Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfSense responding to 192.168.1.1 after I changed the subnet

    Scheduled Pinned Locked Moved NAT
    12 Posts 3 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      warheat1990
      last edited by

      Here's the packet capture result (red tint is my public IP). I don't have enough knowledge to read Wireshark but I think you're right. The 192.168.1.1 is from outside my network. I made sure of this by shutting down the WAN and I no longer get a response from 192.168.1.1. Thanks

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        exactly..  So look at the mac address of the reply traffic and it will tell you from where the answer came from on the L2 network your wan is connected to..

        The response is VERY QUICK!!!  So what is your wan connected too.. A isp device of some kind a different router/modem.. That would be my guess to what is responding.. For example many cable modems respond to 192.168.100.1 and that is where you access the web gui of the cable modem.

        Did you try just accessing that IP in your browser?  Notice the mac in my sniff, which is cadant - which is arris/motoral, etc..  Ie my cable modem.

        pingmacaddress.png
        pingmacaddress.png_thumb

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • W
          warheat1990
          last edited by

          @johnpoz:

          exactly..  So look at the mac address of the reply traffic and it will tell you from where the answer came from on the L2 network your wan is connected to..

          The response is VERY QUICK!!!  So what is your wan connected too.. A isp device of some kind a different router/modem.. That would be my guess to what is responding.. For example many cable modems respond to 192.168.100.1 and that is where you access the web gui of the cable modem.

          Did you try just accessing that IP in your browser?  Notice the mac in my sniff, which is cadant - which is arris/motoral, etc..  Ie my cable modem.

          How do you get the MAC address in your wireshark? Mine says Null/loopback. Anyway, no I can't access the modem GUI with 192.168.1.1.

          My diagram is something like this

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            huh??  That makes no sense..

            You have your modem/router connected to lan so you can access what??

            What modem router do you have?  The switch ports on most of those are dumb.. So you just connected your wan layer 2 to your lan layer 2.. Even if the switch is managed.

            As to your wireshark showing loopback?  Makes zero sense if you downloading your capture from pfsense diag packet capture page.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • W
              warheat1990
              last edited by

              @johnpoz:

              huh??  That makes no sense..

              You have your modem/router connected to lan so you can access what??

              What modem router do you have?  The switch ports on most of those are dumb.. So you just connected your wan layer 2 to your lan layer 2.. Even if the switch is managed.

              As to your wireshark showing loopback?  Makes zero sense if you downloading your capture from pfsense diag packet capture page.

              My modem router provided by ISP is ZTE F609, it came with 4 ports of ethernet and I set port number 2 in bridge mode and connect it to my pfSense WAN.

              This has one problem, I no longer have access to ZTE F609 GUI from my LAN, so what I did is I set the IP address in ZTE F609 to match my LAN network

              Then I connect one of the port to my switch and now ZTE F609 GUI is now accessible to my LAN via 192.168.0.6.

              Does that make sense?

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by

                while you can put specific port in bridge mode.. that should hopefully put it on a different layer 2.

                But why exactly do you need access to this isp device page if your using pfsense? Are you using it for wifi? bridged to the lan ports of the device?

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • DerelictD
                  Derelict LAYER 8 Netgate
                  last edited by

                  That sort of smells like a shared IPMI port or something.

                  Why are you whiting out/obfuscating MAC addresses? Nobody knows or cares what your MAC addresses are.

                  Chattanooga, Tennessee, USA
                  A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                  DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                  Do Not Chat For Help! NO_WAN_EGRESS(TM)

                  1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator
                    last edited by

                    Yeah you do understand that if you were seeing 192.168.1.1 respond when you only had the wan connected to your "bridge" interface in your isp device that clearly there is not true separation..

                    Why could you not just access isp device via the 192.168.1.1 address when you had it just connected to the wan.. If need be you could of created a vip on the pfsense wan in the 192.168.1 network.

                    My modem is at 192.168.100.1 and I can access it without any issues not having to do anything, since the traffic goes out the wan, and it answers, etc.  I would be very hesitant in connecting wan and lan together like that unless you were sure there was isolation of it at the isp device.

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                    1 Reply Last reply Reply Quote 0
                    • W
                      warheat1990
                      last edited by

                      @johnpoz:

                      Yeah you do understand that if you were seeing 192.168.1.1 respond when you only had the wan connected to your "bridge" interface in your isp device that clearly there is not true separation..

                      I see, can you elaborate on the separation thing? What are the cons? Any advice on how it should be done? I have limited networking knowledge and just learn through reading on the internet and youtube video, but I can say for sure that I can't access 192.168.1.1 no matter what, I can only ping it if my WAN is connected.

                      The real reason I need to have access to the GUI because all of the WAN settings will reset back to default when this device lost power (I keep it on 24/7 but I don't have a UPS in a scenario when I get an outage, luckily I didn't happen often, like few times a year), that means bridge mode will deactivate and I'll have to turn it back on, my ISP also provide phone and cable TV (all connected to this device).

                      But I follow your advice and just disconnected it from my LAN just now.

                      1 Reply Last reply Reply Quote 0
                      • johnpozJ
                        johnpoz LAYER 8 Global Moderator
                        last edited by

                        If the ports are not on a different Layer 2 network, then broadcast traffic that is on your lan could be seen on your wan.  And vice versa.  Depending on what that isp device is doing it could be possible for internet traffic to have access to your lan since you in essence connect your lan to the wan (internet) bypassing the firewall.  Now hopefully the isp device is firewalling etc.  But if you for example setup a dmz host by accident on the isp router it could forward internet traffic into your lan bypassing your pfsense firewall.

                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                        If you get confused: Listen to the Music Play
                        Please don't Chat/PM me for help, unless mod related
                        SG-4860 24.11 | Lab VMs 2.8, 24.11

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.