Problems behind ISP router [Solved]

  • Hi,
    I have a sg-3100 with a minimal configuration. I just use the setup wizard.
    the sg-3100 must be behind our ISP router because they have a special configuration for the phones, not ideal but it's work on other two sites.

    There is no dhcp activated on the ISP routeur and he has adress
    When i connect directly my laptop on the  ISP router with this manual confirugation :
    ip :,
    dns :
    everything works. I can ping the ISP router, i can ping, i can ping

    when i connect the sg-3100 with this same adress for the WAN :
    ip :,
    dns :
    Lan :
    firewall rules by default: no rule on the WAN and "Default allow LAN to any rule" for the LAN

    I have no connection. From the pfsense web GUI i tried to ping without success the isp router/gateway and nothing on

    That strange because when i move the sg3100 to another location where there is the same ISP, same router. I keep the exact same configuration, and everything works. What might be the cause of the problem?


  • Netgate Administrator

    Do you see link LEDs on the WAN interface? Does Status > Interfaces show the link is UP?

    Do the other sites where this works also use 192.168.1.X as the WAN side subnet? A potential conflict with the pfSense default config seems most likely. Though if you;re able to access the webgui at 192.168.5.X that shouldn't be an issue.


  • Yes, i see the link LED on the WAN interface (see attached file)

    The other site use 192.168.1.X as the WAN side subnet. Normaly this the exact same configuration from the ISP.

  • I tried to test something with tcpdump, i rebooted my laptop on Linux and i use the same static interface config
    ip : with a gateway
    and surprise, this configuration doesn't work on Linux but works well in W10… french ISP

  • InterfacesWAN:

    • Reserved Networks
      • Block private networks and loopback addresses

    Blocks traffic from IP addresses that are reserved for private networks per RFC 1918 (10/8, 172.16/12, 192.168/16) and unique local addresses per RFC 4193 (fc00::/7) as well as loopback addresses (127/8). This option should generally be turned on, unless this network interface resides in such a private address space, too.

    You might want to assign a static IP to your WAN interface (that is on your pfSense box).
    You might want to activate DMZ on the ISP router for te MAC/IP of your WAN interface on your pfSense box.

  • Netgate Administrator

    Block private networks would not stop this working. It only blocks incoming connections from private IPs but all incoming connections are blocked by default anyway.

    You have precisely 0 packets IN on WAN. It looks like the upstream device is not talking at all. It is filtering the 3100 WAN MAC? Some sort of ARP cache issue? Have you rebooted the ISP router? (I have to ask!)


  • It was a misconfiguration of the equipment owned by my ISP. They corrected it and now everything works fine.
    Thanks for your help!

Log in to reply