HELP! Comcast Ethernet Dedicated Service and setup
-
If you needed NAT, I would think you could just get away with using your WAN 24.xx.xx.134 address as the NAT inside global address.
Those "LAN" addresses are ones you could set if you needed publicly accessible addresses, such as a DMZ for servers. You'd probably want to set up another interface on pfsense to handle this and assign it the appropriate settings to handle traffic for that subnet (24.xx.xx.32/28).
-
There are 2 sides to your pfSense router, the WAN side and the LAN. It is possible to have multiple LANs. You were assigned an address for the WAN side. You that to configure your WAN interface. On the LAN side, you have up to 6 usable public addresses but have many more devices, which will require NAT. In this situation, you'd typically have one LAN for those public addresses and a 2nd LAN for the NAT devices. PfSense can route as appropriate for public and NAT addresses. However, I have not set up such a configuration, so someone else will have to provide the details. Incidentally, a separate network for public addresses is commonly called a DeMilitarized Zone (DMZ), which provides additional protection between the publicly reachable devices and the internal LAN. PfSense supports this.
-
The easiest way to do this is to put the /30 on your WAN and use the /28 for VIPs off the WAN. Comcast is just calling it a LAN block- you can use those IPs as CARP or Alias VIPs on your WAN. Leave the LAN like it was before.
-
Thank you both for all of you help but you've both completely lost me.
Backing up.
I previously had the pfSense server working with a DSL modem.So what I did when I got the fiber was only change the WAN connection to static 24.xx.xx.134 with a gateway of 24.xx.xx.133 figuring that would connect me to the internet and with pfSense performing Private LAN to WAN NAT like it had been.
I got no connection to the internet. So I though maybe I had to route my traffic though one of the Public Lan address still no luck.
Here is the only diagram from Comcast that I can find explaining their EDI.
At this point all I want to do is connect my private lan through the pfSense to the internet no public addresses.
Thanks -
Hi dotdash,
Curious your name have anything to do with morse??
Appreciate any help you can give me. All I want to do is just connect my pfSense firewall to the internet like it had been with DSL but I've run into a nightmare of nothing working.
I don't need any public ip address just access so devices can connect but it just doesn't seem to work.
Any pointers to get myself an internet connection over this stupid fiber would be appreciated.
-
Go back to the way you had it when you first configured it after the move from the DSL. Once this is done, test with the diagnostics if you can ping from PFSense to the gateway address (24.xx.xx.133). If this works, and since you're using static IP addressing, what have you configured for DNS?
-
Ok went back to the dsl and checked.
Pinging modem and Internet was working.Move wan back to fiber and set static 24.xx.xx.134 and gateway 24.xx.xx.133 only changes made
Ping failed to 24.xx.xx.133 100% loss
Ping failed to 24.xx.xx.132 100% loss (Link IP Address)I even tried changing my gateway to 24.xx.xx.132 which is supposed to be my Link IP and it also gives me a 100% loss on ping.
If I'm not mistaken this means something is wrong with Comcast's equipment???
-
You got rid of the virtual address on the WAN too, right? The 24.xx.xx.33 one and the outbound NAT stuff associated with that? That's the only other thing I could think of is that maybe it's trying to use this virtual address still when pinging.
edit: also your link address is the network address, 135 is broadcast, 133 and 134 are your only two host addresses on this subnet.
-
Yep VIP deleted before the ping test.
100% loss. -
If everything is set as you claim, don't take it the wrong way, but are you sure subnet masks are correct? Your original post didn't mention if you had set /30 prefix for the static IP on the WAN IP address (it defaults to /32, not gonna talk to much else with that). If everything's set correctly, a reboot of pfsense can't hurt anything either.
-
Hi dotdash,
Curious your name have anything to do with morse??
Only in a roundabout way. It's actually a reference to a Wire song.
Anyway, this shouldn't be so hard. I've done similar setups. Comcast usually takes the last usable, so try the /30 with 133 on your pfSense WAN and 134 as the default gateway. Do a packet capture on WAN if you can't arp the gateway. -
I just found out.
At this point it turned out to be a Comcast problem.
My connection is dead so it wasn't my mistake at all.I'm not saying I wont still need help when they fix their part so I could be back shortly.
I do want the say thank you Thank you THANK YOU!!!!!!.
To everyone that replied.
Gadgets
-
So what was the final solution to this pfsense issue? I was thinking that you had to place the comcast router in Bridge Mode and then it would work for you. But would like to hear what was the final answer. thanks -Hope it is working.
-
Seems like it was not a pfSense issue at all. It should have worked in any of the suggested configurations but there was no response from the Comcast gateway.
Steve
