Not picking up WAN IP address from Cable Modem
-
Good evening all.
First time posting so as you can imagine i'm a bit of a noob when it comes to pfSense.
To get straight to the point, I can't seem to get my WAN port to pick up an DHCP address from my cable modem.
Setup wise:
ISP - Cox (cable)
Modem - Netgear CM1200
pfSense - Dell T3600 workstation (few years old but should do the job)
Cisco 2921
EnGenius WAPISP --> Modem --> Cisco 2921 --> WAP
I'm planning of placing the firewall between the modem and the 2921. The 2921 deals with all the VLANs (i've got 4) etc so the firewall shouldn't really have to do much routing.
So to the firewall, I've got 5 network ports on it - 4 x intel igb0-3 and em0. Initially I was using the WAN port on igb0 and the LAN on igb1 however I got no joy. Searched the forum and came across a post that suggested using em0 - again no joy.
I do find it strange that my 2921 picks up an DHCP address no problem when that is plugged into the modem. I've also power cycled the modem to see if it would drop the connection related to the MAC address but still no joy.
would anyone have any other ideas as its driving me crazy lol.
Thanks in advance :)
-
@gherkin12 Your WAN interface should look something like the image below.
Pay attention to the "Block private networks and loopback addresses" option:
- If your modem is handing out an address in the RFC1918 private network space you want to un-select it.
- If your modem is handing out an address outside of the RFC1918 private network space you want to keep it selected.
-
@hieroglyph thank you, I'll have a look although admittedly I've not been successful in getting the Web gui up at the moment. I'll give it another bash in the morning
-
So this morning, I've plugged my LAN port directly into my 2921 in order to see if i can get anything. Assigned a static address of 192.168.3.5/24 and i can't ping the gateway - i get host is down.
From the 2921 I can ping the gateway and i could ping another device on the vlan, yet i can't ping 192.168.3.5. Am i being totally dumb here as surely with a static address i should be able to ping from the cisco?
-
@gherkin12 Hey, have you looked at the logs on pfsfense? Have you done a packet capture in pfsense to see if the traffic is even leaving the device? Have you verified pfsense is showing the gateway as "up"? Is the ISP device setup to block traffic from certain IP addresses or MAC addresses?
It is almost impossible to help without seeing your configuration. Please send screenshots of your WAN interface page, LAN interface page, WAN firewall rules, LAN firewall rules, Group/Floating firewall rules if applicable, NAT outbound rules, NAT port forward rules, etc...
-
@hieroglyph thanks for getting back to me, the thing is there is no configuration on the system. Its not picking up any IP address using dhcp, even if I give it a static ip address I cannot ping the box or connect to the Web interface, there are no rules configured on the firewall as I cannot connect to it, its literally a fresh install.
With regards to the ISP, its a Netgear CM1200 cable modem, i can't seem to do any configuration on there other than set the username and password, check the strength of the cable signal, set the starting frequency and setup ethernet port aggregation. My Cisco 2921 picks up a DHCP address from the Netgear no problem but the pfsense box doesn't.
-
@gherkin12 Go to your WAN interface, scroll down to DHCP client configuration, Click the advance configuration option, then set timeout to 900 seconds, which is 15 minutes ... should be good to go! Don't forget to save.
-
@nollipfsense I can't mate, I can't access the Web Interface to do that
-
@gherkin12 Connect you pfSense directly to the cable modem, every unit powered off, then boot your cable modem waiting until it completed, then boot pfSense, after that process is over, you should be able to access LAN 192.168.1.1 to make the above configuration change. I would place pfSense after the modem, and I find using a cable modem that doesn't have WIFI better.
-
@nollipfsense ok cool, i'll give it a go when my wife has finished work (i can't take the network down at the moment otherwise she'll kill me lol). with regards to location it was going in between the cable modem and the cisco
-
@nollipfsense Thank you, that seemed to work. Took me a bit to work out how to connect to the LAN interface, for some reason I could only connect through the OPT1 interface, for some reason I couldn't get an address from the LAN port even though they were both setup for DHCP.
Now to play around with the rules so I can get access to the www lol :) again thank you
-
@gherkin12
Hey, I try the very same thing, and everything seemed to work, but why when I restart the computer, it waits 15 minutes? Can I change the settings back after the connection is made -
@mattpdx86 You only add the 15mins if and only if you're not getting a WAN IP with the default time setting.
-
Mmm, that seems like a different problem if it connects after 15m with the default settings. In 2.7?
-
@stephenw10
It gets the ip address after I added the 15 min timeout. I am using Pfsense Plus 23.05.1 -
Ok, we'd have to see the logs without that added to why it was failing to pull an IP address. Usually though it's because the WAN NIC was not linked when the dhcp client tries to run. And that is usually because the upstream modem device takes longer to boot when both it and pfSense are rebooted.
-
@stephenw10
I tried to use another machine, but it failed to pick up an IP address all together -
You tested using pfSense in different hardware? Do the logs show it trying and failing before the WAN link comes up?
The 15min timeout should just allow it to keep trying for 15m, not be forced to wait 15m before connecting.
-
@stephenw10
Had issues getting onto the LAN to access the web configurator to get to the logs. It was a Dell OptiPlex 3010 with a Realtech network card and I was having the same issues but the HP ML110 G7 worked with 2 Intel NICS. This is confusing and I don’t know who I am having this issues. -
Mmm, Realtek NICs can cause problems but link delays are not usually one of them. If Intel NICs work though stick with them. Intel NICs are almost always the best choice.
