Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Problems behind ISP router [Solved]

    Scheduled Pinned Locked Moved General pfSense Questions
    7 Posts 3 Posters 467 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cauger
      last edited by

      Hi,
      I have a sg-3100 with a minimal configuration. I just use the setup wizard.
      the sg-3100 must be behind our ISP router because they have a special configuration for the phones, not ideal but it's work on other two sites.

      There is no dhcp activated on the ISP routeur and he has 192.168.1.254 adress
      When i connect directly my laptop on the  ISP router with this manual confirugation :
      ip : 192.168.1.10,
      netmask 255.255.255.0
      gateway 192.168.1.254
      dns : 8.8.8.8
      everything works. I can ping the ISP router, i can ping 8.8.8.8, i can ping www.google.com

      when i connect the sg-3100 with this same adress for the WAN :
      ip : 192.168.1.10,
      netmask 255.255.255.0
      gateway 192.168.1.254
      dns : 8.8.8.8
      Lan : 192.168.5.0/24
      firewall rules by default: no rule on the WAN and "Default allow LAN to any rule" for the LAN

      I have no connection. From the pfsense web GUI i tried to ping without success the isp router/gateway and nothing on 8.8.8.8

      That strange because when i move the sg3100 to another location where there is the same ISP, same router. I keep the exact same configuration, and everything works. What might be the cause of the problem?

      Thx

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        Do you see link LEDs on the WAN interface? Does Status > Interfaces show the link is UP?

        Do the other sites where this works also use 192.168.1.X as the WAN side subnet? A potential conflict with the pfSense default config seems most likely. Though if you;re able to access the webgui at 192.168.5.X that shouldn't be an issue.

        Steve

        1 Reply Last reply Reply Quote 0
        • C
          cauger
          last edited by

          Yes, i see the link LED on the WAN interface (see attached file)

          The other site use 192.168.1.X as the WAN side subnet. Normaly this the exact same configuration from the ISP.

          sg-3100_isp_problem_01.PNG
          sg-3100_isp_problem_01.PNG_thumb

          1 Reply Last reply Reply Quote 0
          • C
            cauger
            last edited by

            I tried to test something with tcpdump, i rebooted my laptop on Linux and i use the same static interface config
            ip : 192.168.1.10/24 with a gateway 192.168.1.254
            and surprise, this configuration doesn't work on Linux but works well in W10… french ISP

            1 Reply Last reply Reply Quote 0
            • boukeB
              bouke
              last edited by

              InterfacesWAN:

              • Reserved Networks
                • Block private networks and loopback addresses

              Blocks traffic from IP addresses that are reserved for private networks per RFC 1918 (10/8, 172.16/12, 192.168/16) and unique local addresses per RFC 4193 (fc00::/7) as well as loopback addresses (127/8). This option should generally be turned on, unless this network interface resides in such a private address space, too.

              You might want to assign a static IP to your WAN interface (that is on your pfSense box).
              You might want to activate DMZ on the ISP router for te MAC/IP of your WAN interface on your pfSense box.

              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by

                Block private networks would not stop this working. It only blocks incoming connections from private IPs but all incoming connections are blocked by default anyway.

                You have precisely 0 packets IN on WAN. It looks like the upstream device is not talking at all. It is filtering the 3100 WAN MAC? Some sort of ARP cache issue? Have you rebooted the ISP router? (I have to ask!)

                Steve

                1 Reply Last reply Reply Quote 0
                • C
                  cauger
                  last edited by

                  It was a misconfiguration of the equipment owned by my ISP. They corrected it and now everything works fine.
                  Thanks for your help!

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.