PfSense responding to 192.168.1.1 after I changed the subnet



  • My subnet is 192.168.0.1/24, but I still get a response when I ping 192.168.1.1.

    Traceroute from local PC.

    C:\Users\warheat1990>tracert 192.168.1.1
    
    Tracing route to 192.168.1.1 [192.168.1.1]
    over a maximum of 30 hops:
    
      1     6 ms     6 ms     8 ms  192.168.0.1 [192.168.0.1]
      2    25 ms    23 ms    24 ms  192.168.1.1 [192.168.1.1]
    
    Trace complete.  
    

    Traceroute from local PC to other site to make sure 192.168.1.1 is not my ISP hop.

    Traceroute and arp -a from pfSense (Notice that 192.168.1.1 cannot be found on arp table)

    Wireshark shows that 192.168.1.1 belong to pfSense LAN NIC.

    Any idea why?


  • LAYER 8 Global Moderator

    Your traceroute to internet not showing it doesn't mean its not on your isp network, just that its not in the path..

    Do a sniff on your want when you ping it from you 192.168.0 network, bet you see a response on your wan with mac of the your isp gateway or something else on the L2 that connects you to your ISP.

    Yeah sniff on your box will show the mac of your lan interface of pfsense.. you will see that on any traffic from past pfsense.

    Do packet capture on wan while you ping it, lets see that info..



  • Here's the packet capture result (red tint is my public IP). I don't have enough knowledge to read Wireshark but I think you're right. The 192.168.1.1 is from outside my network. I made sure of this by shutting down the WAN and I no longer get a response from 192.168.1.1. Thanks


  • LAYER 8 Global Moderator

    exactly..  So look at the mac address of the reply traffic and it will tell you from where the answer came from on the L2 network your wan is connected to..

    The response is VERY QUICK!!!  So what is your wan connected too.. A isp device of some kind a different router/modem.. That would be my guess to what is responding.. For example many cable modems respond to 192.168.100.1 and that is where you access the web gui of the cable modem.

    Did you try just accessing that IP in your browser?  Notice the mac in my sniff, which is cadant - which is arris/motoral, etc..  Ie my cable modem.




  • @johnpoz:

    exactly..  So look at the mac address of the reply traffic and it will tell you from where the answer came from on the L2 network your wan is connected to..

    The response is VERY QUICK!!!  So what is your wan connected too.. A isp device of some kind a different router/modem.. That would be my guess to what is responding.. For example many cable modems respond to 192.168.100.1 and that is where you access the web gui of the cable modem.

    Did you try just accessing that IP in your browser?  Notice the mac in my sniff, which is cadant - which is arris/motoral, etc..  Ie my cable modem.

    How do you get the MAC address in your wireshark? Mine says Null/loopback. Anyway, no I can't access the modem GUI with 192.168.1.1.

    My diagram is something like this


  • LAYER 8 Global Moderator

    huh??  That makes no sense..

    You have your modem/router connected to lan so you can access what??

    What modem router do you have?  The switch ports on most of those are dumb.. So you just connected your wan layer 2 to your lan layer 2.. Even if the switch is managed.

    As to your wireshark showing loopback?  Makes zero sense if you downloading your capture from pfsense diag packet capture page.



  • @johnpoz:

    huh??  That makes no sense..

    You have your modem/router connected to lan so you can access what??

    What modem router do you have?  The switch ports on most of those are dumb.. So you just connected your wan layer 2 to your lan layer 2.. Even if the switch is managed.

    As to your wireshark showing loopback?  Makes zero sense if you downloading your capture from pfsense diag packet capture page.

    My modem router provided by ISP is ZTE F609, it came with 4 ports of ethernet and I set port number 2 in bridge mode and connect it to my pfSense WAN.

    This has one problem, I no longer have access to ZTE F609 GUI from my LAN, so what I did is I set the IP address in ZTE F609 to match my LAN network

    Then I connect one of the port to my switch and now ZTE F609 GUI is now accessible to my LAN via 192.168.0.6.

    Does that make sense?


  • LAYER 8 Global Moderator

    while you can put specific port in bridge mode.. that should hopefully put it on a different layer 2.

    But why exactly do you need access to this isp device page if your using pfsense? Are you using it for wifi? bridged to the lan ports of the device?


  • LAYER 8 Netgate

    That sort of smells like a shared IPMI port or something.

    Why are you whiting out/obfuscating MAC addresses? Nobody knows or cares what your MAC addresses are.


  • LAYER 8 Global Moderator

    Yeah you do understand that if you were seeing 192.168.1.1 respond when you only had the wan connected to your "bridge" interface in your isp device that clearly there is not true separation..

    Why could you not just access isp device via the 192.168.1.1 address when you had it just connected to the wan.. If need be you could of created a vip on the pfsense wan in the 192.168.1 network.

    My modem is at 192.168.100.1 and I can access it without any issues not having to do anything, since the traffic goes out the wan, and it answers, etc.  I would be very hesitant in connecting wan and lan together like that unless you were sure there was isolation of it at the isp device.



  • @johnpoz:

    Yeah you do understand that if you were seeing 192.168.1.1 respond when you only had the wan connected to your "bridge" interface in your isp device that clearly there is not true separation..

    I see, can you elaborate on the separation thing? What are the cons? Any advice on how it should be done? I have limited networking knowledge and just learn through reading on the internet and youtube video, but I can say for sure that I can't access 192.168.1.1 no matter what, I can only ping it if my WAN is connected.

    The real reason I need to have access to the GUI because all of the WAN settings will reset back to default when this device lost power (I keep it on 24/7 but I don't have a UPS in a scenario when I get an outage, luckily I didn't happen often, like few times a year), that means bridge mode will deactivate and I'll have to turn it back on, my ISP also provide phone and cable TV (all connected to this device).

    But I follow your advice and just disconnected it from my LAN just now.


  • LAYER 8 Global Moderator

    If the ports are not on a different Layer 2 network, then broadcast traffic that is on your lan could be seen on your wan.  And vice versa.  Depending on what that isp device is doing it could be possible for internet traffic to have access to your lan since you in essence connect your lan to the wan (internet) bypassing the firewall.  Now hopefully the isp device is firewalling etc.  But if you for example setup a dmz host by accident on the isp router it could forward internet traffic into your lan bypassing your pfsense firewall.


Log in to reply