Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Problems with flaky internet and pfSense

    Scheduled Pinned Locked Moved General pfSense Questions
    38 Posts 6 Posters 3.9k Views 5 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • bmeeksB Offline
      bmeeks
      last edited by

      Depending on the specific model of cable modem you have, you may need to have pfSense "reject" DHCP lease offers from the internal IP of the cable modem.

      For example, I had a Motorola cable modem where 192.168.100.1 was the internal LAN-side IP of the cable modem. I used the modem in bridge mode so my external public IP for the modem was passed to my pfSense firewall. When the external cable signal went down and the modem went into a carrier search and retrain mode, it would seemingly switch out of bridge mode and offer my firewall WAN an IP address from the modem's internal 192.168.100.0/24 net block. My firewall's WAN interface would happily accept the new IP. However, once the external cable signal came back online and the modem switched to bridge mode again, my WAN would frequently be left holding onto that 192.168.100.x IP address and thus I had no Internet connectivity. I would have to manually "release the lease" and renew to pick back up the bridge mode public IP.

      You can prevent this by putting your cable modem's private LAN IP address in the Reject leases from box on the WAN interface settings page --

      WAN_DHCP_RejectIP.png

      Bob.DigB 1 Reply Last reply Reply Quote 1
      • Bob.DigB Offline
        Bob.Dig LAYER 8 @bmeeks
        last edited by

        @bmeeks I already Block private networks and loopback addresses but if this is something different, I will happily try this. Thank you! ๐Ÿ––

        bmeeksB 1 Reply Last reply Reply Quote 0
        • bmeeksB Offline
          bmeeks @Bob.Dig
          last edited by

          @Bob-Dig said in Problems with flaky internet and pfSense:

          @bmeeks I already Block private networks and loopback addresses but if this is something different, I will happily try this. Thank you! ๐Ÿ––

          Yes, this setting is different from that.

          Bob.DigB 1 Reply Last reply Reply Quote 1
          • Bob.DigB Offline
            Bob.Dig LAYER 8 @bmeeks
            last edited by Bob.Dig

            @bmeeks It will not hurt anyway I guess. โ˜บ

            bmeeksB 1 Reply Last reply Reply Quote 0
            • bmeeksB Offline
              bmeeks @Bob.Dig
              last edited by bmeeks

              @Bob-Dig said in Problems with flaky internet and pfSense:

              @bmeeks It will not hurt anyway. ๐Ÿ‘

              Just be sure to use the actual internal IP (or LAN gateway address) of your cable modem. Your model very well could use a different default internal IP from mine. You can find out by doing some Google research using the brand of your modem.

              Bob.DigB 1 Reply Last reply Reply Quote 0
              • Bob.DigB Offline
                Bob.Dig LAYER 8 @bmeeks
                last edited by

                @bmeeks It is the same here. Although I am wondering how pfsense could still answer the echorequests. But again, it will not hurt to try that.

                1 Reply Last reply Reply Quote 0
                • JKnottJ Offline
                  JKnott @Bob.Dig
                  last edited by

                  @Bob-Dig said in Problems with flaky internet and pfSense:

                  @johnpoz Like I said before it is special. It looks like a NAT-IP, but at the same time it seems exposed, so I can open ports on my side etc. Don't ask me why they do it like that and I have some servers running like WP, Nextcloud etc.. โ˜บ

                  What is your WAN IP address?

                  PfSense running on Qotom mini PC
                  i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                  UniFi AC-Lite access point

                  I haven't lost my mind. It's around here...somewhere...

                  Bob.DigB 1 Reply Last reply Reply Quote 0
                  • Bob.DigB Offline
                    Bob.Dig LAYER 8 @JKnott
                    last edited by

                    What is your WAN IP address?

                    It is different.

                    JKnottJ 1 Reply Last reply Reply Quote 0
                    • JKnottJ Offline
                      JKnott @Bob.Dig
                      last edited by

                      @Bob-Dig said in Problems with flaky internet and pfSense:

                      What is your WAN IP address?

                      It is different.

                      Well, that tells me a lot. What do you mean by different?

                      PfSense running on Qotom mini PC
                      i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                      UniFi AC-Lite access point

                      I haven't lost my mind. It's around here...somewhere...

                      Bob.DigB 1 Reply Last reply Reply Quote 0
                      • Bob.DigB Offline
                        Bob.Dig LAYER 8 @JKnott
                        last edited by Bob.Dig

                        @JKnott It is just a normal IPv4-address. I will not post it here unless "reasons". To be more precise I meant my actual WAN-IP. pfSense has a CG-NAT Address at WAN.

                        JKnottJ 1 Reply Last reply Reply Quote 0
                        • JKnottJ Offline
                          JKnott @Bob.Dig
                          last edited by

                          @Bob-Dig said in Problems with flaky internet and pfSense:

                          To be more precise I meant my actual WAN-IP. pfSense has a CG-NAT Address at WAN

                          If it actually is a CG-NAT address, then you can announce it far and wide, as it's impossible for anyone to reach it from elsewhere.

                          PfSense running on Qotom mini PC
                          i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                          UniFi AC-Lite access point

                          I haven't lost my mind. It's around here...somewhere...

                          Bob.DigB 1 Reply Last reply Reply Quote 0
                          • Bob.DigB Offline
                            Bob.Dig LAYER 8 @JKnott
                            last edited by Bob.Dig

                            @JKnott True but also pointless. I mean it is running now.

                            JKnottJ 1 Reply Last reply Reply Quote 0
                            • JKnottJ Offline
                              JKnott @Bob.Dig
                              last edited by

                              @Bob-Dig said in Problems with flaky internet and pfSense:

                              @JKnott True but also pointless. I mean it is running now.

                              <sigh>

                              Go to www.grc.com and click on Services > ShieldsUp!. This will show you your "real" address, as seen by the rest of the world. You can then do a port scan to see what ports are open. Try opening some ports and see if they show up in the scan. If you don't see them, then the real address is not mapped to your CG-NAT address. In that case, ping will not reach your network from elsewhere.

                              PfSense running on Qotom mini PC
                              i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                              UniFi AC-Lite access point

                              I haven't lost my mind. It's around here...somewhere...

                              Bob.DigB 1 Reply Last reply Reply Quote 0
                              • Bob.DigB Offline
                                Bob.Dig LAYER 8 @JKnott
                                last edited by Bob.Dig

                                @JKnott You are missing the point. I already told here that I run servers at home and can open ports etc.
                                I know this special NAT my ISP is doing is very interesting for you guys, I have to explain this all the time when I mention it here. ๐Ÿ˜…

                                @Bob-Dig said in Problems with flaky internet and pfSense:

                                @johnpoz Like I said before it is special. It looks like a NAT-IP, but at the same time it seems exposed, so I can open ports on my side etc. Don't ask me why they do it like that and I have some servers running like WP, Nextcloud etc.. โ˜บ

                                But please let us stay on topic, thank you.

                                1 Reply Last reply Reply Quote 0
                                • Bob.DigB Offline
                                  Bob.Dig LAYER 8
                                  last edited by Bob.Dig

                                  So today, sadly, I just experienced it again. My connection came up several times after going down and in the end of this flakyness I had no internet on the clients, in between, the clients had internet... PfSense shows "online", I even had configured an external monitoring IP this time.
                                  Renewing the dhcp-lease manually on WAN solved it instantly for the clients. โ˜น

                                  bmeeksB 1 Reply Last reply Reply Quote 0
                                  • bmeeksB Offline
                                    bmeeks @Bob.Dig
                                    last edited by bmeeks

                                    @Bob-Dig said in Problems with flaky internet and pfSense:

                                    So today, sadly, I just experienced it again. My connection came up several times after going down and in the end of this flakyness I had no internet on the clients, in between, the clients had internet... PfSense shows "online", I even had configured an external monitoring IP this time.
                                    Renewing the dhcp-lease manually on WAN solved it instantly for the clients. โ˜น

                                    Sounds like something weird going on between your ISP's DHCP server and the DHCP client inside pfSense for the WAN.

                                    So before you did the manual lease renew, was your WAN showing the correct public IP address? And did that IP address change after you did the manual renew?

                                    Bob.DigB 1 Reply Last reply Reply Quote 0
                                    • Bob.DigB Offline
                                      Bob.Dig LAYER 8 @bmeeks
                                      last edited by Bob.Dig

                                      @bmeeks In my case it is an CG-NAT-Address, so I haven't watched it closely. My (external) WAN-IP-Address didn't changed and I think that pfSense had a connection... but didn't "shared" it.
                                      Next time i will do some ping-tests within pfSense and watch those IPs more closely.

                                      Btw your "trick" helped me anyways I think, I had peace for 20 days but this connection here is just... โ˜น

                                      bmeeksB 1 Reply Last reply Reply Quote 0
                                      • bmeeksB Offline
                                        bmeeks @Bob.Dig
                                        last edited by

                                        @Bob-Dig said in Problems with flaky internet and pfSense:

                                        @bmeeks In my case it is an CG-NAT-Address, so I haven't watched it closely. My (external) WAN-IP-Address didn't changed and I think that pfSense had a connection... but didn't "shared" it.
                                        Next time i will do some ping-tests within pfSense and watch those IPs more closely.

                                        Btw your "trick" helped me anyways I think, I had peace for 20 days but this connection here is just... โ˜น

                                        When I said "public IP" what I really mean is whatever the "normal and working" IP should be. Whether it is CG NAT or a true public IP would not matter. You would just be looking to see what it is when it is not working, and then compare that to what it is when the connection is working. That info might help with troubleshooting.

                                        1 Reply Last reply Reply Quote 1
                                        • Bob.DigB Offline
                                          Bob.Dig LAYER 8
                                          last edited by Bob.Dig

                                          And here we go again...
                                          abc.PNG
                                          I see no difference. Ping from within pfSense to a Website also failed. After renewing instant internet.

                                          1 Reply Last reply Reply Quote 0
                                          • bmeeksB Offline
                                            bmeeks
                                            last edited by bmeeks

                                            I see now that you appear to be running pfSense on a Hyper-V host (the hn0 NIC driver is a virtualized NIC for Hyper-V).

                                            Some quick Google searching found a few posts about issues with that NIC driver and FreeBSD 11. That might be the root of your problem.

                                            Maybe you mentioned it earlier in the thread and I missed it, but knowing that you have pfSense virtualized and on which platform is very valuable information. Virtualized hardware is NOT the same as physical hardware of course, and the drivers used are different.

                                            1 Reply Last reply Reply Quote 1
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.