pfSense Spectrum
-
@StacyAnn33 Yes, post your WAN/LAN settings. You may want to pick up a copy of the pfSense book from https://docs.netgate.com/pfsense/en/latest/book/index.html and review https://docs.netgate.com/pfsense/en/latest/book/install/index.html
-
My WAN settings are totally configured by DHCP from Spectrum.
My LAN Settings are 7.7.7.1/16.
I do have Opt1 as 8.8.8.1/16
Opt2 10.10.10.1/16
Opt 3 9.9.9.1/16Now when I unplug my Spectrum Modem and allow it to reset before plugging the net cable into my watchguard firebox with pfSense installed and I plug the modem back in and allow it to boot up, the only connection that seems to be active is the WAN as it is configured via DHCP from Spectrum. Like I said previously I cannot get a connection on my LAN at all. Which the way I want my entire home network setup is Spectrum modem > pfSense > Cisco 2960 switch > Patch Panel, with the patch panel being the end of it as it will get connections from either pfSense or my switch via DHCP. Oh, I forgot one, I'll also have my linksys router for Wifi Connections as I do have several wifi devices, which would hopefully have it's own IP Address or it will acquire one from either Opt1-Opt3 interfaces. I simply may have to switch it to bridge mode for that to work how I want it to.
Yes, I will happily get myself a copy of the pfSense book as well as review the other link so more familiarize myself with pfSense. I do ofcourse appreciate the help as well.
-
I hope those are not your real IP addresses.. 7.7.7.0 belongs to the department of defense and 8.8.8.0 belongs to Google.
Static IPs work just fine on the pfsense WAN. If the static you are attempting to use really does belong to you and you have set it up correctly it will work. The OP in the link you provided had other configuration issues obviously. Like I said in that post.. My Spectrum customers all work just fine.
Im betting you have no reason at all to be using /16 on your networks.. You should make those a more realistic number.
-
This should work without any special setup. You don't even need to uncheck
Block private networks and loopback addressessince that only applies to incoming connections.Assuming here that you are not just trying to access the modem it sounds like you just have a subnet conflict. Probably both your Spectrum modem (actually a router) and pfSense are using 192.168.1.0/24 on their LANs. Also assuming those IPs above are not what you actually have there. If they are then, yeah, that's completely invalid, change those subnets to real private address space.
Steve
-
Ok, I didn't know that those two addresses where used by Google and the DoD. I have been using the 7.7.7.0 address for quite some time and have never had an issue with it until now. I will change them both when I get home from Thanksgiving tonight. I will also double check everything else as well. I hope everyone has a good Thanksgiving.
-
Just to be clear are you getting a public IP on the pfSense WAN via DHCP?
It looked like you are not initially but now I'm unsure...
Steve
-
Yes, I do get a public IP on the WAN interface. It's the LAN, Opt1, Opt2 and Opt3 all have no connection even with a statitc IP.
-
https://en.wikipedia.org/wiki/Private_network
-
Ok, so if you are getting a public IP on WAN then check you can connect out from pfSense itself. In webgui go to Diag > Ping and try to ping an fqdn, say, google.com. If that fails try 8.8.8.8.
If those succeed but clients inside cannot connect you may have a NAT problem, check Firewall > NAT > Outbound mode is set to automatic.
Or it could be a bad route, check you have a default route showing in Diag > Routes.Steve
-
@StacyAnn33 said in pfSense Spectrum:
where used by Google and the DoD. I have been using the 7.7.7.0 address for quite some time and have never had an issue with it until now.
Wait .... you choose these IP's yourself for your own usage ??
You saw any of these lately in your neighbourhood ?
-
Ha. I mean it's bad, you shouldn't do it, but it's all NAT'd it would only prevent you reaching any IPs in those subnets.
-
@stephenw10 said in pfSense Spectrum:
only prevent you reaching any IPs in those subnets.
Well, here we are :
@StacyAnn33 said in pfSense Spectrum:
and have never had an issue with it until now.
Example : if you use 7.7.7.0/24 on your LAN, you can't reach 7.7.7.0/24 on the Internet.
-
Gertjan,
Um, Yes I've seen those around since I do happen to live near a National Guard post. So yes, I do tend to see them from time to time. Yes, I chose them for myself and I never had an issue reaching google before. I kid you not, I do live next to a National Guard post and I had no previous issue reaching google. But with that said I did change them last night and was going to test what stephenw10 mentioned.
-
Ok. I have figured out the issue. I am just a little unsure how to fix it. Issue is a gateway issue. That is the only thing that is stopping me from being able to ping anything straight from pfSense. Once I figure that out I should be ok. Everything else looks like it's set right.
-
What sort of gateway issue? Not there? Doesn't respond to ping? No default route?
Steve
-
It responds to ping. Default Gateway is set as WAN static IP. Which I did change to a more appropriate private address space. There is no default route. Gateway is set for DNS servers in General Setup. So yes, there is no default route.
-
You said your WAN is DHCP and receives a public IP address. It should therefore receive a gateway from the ISP at the same time and that will be the default gateway unless you have any other gateways defined (which you should not).
What is configured as the default IPv4 gateway in System > Routing > Gateways?
Set it as the WAN_DHCP gateway if it is not.Steve
-
@stephenw10 ok, I really got stupid for a bit.i have to admit I didn't even realize my linksys router was set to dhcp for the wan port. I've been in and around its firmware more than enough that I should have known that. But oddly enough I didnt. So I just did exactly what you said without knowing you had said to do that for a few minutes. So now its working as it should. So yes I seriously got stupid for a bit.
-
It's easy to overlook stuff especially when you've been trying things over several days.
So is it up and running as expected now?
Steve
-
Yes, the only thing left for me to do is get my wireless router connected up to it. Thanks everyone for all the help. I really learned something along the way.
