[WORKAROUND] Gateways offline or can't dhcp or dhcp6 with new level of Comcast modem
-
@hda:
I'm sorry I wasn't clear:
…Bridge between which of your devices ?
Why won't you have the real public IPv4 on the pfSense-WAN ?
You know, pfSense is designed to manage the public side of your premises.
Doesn't Comcast do dual-stack IPv4&v6 ? are you on a CGNAT ?Cable Modem (CM) is in bridge mode, I.e. Not acting as NAT or router. Real IPv4 and IPv6 on the WAN port of pfSense. Cable-co-ax side of CM is not visible but says IPv6 only in CM diagnostic page. CM only directly acts as DHCP server before cable side is up and then sends the expire as soon as it is up to force DHCP on the "real" Comcast servers.
-
I understand the specific case now. You need advice from a Comcast comrade ;)
-
Your rebooting the cable modem each time you change a device on it's LAN port? Cable plants only allow one or two (depending on the ISP) mac addresses.
I remember past complaints of this same thing here by other Comcast customers. Can you switch interfaces and try the opposite or one of the other interface(s) on your pfSense box as the WAN?
And yea- don't install anything older than the present stable release. Never (usually) recommended.
-
What's different/broken in 2.2 that requires reverting to 2.1?
If it is running not on one version it would be not a failure, to try out one lower version and one higher version
that you will be able to determined that the failure is not owed to only one version! -
Your rebooting the cable modem each time you change a device on it's LAN port? Cable plants only allow one or two (depending on the ISP) mac addresses.
I remember past complaints of this same thing here by other Comcast customers. Can you switch interfaces and try the opposite or one of the other interface(s) on your pfSense box as the WAN?
And yea- don't install anything older than the present stable release. Never (usually) recommended.
Yes I'm rebooting the CM (power cycle) every time I change the MAC of the device attached to it, and yes, that's required.
I've tried modifying the MAC address and using the normally OPT1 (re0) interface as the WAN instead, just in case of a sudden Port problem, no difference.
As I said the current stable release was working fine as, was previous 2.1 releases with no configuration changes.
-
WORKAROUND - Root cause still unknown
A clean install of 2.2.4-RELEASE worked, but a restore of the saved config.xml file borked it exactly the same way. After carefully restoring individual parts of the backed up config.xml, only "system" caused problems. That still leaves one heck of a lot of stuff to redo manually including certificates, users, packages, and so on. I'd still like to know what the fsck causes this in that XML file because to the best of my ability I've configured the missing pieces the same as before from my notes.maybe I'll try and diff the new config.xml with the "Bad" one and see if anything jumps out…
-
The dhclient logs look like what you'd see if the link to the modem were flapping. I can't think of anything relevant to that that'd be in the system portion of the config though. Is there some difference in interface configuration that maybe you didn't bring across? Maybe no MAC spoofing?
-
@cmb:
The dhclient logs look like what you'd see if the link to the modem were flapping. I can't think of anything relevant to that that'd be in the system portion of the config though. Is there some difference in interface configuration that maybe you didn't bring across? Maybe no MAC spoofing?
Nope. I didn't take screenshots but the interface page should be identical as I entered it from my notes. If you can tell me the relevant keys I'll compare Config.xml files.
I tried it both with and without MAC spoofing, it made no difference. All a MAC change requires is a reboot of the CM.
-
Is the WAN actually link flapping in that case? See re0 link down/up messages in the system log, see the modem and/or WAN NIC losing its link light?
-
@cmb:
Is the WAN actually link flapping in that case? See re0 link down/up messages in the system log, see the modem and/or WAN NIC losing its link light?
Apologies for being unclear. No, by those tests it was not flapping. I usually have a small switch between re1 and the CM to prevent exactly this and dhcpv6 annoyances. I tested both with and without the switch in the middle and the result was the same. (re1 - WAN on the APU2 - and the CM Ethernet port are the only things on that switch.)
