Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    WAN IP

    Scheduled Pinned Locked Moved General pfSense Questions
    13 Posts 6 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tim.mcmanus
      last edited by

      What IP address do you get when you go to:  http://checkip.dyndns.org

      1 Reply Last reply Reply Quote 0
      • A
        ast
        last edited by

        @tim.mcmanus:

        What IP address do you get when you go to:  http://checkip.dyndns.org

        from my screen capture, its the 112.xxx.xxx.xxx

        1 Reply Last reply Reply Quote 0
        • T
          tim.mcmanus
          last edited by

          @ast:

          @tim.mcmanus:

          What IP address do you get when you go to:  http://checkip.dyndns.org

          from my screen capture, its the 112.xxx.xxx.xxx

          Okay, that's interesting.  pfSense is seeing a DHCP address that it's been given as the border IP address, but external sites are seeing the 112.x.x.x address.  That means there is another device upstream that may be NATing other devices downstream.

          I would contact your ISP and ask them why there is a difference.

          1 Reply Last reply Reply Quote 0
          • A
            ast
            last edited by

            Just wondering if you guys know of a workaround for this issue?

            1 Reply Last reply Reply Quote 0
            • DerelictD
              Derelict LAYER 8 Netgate
              last edited by

              Seems like your traffic is being translated on the way out by something. Your ISP is the best place to ask.

              Chattanooga, Tennessee, USA
              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              1 Reply Last reply Reply Quote 0
              • GrimsonG
                Grimson Banned
                last edited by

                https://en.wikipedia.org/wiki/Carrier-grade_NAT your local WAN address matches it.

                1 Reply Last reply Reply Quote 0
                • DerelictD
                  Derelict LAYER 8 Netgate
                  last edited by

                  Nice. That's one I (thankfully) don't deal with every day.

                  Chattanooga, Tennessee, USA
                  A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                  DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                  Do Not Chat For Help! NO_WAN_EGRESS(TM)

                  1 Reply Last reply Reply Quote 0
                  • JKnottJ
                    JKnott
                    last edited by

                    @Grimson:

                    https://en.wikipedia.org/wiki/Carrier-grade_NAT your local WAN address matches it.

                    Of course, for NAT they should be using RFC1918 addresses to the customer.  Hopefully there's no real world address they want to reach that's on the same subnet.

                    PfSense running on Qotom mini PC
                    i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                    UniFi AC-Lite access point

                    I haven't lost my mind. It's around here...somewhere...

                    1 Reply Last reply Reply Quote 0
                    • GrimsonG
                      Grimson Banned
                      last edited by

                      @JKnott:

                      Of course, for NAT they should be using RFC1918 addresses to the customer.  Hopefully there's no real world address they want to reach that's on the same subnet.

                      You might want to actually read that wikipedia article.

                      1 Reply Last reply Reply Quote 0
                      • A
                        ast
                        last edited by

                        Are there any work round for us to 'forcefully' connect to our pfsense for remote access? :D take note of the word 'forcefully' haha

                        1 Reply Last reply Reply Quote 0
                        • DerelictD
                          Derelict LAYER 8 Netgate
                          last edited by

                          No. Upstream has to forward to you. pfSense cannot do anything to allow inbound connections if the connection doesn't arrive on the interface in the first place.

                          You could use an OpenVPN client to connect to a fixed location and route over that but you cannot run an OpenVPN server without a port forward.

                          Again, your ISP is the one to contact about the behavior of their network outside your WAN interface. Why the hesitation there?

                          Chattanooga, Tennessee, USA
                          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                          Do Not Chat For Help! NO_WAN_EGRESS(TM)

                          1 Reply Last reply Reply Quote 0
                          • KOMK
                            KOM
                            last edited by

                            Why the hesitation there?

                            He's probably a Comcast or Verizon customer.

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.