WAN problems
-
Having signed up with a new ISP, naturally I want to keep using my pfsense router.
I am used to setting up PPPoE but this time I've been provided with a VDSL modem+router combo device that connects using "Dynamic IP" in the TP-Link gui. I'm assuming this is referring to DHCP as it doesn't require any configuration.
My difficulties start when I attempt to put the modem+router in bridge mode so I can let my pfsense box do the routing. Neither my pfsense nor other directly attached devices get an IP address when I connect to the bridging modem.
Is there something I'm missing here? Do I have another option to set up my network without double NAT?
-
Is there something I'm missing here?
0. Wrong forum section ? It looks like not related to pfsense at all (yet).
1. VLAN is used in the working routed configuration? -
1. VLAN is used in the working routed configuration?
Unsure. TP-Link gui offers to configure "Virtual LAN ports" that lets me group interfaces. For instance the bridge could be grouped with a LAN interface. The working configuration is default with no changes to "Virtual LAN ports" (no interfaces assigned to any groups as far as I can see).
Thank you for your help.
-
What's the device name?
Please show the screenshot of WAN Status from the working routed configuration. -
What's the device name?
Please show the screenshot of WAN Status from the working routed configuration.It's a TP-Link N600 / TD-W9980.
I've uploaded a series of screenshots here: https://imgur.com/a/gNpdQ.
I tried:
1. Bridge mode with DHCP relay set to the upstream DHCP server address.
2. "Virtual LAN ports" on/off.
3. Grouping bridge interface with LAN interface.
4. Connecting thru various LAN ports.Would it be possible to disable NAT on the TP-Link and set up pfsense in such a way as to let it do the NATing?
-
Bridge mode should be IP and NAT agnostic.
From my perspective you should just change the connection type from Dynamic IP to Bridge, group this connection with a LAN port and have DHCP disabled on a modem completely.
Then connect your PC (not pfsense!) to the modem port above and try to obtain the address via DHCP, in case if problem check with Wireshark.
Please note that your ISP is providing you with a private or so called Carrier Grade NAT IP, so you will not get a public IP on pfsense in any case. -
Thanks for the info, that explains the funky IP which doesn't match my external one.
I'm getting a DHCP assignment on my directly attached PC when in bridge mode now. Unfortunately I can't reach anything on the internet. Wireshark shows a lot of TCP Retransmissions, pings don't get answered.
I've tried various combinations of interface groupings, VLAN on/off, different LAN interfaces, DHCP client ID.
Do I need to spoof the MAC of my router?
-
As soon as you have DHCP working I don't think the MAC should be cloned.
-
Curiously the IP address assigned to the router when in Dynamic IP mode is not the same I get when using bridged mode, not even in the same subnet, even when using the same DHCP client ID.
My computer gets a 10.x.x.x in bridge mode and the router gets a 100.x.x.x when in Dynamic IP mode.
-
In this case it would be worth to try changing/cloning the MAC.