WAN IP
-
Hi guys!
Just want to check if there's a work around for this, I'm getting two different ip addresses from my WAN, we're using DYNDNS, basically for me to remotely access our pfsense box (i know this is not advisable, and should set up VPN). Please see attached screen shot. With these two different ip address, I cannot access our pfsense box remotely.
TIA!
ast
![Screen Shot 2017-08-03 at 9.42.00 AM copy.jpg](/public/imported_attachments/1/Screen Shot 2017-08-03 at 9.42.00 AM copy.jpg)
![Screen Shot 2017-08-03 at 9.42.00 AM copy.jpg_thumb](/public/imported_attachments/1/Screen Shot 2017-08-03 at 9.42.00 AM copy.jpg_thumb) -
What IP address do you get when you go to: http://checkip.dyndns.org
-
What IP address do you get when you go to: http://checkip.dyndns.org
from my screen capture, its the 112.xxx.xxx.xxx
-
@ast:
What IP address do you get when you go to: http://checkip.dyndns.org
from my screen capture, its the 112.xxx.xxx.xxx
Okay, that's interesting. pfSense is seeing a DHCP address that it's been given as the border IP address, but external sites are seeing the 112.x.x.x address. That means there is another device upstream that may be NATing other devices downstream.
I would contact your ISP and ask them why there is a difference.
-
Just wondering if you guys know of a workaround for this issue?
-
Seems like your traffic is being translated on the way out by something. Your ISP is the best place to ask.
-
https://en.wikipedia.org/wiki/Carrier-grade_NAT your local WAN address matches it.
-
Nice. That's one I (thankfully) don't deal with every day.
-
https://en.wikipedia.org/wiki/Carrier-grade_NAT your local WAN address matches it.
Of course, for NAT they should be using RFC1918 addresses to the customer. Hopefully there's no real world address they want to reach that's on the same subnet.
-
Of course, for NAT they should be using RFC1918 addresses to the customer. Hopefully there's no real world address they want to reach that's on the same subnet.
You might want to actually read that wikipedia article.
-
Are there any work round for us to 'forcefully' connect to our pfsense for remote access? :D take note of the word 'forcefully' haha
-
No. Upstream has to forward to you. pfSense cannot do anything to allow inbound connections if the connection doesn't arrive on the interface in the first place.
You could use an OpenVPN client to connect to a fixed location and route over that but you cannot run an OpenVPN server without a port forward.
Again, your ISP is the one to contact about the behavior of their network outside your WAN interface. Why the hesitation there?
-
Why the hesitation there?
He's probably a Comcast or Verizon customer.