WAN IP

ast

Hi guys!

Just want to check if there's a work around for this, I'm getting two different ip addresses from my WAN, we're using DYNDNS, basically for me to remotely access our pfsense box (i know this is not advisable, and should set up VPN). Please see attached screen shot. With these two different ip address, I cannot access our pfsense box remotely.

TIA!

ast
![Screen Shot 2017-08-03 at 9.42.00 AM copy.jpg](/public/imported_attachments/1/Screen Shot 2017-08-03 at 9.42.00 AM copy.jpg)
![Screen Shot 2017-08-03 at 9.42.00 AM copy.jpg_thumb](/public/imported_attachments/1/Screen Shot 2017-08-03 at 9.42.00 AM copy.jpg_thumb)

tim.mcmanus

What IP address do you get when you go to: http://checkip.dyndns.org

ast

@tim.mcmanus:

What IP address do you get when you go to: http://checkip.dyndns.org

from my screen capture, its the 112.xxx.xxx.xxx

tim.mcmanus

@ast:

@tim.mcmanus:

What IP address do you get when you go to: http://checkip.dyndns.org

from my screen capture, its the 112.xxx.xxx.xxx

Okay, that's interesting. pfSense is seeing a DHCP address that it's been given as the border IP address, but external sites are seeing the 112.x.x.x address. That means there is another device upstream that may be NATing other devices downstream.

I would contact your ISP and ask them why there is a difference.

ast

Just wondering if you guys know of a workaround for this issue?

Derelict

Seems like your traffic is being translated on the way out by something. Your ISP is the best place to ask.

Grimson

https://en.wikipedia.org/wiki/Carrier-grade_NAT your local WAN address matches it.

Derelict

Nice. That's one I (thankfully) don't deal with every day.

JKnott

@Grimson:

https://en.wikipedia.org/wiki/Carrier-grade_NAT your local WAN address matches it.

Of course, for NAT they should be using RFC1918 addresses to the customer. Hopefully there's no real world address they want to reach that's on the same subnet.

Grimson

@JKnott:

Of course, for NAT they should be using RFC1918 addresses to the customer. Hopefully there's no real world address they want to reach that's on the same subnet.

You might want to actually read that wikipedia article.

ast

Are there any work round for us to 'forcefully' connect to our pfsense for remote access? :D take note of the word 'forcefully' haha

Derelict

No. Upstream has to forward to you. pfSense cannot do anything to allow inbound connections if the connection doesn't arrive on the interface in the first place.

You could use an OpenVPN client to connect to a fixed location and route over that but you cannot run an OpenVPN server without a port forward.

Again, your ISP is the one to contact about the behavior of their network outside your WAN interface. Why the hesitation there?

KOM

Why the hesitation there?

He's probably a Comcast or Verizon customer.