[Noob Question] Setting-up Static WAN



  • Hi,

    I tried to follow a couple of online guides but all of them are out of date and I cannot get it to work.

    My ISP gave me 1 static IP address and send me the info that looks something like this:

    IP - 192.69.162.78
    Netmask - 255.255.255.224
    Gateway - 192.69.162.161
    DNS1 - 206.11.142.4
    DNS2 - 141.117.164.131

    This is what I did

    I go to Interfaces Add a WAN
    IPv4 Configuration Type: Static IPv4

    Under Static IPv4 Configuration
    IPv4 Address: 192.69.162.78  / 27  <– I also tried changing to 24 does not work)

    I then went and added a new Routing Gateway
    IPv4
    Gateway: 192.69.162.161

    and it still does not work, what am I doing wrong ???

    Thanks for any help.



  • Did you only change the first octet in your example?

    The gateway lies outside the wan-subnet. That's somewhat unusual.
    Did pfsense even allow you to add the gateway?  Any errors in the logs?

    Can you ping said gateway?



  • pfsense allows me to add it no errors when creating it, but also no connection ?
    Log does say    /rc.filter_configure_sync: Default gateway down


  • Netgate

    Check with the ISP again.

    Having that gateway outside the interface subnet is quite unusual for a static IP configuration.

    A typical configuration would be:

    Network - 192.69.162.64
    Netmask - 255.255.255.224 (/27)
    Gateway - 192.69.162.65 (or maybe 192.169.162.94)
    Usable: 192.69.162.66 - 192.69.162.94 (or maybe 192.69.162.65 - 192.69.162.93 if ^)

    The only reason they should care what interface address you use is if they are also routing other subnets to it.

    Hmm. is it a /27 or a single address? You indicate a single address.

    Either way it looks like either the gateway address they gave you or the subnet mask is incorrect.

    If they insist that is what they need they both need a beating with a clue bat and you might be able to get it to work with this checkbox on the gateway:

    System > Routing, Edit the gateway, click advanced

    ![Screen Shot 2017-08-18 at 12.23.31 PM.png](/public/imported_attachments/1/Screen Shot 2017-08-18 at 12.23.31 PM.png)
    ![Screen Shot 2017-08-18 at 12.23.31 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2017-08-18 at 12.23.31 PM.png_thumb)



  • I called the ISP just to make sure and the support lady said that maybe I didnt understand correctly it's

    IP - 192.69.162.178
    Netmask - 255.255.255.224
    Gateway - 192.69.162.161

    BUT STILL NOT WORKING! :(

    @Derelict:

    Check with the ISP again.

    Having that gateway outside the interface subnet is quite unusual for a static IP configuration.

    A typical configuration would be:

    Network - 192.69.162.64
    Netmask - 255.255.255.224 (/27)
    Gateway - 192.69.162.65 (or maybe 192.169.162.94)
    Usable: 192.69.162.66 - 192.69.162.94 (or maybe 192.69.162.65 - 192.69.162.93 if ^)

    The only reason they should care what interface address you use is if they are also routing other subnets to it.

    Hmm. is it a /27 or a single address? You indicate a single address.

    Either way it looks like either the gateway address they gave you or the subnet mask is incorrect.

    If they insist that is what they need they both need a beating with a clue bat and you might be able to get it to work with this checkbox on the gateway:

    System > Routing, Edit the gateway, click advanced


  • Rebel Alliance Global Moderator

    Not sure why would add a WAN interface… What interface is connected to your isp gear?  This is the interface you should setup your static IP on.

    so your device has say em0, em1, em2 or re0, re1 etc..  One of these interfaces is your WAN..  This is the one that is connected to port or device the isp gave you..  What is this exactly?  Is it bridge mode?  Does pfsense get an IP if set for dhcp on its wan interface?

    But for static to work you would set it on the actual wan interface your connected to your isp..  And then possible you might have to power cycle whatever this device is.  And then see if pfsense can ping the gateway you have set 192.69.162.161



  • @johnpoz:

    Not sure why would add a WAN interface… What interface is connected to your isp gear?  This is the interface you should setup your static IP on.

    so your device has say em0, em1, em2 or re0, re1 etc..  One of these interfaces is your WAN..  This is the one that is connected to port or device the isp gave you..  What is this exactly?  Is it bridge mode?  Does pfsense get an IP if set for dhcp on its wan interface?

    But for static to work you would set it on the actual wan interface your connected to your isp..  And then possible you might have to power cycle whatever this device is.  And then see if pfsense can ping the gateway you have set 192.69.162.161

    ISP is a fiber connection, the only thing I have is called an ONT it's like a modem ? but I have no access into it. (they will not give it)
    Ping from within fpsense - 3 packets transmitted, 0 packets received, 100.0% packet loss

    I will try to power cycle again.

    Thanks


  • Rebel Alliance Global Moderator

    Yeah I know what an ONT is ;)

    So you have your connection from this device connected to what interface on your pfsense?  This is where you would setup the WAN static IP.. is this em0, re1, what specific interface do you have connected to this device?



  • it says Network port: igb0

    I power cycled the ONT and pfsense as well and still the same result.

    Is there a tutorial or can someone walk me through the setup just to make sure that I did everything correctly ?

    I followed this video [[url=https://www.youtube.com/watch?v=yJqlOLGwAUU]https://www.youtube.com/watch?v=yJqlOLGwAUU] and everything is up on status / interfaces but no internet connection.

    Thanks

    @johnpoz:

    Yeah I know what an ONT is ;)

    So you have your connection from this device connected to what interface on your pfsense?  This is where you would setup the WAN static IP.. is this em0, re1, what specific interface do you have connected to this device?


  • Netgate

    IP - 192.69.162.178
    Netmask - 255.255.255.224
    Gateway - 192.69.162.161

    That makes a lot more sense. You do not need the checkbox mentioned above in that case.

    There is really nothing to a static IP address WAN configuration.

    Post a screen shot of your WAN configuration page. The whole thing.

    It should look like the attached.

    If it was me I would use Diagnostics > Packet capture on the WAN interface and see what is really going on out there. In particular I would be looking for pfSense sending an ARP request for 192.69.162.161 and what is being returned (if anything). If there is an ARP answer for it, look at the MAC address in the response there. Subsequent pings to internet addresses (such as 8.8.8.8) should have that MAC address as the destination in the frame (pfSense WAN interface MAC should be the source) with a source IP address in the packet as 192.69.162.178, destination 8.8.8.8.

    If all that is in place, there is nothing else for pfSense to do, except (just a guess) possibly cloning the MAC address to something they will accept traffic from. If it was me, I would make them fix whatever they need to fix to allow traffic from my native MAC address instead of cloning it as something else.

    The ISP really should be able to tell you exactly what you need to do. Not necessarily in pfSense-specific terms - nothing you are trying to do is pfSense-specific. General configuration of any router WAN should suffice.

    ![Browser Shot-2017-08-18-18-52-35.png](/public/imported_attachments/1/Browser Shot-2017-08-18-18-52-35.png)
    ![Browser Shot-2017-08-18-18-52-35.png_thumb](/public/imported_attachments/1/Browser Shot-2017-08-18-18-52-35.png_thumb)



  • Hi, All I see is a bunch of thing like this, they all look the same.
    20:56:08.579383 ARP, Request who-has 192.69.162.161 tell 192.69.162.78, length 28

    Thanks for the picture, That is how my setup looks like as well.
    I just had Block private networks and loopback addresses and Block bogon networks Both Checked.
    Still no internet.


  • Netgate

    Hi, All I see is a bunch of thing like this, they all look the same.
    20:56:08.579383 ARP, Request who-has 192.69.162.161 tell 192.69.162.78, length 28

    Sorry but that is up to your ISP to solve. They have to respond to ARP so the firewall knows what MAC address the gateway IP address can be found at on the WAN subnet.

    You might need to hire someone locally to get you running - especially someone who knows what it is that ISP needs.