Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    WAN IP

    Scheduled Pinned Locked Moved General pfSense Questions
    13 Posts 6 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      ast
      last edited by

      Hi guys!

      Just want to check if there's a work around for this, I'm getting two different ip addresses from my WAN, we're using DYNDNS, basically for me to remotely access our pfsense box (i know this is not advisable, and should set up VPN).  Please see attached screen shot.  With these two different ip address, I cannot access our pfsense box remotely.

      TIA!

      ast
      ![Screen Shot 2017-08-03 at 9.42.00 AM copy.jpg](/public/imported_attachments/1/Screen Shot 2017-08-03 at 9.42.00 AM copy.jpg)
      ![Screen Shot 2017-08-03 at 9.42.00 AM copy.jpg_thumb](/public/imported_attachments/1/Screen Shot 2017-08-03 at 9.42.00 AM copy.jpg_thumb)

      1 Reply Last reply Reply Quote 0
      • T
        tim.mcmanus
        last edited by

        What IP address do you get when you go to:  http://checkip.dyndns.org

        1 Reply Last reply Reply Quote 0
        • A
          ast
          last edited by

          @tim.mcmanus:

          What IP address do you get when you go to:  http://checkip.dyndns.org

          from my screen capture, its the 112.xxx.xxx.xxx

          1 Reply Last reply Reply Quote 0
          • T
            tim.mcmanus
            last edited by

            @ast:

            @tim.mcmanus:

            What IP address do you get when you go to:  http://checkip.dyndns.org

            from my screen capture, its the 112.xxx.xxx.xxx

            Okay, that's interesting.  pfSense is seeing a DHCP address that it's been given as the border IP address, but external sites are seeing the 112.x.x.x address.  That means there is another device upstream that may be NATing other devices downstream.

            I would contact your ISP and ask them why there is a difference.

            1 Reply Last reply Reply Quote 0
            • A
              ast
              last edited by

              Just wondering if you guys know of a workaround for this issue?

              1 Reply Last reply Reply Quote 0
              • DerelictD
                Derelict LAYER 8 Netgate
                last edited by

                Seems like your traffic is being translated on the way out by something. Your ISP is the best place to ask.

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • GrimsonG
                  Grimson Banned
                  last edited by

                  https://en.wikipedia.org/wiki/Carrier-grade_NAT your local WAN address matches it.

                  1 Reply Last reply Reply Quote 0
                  • DerelictD
                    Derelict LAYER 8 Netgate
                    last edited by

                    Nice. That's one I (thankfully) don't deal with every day.

                    Chattanooga, Tennessee, USA
                    A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                    DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                    Do Not Chat For Help! NO_WAN_EGRESS(TM)

                    1 Reply Last reply Reply Quote 0
                    • JKnottJ
                      JKnott
                      last edited by

                      @Grimson:

                      https://en.wikipedia.org/wiki/Carrier-grade_NAT your local WAN address matches it.

                      Of course, for NAT they should be using RFC1918 addresses to the customer.  Hopefully there's no real world address they want to reach that's on the same subnet.

                      PfSense running on Qotom mini PC
                      i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                      UniFi AC-Lite access point

                      I haven't lost my mind. It's around here...somewhere...

                      1 Reply Last reply Reply Quote 0
                      • GrimsonG
                        Grimson Banned
                        last edited by

                        @JKnott:

                        Of course, for NAT they should be using RFC1918 addresses to the customer.  Hopefully there's no real world address they want to reach that's on the same subnet.

                        You might want to actually read that wikipedia article.

                        1 Reply Last reply Reply Quote 0
                        • A
                          ast
                          last edited by

                          Are there any work round for us to 'forcefully' connect to our pfsense for remote access? :D take note of the word 'forcefully' haha

                          1 Reply Last reply Reply Quote 0
                          • DerelictD
                            Derelict LAYER 8 Netgate
                            last edited by

                            No. Upstream has to forward to you. pfSense cannot do anything to allow inbound connections if the connection doesn't arrive on the interface in the first place.

                            You could use an OpenVPN client to connect to a fixed location and route over that but you cannot run an OpenVPN server without a port forward.

                            Again, your ISP is the one to contact about the behavior of their network outside your WAN interface. Why the hesitation there?

                            Chattanooga, Tennessee, USA
                            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                            Do Not Chat For Help! NO_WAN_EGRESS(TM)

                            1 Reply Last reply Reply Quote 0
                            • KOMK
                              KOM
                              last edited by

                              Why the hesitation there?

                              He's probably a Comcast or Verizon customer.

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.