isp Down need to restart Pfsense

doktornotor

@paotasos:

What could be the problem.

The problem is that it's broken (yet again). https://forum.pfsense.org/index.php?topic=41061.210

Guest

I dont have any PPPoE connections it connects to the Vdsl router as a normal lan connetion so the routers ip is 10.0.0.1 (gateway) and pfsense nic 10.0.0.100 and the 2nd nic gateway to 85.196.36.132.

doktornotor

Huh?@paotasos:

I dont have any PPPoE connections it connects to the Vdsl router as a normal lan connetion so the routers ip is 10.0.0.1 (gateway) and pfsense nic 10.0.0.100 and the 2nd nic gateway to 85.196.36.132.

Eeeh? What second NIC? What GW on LAN? You are connecting your router to LAN port on pfSense?

Guest

ok to make it clear my Vdsl router modem has an ip of 10.0.0.1 and nic1 from pf sense connects to that with ip 10.0.0.100 ok.  My second nic on pfsense has an ip of 85.196.36.132 witch is my lan gateway ok.

doktornotor

Dude, post some network diagram and configuration screenshots. You make no sense.

Guest

ok i will do that on photoshop give me 5 minutes ok

Guest

Here is a simple diagram
http://corfumedia.com/uploads/diagram.jpg

doktornotor

Nope, sorry. There is no LAN and two WANs, or WTH is this? This whole thing appears just totally upside down.

Guest

Yes there are the first one is on 10.0.0.1 subnet 255.255.255.0 and second is 85.196.36.132 with subnet 255.255.255.192 and what I use in my network.

johnpoz

Huh??

85.196.36.132/26

So you just pulled that out of thin air?

Or are you
inetnum:        85.196.33.0 - 85.196.36.255
netname:        GLOBALNETWORKS
address:        Greece

So your using public IPs behind a nat?  .132 is a bit odd address to use in that network, wire would be .128, so .129 or .190 would be more likely for a gateway.

You could unplug your internet connection and your lan should still respond..  Not sure what lan network has to do with the wan/internet connection..  And seems odd to be using that network on the lan side?

Guest

My lan is 85.196.36.129 - 85.196.36.190 range with subnet 255.255.255.192 it wasnt set by me.

doktornotor

@paotasos:

it wasnt set by me.

And it was set by whom? I strongly doubt this has ever, like ever, ever worked.

Guest

Everythink is working fine no problems is just that pfsense when my isp fails the gateway 85.196.36.132 would not work not even ping it and I have to restart pfsense box.

johnpoz

So what are the interfaces on pfsense?? Just wan that gets a 10.x rfc1918 address, and then public IPs behind that nat??  then what IP do you get on the public side.. So if you from a client with one of those 85.x.x.x addresses got to http://www.whatsmyip.org/ what IP does it show?

I also would like to know who set this up.. Seems completely pointless sort of setup to put public IPs behind a nat???  So what network is it natted to on the public side?

Why don't you just use say 192.168.1.0/24 on your lan side??  Its a double nat but your double natting now just using public where it shouldn't be used, ie behind a nat ;)

Also why do we have voting buttons on this question??

Guest

My public ip changes its not a static is just a simple vdsl connection.

doktornotor

@paotasos:

My public ip changes its not a static is just a simple vdsl connection.

Dude. Stop stealing public IP range. Period. Use RFC1918 IPs on your LAN. If does not matter who did set this clusterfuck up. Unless your ISP specifically assigned and routed that /26 to you, you do NOT use any such thing anywhere on your network.

Guest

no the modem/routers is not bridge i just use a stac ip 10.0.0.1 which is the routers ip.

doktornotor

No. You do not use public IPs that do not belong to you on LAN, or anywhere elese. Bridge the modem, or sit behind double NAT, your problem. Just stop stealing public IP space.

Guest

85.196.36.x with subnet 255.255.255.192 is not a public ip.

doktornotor

Dude, you should not administer any firewall. Keep your hands off networking. As already noted above:

% Information related to '85.196.33.0 - 85.196.36.255'
% Abuse contact for '85.196.33.0 - 85.196.36.255' is 'info@globalnetworks.gr'

inetnum:        85.196.33.0 - 85.196.36.255
netname:        GLOBALNETWORKS
descr:          Customers
country:        GR
admin-c:        RA1850-RIPE
tech-c:         RA1850-RIPE
status:         ASSIGNED PA
mnt-by:         MNT-GLOBALNETWORKS
mnt-lower:      MNT-GLOBALNETWORKS
mnt-domains:    MNT-GLOBALNETWORKS
source:         RIPE  Filtered

You use RFC1918 IP ranges for local networks. Not random stolen public stuff.