Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [SOLVED] AT&T U-verse with Pace/2-Wire 3801HGV: CARP Virtual IPs not working

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    4 Posts 3 Posters 3.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rcpao
      last edited by

      I am trying to get a /29 block of static IPs from the 3801HGV to pfSense 2.2.2-RELEASE.

      I have the WAN interface with the first static IP, and created 4 CARP Virtual IPs (VIPs) for the remaining four static IPs.

      https://forum.pfsense.org/index.php?topic=31167.msg161320#msg161320

      All five static IPs will ping -S from each static (V)IP to the 3801HGV which takes the last usable static IP in the /29 block as the default route/gateway.  Remember, the all zeros IP address and the all ones IP address are not usable for hosts.

      3801HGV > Settings > Broadband > Link Configuration > Supplementary Network
Add Additional Network [x] Enable
Router Address: last useable static IP in /29 block
Subnet Mask: 255.255.255.248
Auto Firewall Open [x]


      The 3801HGV lists the pfSense VIPs in Settings > LAN > IP Address Allocation
Firewall: Disabled
Address Assignment: Static IP - no DHCP
WAN IP Mapping: Public Fixed: [one of the /29 static IPs]
Cascaded Router: No

      … and so on for each VIP and the DHCP address of the host I am using to view the 3801HGV's WebUI.

      Unfortunately, only the first Static IP (Port Forwarded to a web server) is accessible from the Internet.  Anyone have any ideas how to get the CARP Virtual IPs to work?

      Note: This similar configuration works fine with the old ADSL modem in bridge mode.  AT&T U-verse modems do not have bridge mode.

      pfSense 2.2.2 in ESXi with 5 static IPs via 4 CARP Virtual IPs on WAN to Pace 3801HGV (AT&T U-verse).

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        Those things are probably the crappiest modems ever built for static IP usage like that. Personally, I switched mine to routed mode for the publics to get away from its stupidity with static IP handling, so it routed my public /29 to the 192.168.x.x WAN IP (actually CARP IP) of the firewall behind it.

        If you've ever used those publics on something else before, you have to go in and delete any reference to them that you can find. I thankfully no longer have a 2wire after upgrading my service, so don't recall the screens 100% for sure offhand. Then bring up the CARP VIPs, try to source traffic from them. Then back to the 2wire and disable the firewall for the newly discovered IPs. If anything doesn't go right in that process, which there is a good chance it won't, you might have to reset the 2wire to factory defaults and start the process over. It gets some IPs stuck in it with some other MAC if they've been used before, and sometimes just for no reason at all, to the point it leaves you with no option but factory defaulting the modem.

        I upgraded my service to 50 Mb, which required a different modem. They installed a Motorola that's vastly better than the 2wire and I was thrilled to see it go. Every time we have someone show up here with one with static IPs, or support customers, they turn into a real headache.

        1 Reply Last reply Reply Quote 0
        • R
          rcpao
          last edited by

          SUCCESS!!!

          https://forum.pfsense.org/index.php?topic=31167.msg161320#msg161320 is missing a few steps that needs to occur at the end.

          There must be a direct ping from each pfSense CarpVirtualIpAddress to the 3801HGV's IP Address (.70 in my case).

          A direct ping can only be achieved from the Command Line / Shell interface on pfSense:

          ping -c1 -S CarpVirtualIpAddress ModemIpAddress

          -c1 means only ping one time (as opposed to repeating until Ctrl-C)
          -S indicates the source IP address to send the ping from

          Check
          http://192.168.1.254 > Settings > LAN > IP Address Allocation
          after each ping from a CarpVirtualIpAddress and you will see it show up.  It may take a few refreshes as the modem takes some time to detect/reconfigure itself.

          Once all six static IPs are in the list of IP Address Allocation,  they should all have the following settings by default:

          Device Status: Connected Static IP
          Firewall: Disabled
          Address Assignment: Static IP - no DHCP
          WAN IP Mapping: Public Fixed: .65 to .69 or whatever your 5 static IPs are
          Cascaded Router: No

          There will be a DHCP address with Firewall enabled for the web browser used to view 192.168.1.254.  Leave it at defaults as well.

          You MUST click the [Save] button at the bottom right of the IP Address Allocation page to write these settings into NVRAM in the 3801HGV modem or you will lose the settings when the power goes out.  They do seem to come back after pulling the plug for a few seconds anyway.

          The modem requires a direct ping to it's own IP address.  Merely passing traffic through it, such as pinging 8.8.8.8, will not register in the IP Address Allocation list.  Thus, the modem will block incoming Internet traffic for those CarpVirtualIpAddresses.

          pfSense 2.2.2 in ESXi with 5 static IPs via 4 CARP Virtual IPs on WAN to Pace 3801HGV (AT&T U-verse).

          1 Reply Last reply Reply Quote 0
          • K
            Karakaraza
            last edited by

            I would like to know the same information.

            maxbet

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.