PFsense connected with a Cable Modem/Router

marvosa

First, I would call the ISP and have them put the modem into bridge mode to verify the unit is actually in bridge mode.  Once that is done:

• Remove power from both the modem and PFsense

• Reseat the patch cable going from the modem to PFsense on both ends

• Power on the modem, then wait until you see the online/WAN/Internet light go solid green

• Once the WAN light is solid green on the modem, power on PFsense

• Upon successful boot, PFsense should have an external IP.  If not, the modem is not in bridge mode and you will need to escalate to your ISP.

If possible, have the tech stay on the line with you as you're doing the work, so they can troubleshoot right away instead of you sitting in the queue again.

gandolf

My comcast modem does the same thing if it loses connection to the ISP. You may lose the connection as well since you got the DNS error.

bradtn

So I did as you suggested. I powered down both boxes and re-seated cable I powered down modem and kept powered down for a good 10 mins. I then powered it up and waiting some 10 mins after that before powering up pfsense. I booted up Pfsense I then connected a cable from the second lan port on my physical pfsense box to the unmanaged switch where I hopped on my desktop which is plugged into said switch. I was pleasantly surprised to seemingly have internet access and able to get on websites etc. I logged into pfsense to check it out figuring I would see proper IP . Instead what I saw was WAN - N/A where as before I was getting WAN - 192.168.1.111 I dont know what is going on or what I can do here…

marvosa

There are several things you can check, but I would close and reopen your browser and/or open a new tab, then access the GUI again.  You can even try clearing your cache.

You can also check the console or do an "ifconfig" from the shell.

guardian

Make sure that you don't have Block Private Networks enabled (or a pfBlocker/Suricata/Snort) rule that trips when it sees a 192.168.x.x packet.  I've been trying to get up to speed on setting up pfSense and for now have to run behind a similar NAT… box has been up for about 3 weeks no sweat, so unless the modem is going down, you should be fine.

Derelict

What does Status > Interfaces say for WAN?

bradtn

@guardian:

Make sure that you don't have Block Private Networks enabled (or a pfBlocker/Suricata/Snort) rule that trips when it sees a 192.168.x.x packet.  I've been trying to get up to speed on setting up pfSense and for now have to run behind a similar NAT… box has been up for about 3 weeks no sweat, so unless the modem is going down, you should be fine.

Where Do I find said settings?

guardian

@bradtn:

@guardian:

Make sure that you don't have Block Private Networks enabled (or a pfBlocker/Suricata/Snort) rule that trips when it sees a 192.168.x.x packet.  I've been trying to get up to speed on setting up pfSense and for now have to run behind a similar NAT… box has been up for about 3 weeks no sweat, so unless the modem is going down, you should be fine.

Where Do I find said settings?

Look under    Interfaces / WAN or    Interfaces / LAN - at the bottom under Reserved Networks (If you are using the new 2.3.1 or 2.3.2 interface)

are you using any of  these: pfBlocker/Suricata/Snort?  If so, then you need to check the rules/blocklists - Firewall log should give you a hint if you are seeing stuff blocked.

bradtn

@guardian:

@bradtn:

@guardian:

Make sure that you don't have Block Private Networks enabled (or a pfBlocker/Suricata/Snort) rule that trips when it sees a 192.168.x.x packet.  I've been trying to get up to speed on setting up pfSense and for now have to run behind a similar NAT… box has been up for about 3 weeks no sweat, so unless the modem is going down, you should be fine.

Where Do I find said settings?

Look under    Interfaces / WAN or    Interfaces / LAN - at the bottom under Reserved Networks (If you are using the new 2.3.1 or 2.3.2 interface)

are you using any of  these: pfBlocker/Suricata/Snort?  If so, then you need to check the rules/blocklists - Firewall log should give you a hint if you are seeing stuff blocked.

Its a fresh install so I do not believe so?

Derelict

You bring down Status, then Interfaces, then copy and paste what it has for WAN.

guardian

@bradtn:

@guardian:

@bradtn:

@guardian:

Make sure that you don't have Block Private Networks enabled (or a pfBlocker/Suricata/Snort) rule that trips when it sees a 192.168.x.x packet.  I've been trying to get up to speed on setting up pfSense and for now have to run behind a similar NAT… box has been up for about 3 weeks no sweat, so unless the modem is going down, you should be fine.

Where Do I find said settings?

Look under    Interfaces / WAN or    Interfaces / LAN - at the bottom under Reserved Networks (If you are using the new 2.3.1 or 2.3.2 interface)

are you using any of  these: pfBlocker/Suricata/Snort?  If so, then you need to check the rules/blocklists - Firewall log should give you a hint if you are seeing stuff blocked.

Its a fresh install so I do not believe so?

If I recall correctly they are CHECKED BY DEFAULT