SB6121 giving pfSense Private IP
-
Hey guys, I'm running into an odd problem. It appears that pfSense is getting a private IP from my SB6121 Motorola modem. I've tried the usual reboot, plug/unplug, nothing seems to change anything. I'm trying to port forward and this seems to be stopping me from doing so.
Interface config:
Interface stats:
I made sure that the modem was completely power cycled and ready for a connection before plugging it into pfSense just to be safe, but no change. I then plugged my laptop directly to my modem and instantly got an external IP. I'm kinda at a loss at this point. Any help would be greatly appreciated!
Many thanks,
- Adam -
Call your cable company.
-
Try changing the MAC address on pfSense's WAN interface. Also, try enabling IPv6.
Also, what led to this problem? Is this a new pfSense install? What do your firewall rules look like.
Call your cable company.
Something tells me his cable company will inform him they do not support pfSense.
-
So your saying if you plug in desktop machine vs pfsense - that machine gets a normal public IP?
Doesn't matter what is plugged into the thing be it they support it or not.. Its simple dhcp request.. Now I have seen the cable modems hand out an IP in 192.168.100 when connection is down - but never a 172.16-31 address..
You sure you just don't have some other dhcp server running? Your isp also handed out googledns?? On a /24 ? I really find that hard to believe. Cable isp using /24 (would think bigger - I am on /21 for example) and google for their clients dns seems very unlikely. Your pfsense box wan goes directly into your cable modem - or you have it in a switch with other things plugged in?
Your sure its a sb6121 and not actually a gateway device that does nat?
-
Try changing the MAC address on pfSense's WAN interface. Also, try enabling IPv6.
Also, what led to this problem? Is this a new pfSense install? What do your firewall rules look like.
Call your cable company.
Something tells me his cable company will inform him they do not support pfSense.
Thanks for the reply, I switched the MAC address of LAN and WAN and rebooted the modem, then pfSense, but still came up with the same IP. Comcast was absolutely no help, and instead dude started giving me a history lesson on IPv6 and how I should just use that full time. I… don't... even...
Here's my firewall (WAN) rules, just a home box so very basic:
So your saying if you plug in desktop machine vs pfsense - that machine gets a normal public IP?
Doesn't matter what is plugged into the thing be it they support it or not.. Its simple dhcp request.. Now I have seen the cable modems hand out an IP in 192.168.100 when connection is down - but never a 172.16-31 address..
You sure you just don't have some other dhcp server running? Your isp also handed out googledns?? On a /24 ? I really find that hard to believe. Cable isp using /24 (would think bigger - I am on /21 for example) and google for their clients dns seems very unlikely. Your pfsense box wan goes directly into your cable modem - or you have it in a switch with other things plugged in?
Your sure its a sb6121 and not actually a gateway device that does nat?
Yes, that's what I'm saying. it is indeed a SB6121 and it's not the gateway version, just the small modem. It is connected directly to the pfSense WAN port, dedicated non VLAN. Here is where I setup google DNS servers, I did it here because I also run an OpenVPN client to PrivateInternetAccess and I wanted to make sure to override any chance of using Comcast DNS.
Thanks again!
-
Here's my firewall (WAN) rules, just a home box so very basic:
So…
1/ IPsec rules are automated behind the scene, unless disabled explicitly.
2/ Eh? The destination IP is not routable from WAN.
4/ This is a stateful firewall, with rules applied on traffic entering via that interface, not leaving the interface. You need to allow echo request in on WAN, not echo reply out. -
This is what I would do:
Unplug WAN from cable modem
Unplug cable modem.
Wait a few minutes.
Diagnostics > Packet Capture Start a capture on WAN. Just capture everything.
Plug cable modem back in.
Get a tech on the phone with your cable company. Explain that you are not getting a lease and you need your DHCP cleared and your modem reset. Let them do whatever voodoo they do.
Connect WAN port to cable modem.
Wait until you get an IP address, whatever it is.
Stop the packet capture and download it.
Load it into wireshark and look at the DHCP exchange. It will tell you exactly what occurred. -
Thanks very much guys for all your responses and clarifications!
I'm sure you all won't be surprised to hear that I'm an idiot! This is at my brothers house, and I'm not there right now to verify, but I bet I know what's going on. I completely forgot that he had Comcast come out recently and he had them install their home security system… I forgot to take this into account. The wire I thought went from the modem to the firewall (not the best wire management I admit) is actually most likely going to their security system router. I wasn't out there when this occurred and I bet the tech removed the modem from pfSense and plugged the modem directly into their proprietary security system router, then plugged that into pfSense. That has to be the cause at this point, considering it's definitely getting a private IP from some other DHCP server, and that's the only other possibility.
Later today when I get out of work I will go over and switch the cabling around and plug the modem back into pfSense, then the LAN into the switch. Then I will move over the security system router WAN into the switch to get access. I hope they don't give me a fuss, but if they don't give me access to their security system router, how else could I do port forwarding if I'm forced to be double NAT'ed behind their crappy router?
Thanks again guys, sorry for more or less wasting your time. I suppose now would be a good time to ask; Anyone else out there with Comcast home security and pfSense?
All the best,
- Adam -
If you don't want to look at the sniff of when you get an IP, look at the lease in pfsense.
in /var/db you should see a dhclient.interface file
so example
lease {
interface "em0";
fixed-address 24.13.xx.xx;
option subnet-mask 255.255.248.0;
option routers 24.13.xx.xx;
option domain-name-servers 75.75.75.75,75.75.76.76;
option host-name "pfSense";
option domain-name "hsd1.il.comcast.net.";
option broadcast-address 255.255.255.255;
option dhcp-lease-time 345600;
option dhcp-message-type 5;
option dhcp-server-identifier 69.252.202.7;
renew 4 2015/5/28 16:46:18;
rebind 6 2015/5/30 04:46:18;
expire 6 2015/5/30 16:46:18;from there you can see the dhcp server, see how mine is 69.252.202.7
But sniff show you the whole picture.