WAN not connecting with bridge modem rogers cable

KOM

@learner The modem bonds to the MAC address behind it. Try powering off your modem for 30 seconds and then boot it up. It should resync to the MAC of your pfSense WAN NIC.

learner

@kom
i will give this try again for 30 seconds or more. I have done the power cycle for the modem by taking the power cable out and plunging back after few seconds,

I even tried swaping the em0 and em1 ports making WAN em1, still no success

marvosa

@learner said in WAN not connecting with bridge modem rogers cable:

rogers Cable Modem (bridge mode) --> pf-sense 2.5.2 CE WAN with Static ip4/32 + DNS provided by ISP.

Just out of curiosity, you're not actually configuring your WAN with a /32, are you?

Also, did you just recently replace the Linksys with PFsense? What happens if you clone the MAC of the Linksys? If that works, you may have to call your ISP to have the MAC refreshed.

There's also a chance that your ISP has their end misconfigured... I've seen that before.

learner

@marvosa

Yes I am configuring the WAN port with Static IP /32. Should I leave it to dhcp.

I did the same static ip configuration in the replaced link sys. where I had to add the subnet mask.

I tried another brand router/firewall with static wan ip and that connects, but that is not mine.

JKnott

@learner said in WAN not connecting with bridge modem rogers cable:

Yes I am configuring the WAN port with Static IP /32. Should I leave it to dhcp.

I was also wondering about that. I'm on Rogers and use DHCP & DHCPv6. All a /32 does is give a device an address, but you can't communicate directly to it. The longest mask to do that is /31.

stephenw10

Yeah, a static /32 is probably wrong. The actual WAN subnet will be something larger. At least large enough to have the gateway IP in it.

Steve

JKnott

@stephenw10

Here's mine from Rogers. netmask 0xfffffe00
Of course, that's 255.255.254.0 or /23. Incidentally, Rogers provides 2 IPv4 addresses, so that means there's less than 256 customers on a node.

johnpoz

@jknott said in WAN not connecting with bridge modem rogers cable:

so that means there's less than 256 customers on a node.

No not really - as you saw with the am I being attacked thread where user was seeing arp he didn't understand.. Many ISPs run multiple layer 3 on the same L2.. So just because your mask shows X number of IPs that could be used, doesn't mean there are not multiple IP ranges on that same node.

You posted yourself sample of your own arps you were seeing, that contained multiple IP ranges.

JKnott

@johnpoz

I know there are multiple IP ranges. In addition to Internet, Rogers has home phone, IPTV and security systems. It also carries 3rd party ISPs, who would have their own address ranges. I was referring only to their Internet service, which is the only one relevant to this discussion. Sure, if I run packet captures on my WAN port, I will see lots of other stuff. Nothing new there.

Rogers runs a hybrid system, where there is a node somewhere nearby, where the conversion between coax and fibre occurs. The fibre then connects to a CMTS in the local office. You may recall the IPv6 problem I had a while ago, with the CMTS I was connected to.

BTW, I have done some work for Rogers, though not in the office I'm connected to.

learner

@jknott thanks, I checked my calculation and seems I made the error in calculating the subnet mask.
by correcting the subnet mask to /29 the problem is solved.

Thanks all for you guys for guidance.

Lessons learned,
-double check the calculations if calculating cdir

• on the hitron modem I learned that two Ethernet ports work simultaneously in bridge mode with two different routers .

JKnott

@learner said in WAN not connecting with bridge modem rogers cable:

correcting the subnet mask to /29 the problem is solved.

Are you sure that's right? It will work, but may mess things up a bit. Connect with DHCP and see what mask you get. Or verify with Rogers. If it really is /29, then you would likely have 6 usable addresses assigned to you.

on the hitron modem I learned that two Ethernet ports work simultaneously in bridge mode with two different routers

Yep, Rogers provides 2 IPv4 addresses, though one seems to have a shorter MTU. I've seen 2 addresses with my Technicolor modem and previously with Hitron and Cisco.

In fact, I used to use that feature for testing, but that broke with a recent update to pfsense. I can see the connections coming in, but pfsense rejects them. Try doing that and see if it works for you.

Now that you have IPv4 going, you can set up IPv6. With Rogers, you'll get a /56 prefix.

learner

@jknott
Thanks for sharing your knowledge,
When I put DHCP, does not get a ip, may be I have to reboot the modem which I did not do.

there are 5 static address assigned.
the 2nd Ethernet port works with a different router at the same time, so far I have not been successful by using two WAN on the pfsense ( i need to read and learn that part).

I will enable IPV6 as per you write-up in another thread I found.

stephenw10

If they both have the same gateway then you would not be able to route traffic to them differently. It's not really valid.

Steve

JKnott

@stephenw10

My gateway on pfsense is 99.246.124.1, but 99.246.150.1 on my 2nd connection, so they are completely separate subnets. Both have /23 subnet mask. The MTU on my 2nd connection is 1280, vs 1500 on pfsense.

JKnott

@learner

As I mentioned, I used to be able to connect, but that failed with 2.6.0, IIRC. Ping works, but OpenVPN doesn't. However, it does if I tether to my cell phone.

Here's what I get when I try to connect via my 2nd connection. Similar would happen with ssh.

packetcapture.cap

stephenw10

Hmm, that's between your two WANs somehow? I could definitely see that failing...

JKnott

@stephenw10

The thing is, it used to work, prior to 2.6.0. Those are 2 completely independent subnets. After I updated to 2.6.0, I wasted a lot of time trying to understand what was wrong with my configuration, until I realized I had done nothing wrong. It was pfsense or perhaps FreeBSD that failed.

stephenw10

Between 2 pfSense devices then?
Hard to see how that could have worked between two interfaces on the same device...

JKnott

@stephenw10

Between pfsense and a notebook computer. I have a ThinkPad which I use for testing. It runs Linux and prior to pfsense I was also using Linux for a firewall. It worked then and after I moved to pfsense about 5.5 years ago, it continued to work. Then 2.6.0...

stephenw10

Hmm, I can't think of anything in 2.6 that would cause something like that.

If it come in on the WAN it will send replies back to the WAN gateway. There could be an issue with the ISP moving that traffic both ways over the link, assuming the gateway is at the ISP end.

There were some changes to that code in 2.5.X but 2.6 retains that.

Steve