Changing WAN interface from DHCP to static - Do I need to create a new gateway?

pzanga

We have a single static IP from Comcast Business (using Cisco DPC3941B cable modem) and our pfsense (SG-1100) set up in the DMZ of the CM with a reserved IP. I want to put the CM in pass through mode (Comcast does not support true bridging with static IPs) so the pfsense WAN IP=our static IP. After speaking with Comcast support several times (due to their woefully inadequate documentation on this issue), I have that side of things figured out. Before I move ahead though, I need to clarify something that is confusing me on the pfsense end. I think it is just a discrepancy between the documentation and the observed behavior in the UI, but I want to be as sure as possible before making changes.

When I navigate to interfaces>WAN, I change IPv4 configuration type from DHCP to static IPv4. That brings up the Static IPv4 Configuration block, seen below.

According the the pfsense documentation "The IPv4 Upstream Gateway field is pre-populated with existing IPv4 gateways defined under System > Routing". That made me think that my current IPv4 gateway should be selectable, and would be automatically reconfigured based on my changes. However, as you can see, my current IPv4 gateway (WAN_DHCP) is not an available option.

Now, as I understand it, the WAN_DHCP gateway was created automatically during the initial pfsense set-up, with a gateway IP of "dynamic".

And the documentation states "Deleting a dynamic gateway will clear its custom settings, but the dynamic gateway itself cannot be removed."
So, based on all that, my assumption is that the WAN_DHCP dynamic gateway cannot be "converted" to a static gateway for my new interface configuration, and that is why it is not a selectable option for IPv4 Upstream Gateway and why I need to create a new upstream gateway.
Sorry if I am overthinking this, but I just like to be clear on why things are working the the way they are.

pzanga

Well, after doing some more digging here and elsewhere, I can see that this is WAD. I still can't seem to get things working between the pfsense and the Comcast modem/gateway in pass through.
Keep your eyes peeled for a post about that.

viragomann

@pzanga said in Changing WAN interface from DHCP to static - Do I need to create a new gateway?:

According the the pfsense documentation "The IPv4 Upstream Gateway field is pre-populated with existing IPv4 gateways defined under System > Routing". That made me think that my current IPv4 gateway should be selectable, and would be automatically reconfigured based on my changes.

No, you cannot select a gateway which was assigned by DHCP here. Check the + and enter the gateway IP instead.
However, don't know if pfSense let you enter the IP of an already existing DHCP gateway. So possibly you'll have to select 'none' and save the settings first and in a second turn add the gateway IP.
Consider that this cannot be done from remote.

pzanga

@viragomann

Thanks for the reply.

No, you cannot select a gateway which was assigned by DHCP here. Check the + and enter the gateway IP instead.

I did do that, but like I said I am still having trouble. That is going to require its own post, but the short of it is that once I reconfigure and reboot everything, the WAN gateway shows status as "offline, packetloss". Going to need some help troubleshooting this,

However, don't know if pfSense let you enter the IP of an already existing DHCP gateway. So possibly you'll have to select 'none' and save the settings first and in a second turn add the gateway IP.

Current (working) pfsense WAN IP is a private IP reserved on the ISP CM, and gateway is the CM's LAN IP (in the same 10.1.10.x subnet). The new upstream gateway I created was the gateway IP given by the ISP for our static IP. So different IP from the existing DHCP gateway. I did see a post, either here or Reddit, for a similar issue where it was suggested to create the upstream gateway separately, in system/routing/gateways, then add it to the static interface. Might try that.

Consider that this cannot be done from remote.

Well aware of that. Also need to do it after hours. Luckily I only live 5 minutes from my office.

Thanks again.

viragomann

@pzanga said in Changing WAN interface from DHCP to static - Do I need to create a new gateway?:

The new upstream gateway I created was the gateway IP given by the ISP for our static IP. So different IP from the existing DHCP gateway.

Your modem is still in router mode, as I got you, so that it has an external IP facing to the ISP and an upstream gateway and an internal IP in a separate subnet facing to pfSense WAN interface. So the gateway on pfSense has to be your internal routers IP.

pzanga

@viragomann said in Changing WAN interface from DHCP to static - Do I need to create a new gateway?:

I get what you're saying, and I believe I accounted for all that, but maybe I am missing something. Still a relative noob with more advanced networking, especially when it comes to troubleshooting things when they don't work.

Your modem is still in router mode, as I got you,

I believe you are referring to the "pass-through" mode that Comcast requires if I want to have the pfsense WAN IP be the static public IP from Comcast, as opposed to a true bridging mode?

so that it has an external IP facing to the ISP and an upstream gateway and an internal IP in a separate subnet facing to pfSense WAN interface.

Referring to the image below (from the Comcast CM's network info page) the external IP and upstream gateway are the 174.xxx.xxx.xxx subnet addresses, and the "internal IP in a separate subnet" is the 173.xxx.xxx.10 address (which is our assigned static IP), correct?

Here is some more detail of what I did, if you (or anyone else) wouldn't mind taking a look and seeing if I'm not doing something right. I realize this might not be enough to go on, so just let me know if there are more details needed (and I will likely create a new post, since we are getting off the original topic a bit here).
The static IP info from Comcast is as follows:
CIDR block number: 173.xxx.xxx.8/30
gateway IP: 173.xxx.xxx.9
static IP: 173.xxx.xxx.10
subnet mask: 255.255.255.252

When I attempted to change the WAN interface from DHCP to static I did the following:
First changed Comcast CM to pass through mode, with pfsense disconnected from WAN port, and rebooted; after reboot, CM config looked correct for pass through.
Then I reconfigured the pfsense WAN interface as follows:
Changed IPv4 configuration type to static IPv4, and added the IPv4 address and upstream gateway based on the above info.

Rebooted the pfsense and reconnected the WAN port, and this is what I see:

Note that I did disable the original WAN_DHCP gateway. Finally, here is the gateway config page, although not sure is this adds anything:

As far as I can tell I did everything right, but apparently not. I didn't really do much trouble shooting at the time (it was late and I was getting frustrated), and like I said I need some direction on where to start. I plan on going at this again this weekend. Any thoughts are appreciated. Thanks again.

viragomann

@pzanga
Apart from the gateway down state, does pfSense has internet connection with the new settings?

Gateway down means primarily that the gateway does not response to pings.

pzanga

@viragomann
Like I said, it was late and I was frustrated, so I didn't approach troubleshooting in a methodical way. But I did try pinging the google dns servers (can't remember if I tried the gateway address or not) and the only one that worked was pinging google dns from the WAN using IPv6.

I can tell you that I manually configured my laptop ethernet adapter with the static IP, mask and gateway, along with the default Comcast DNS servers (75.75.75.75/75.75.76.76) and connected directly to the CM. When I did that I did I was able to connect to some websites, but not others. The one that didn't load gave me a DNS error (can't recall the exact wording). I couldn't connect to anything from my PC when going through pfsense.