Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Configure your Pace 5268AC with Static IPs for pfSense

    Hardware
    4
    24
    6.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      phatty
      last edited by phatty

      Plausible that it is some sort of reporting issue on the modem. I haven't attempted contacting them, and at this point I probably won't. AT&T has been admit that there is no bridge equivalent with this device, and NAT session tracking is always at play. If I could manipulate my outbound traffic to reflect the static IPs I would have a little more confidence that NAT tracking is actually being disabled.

      I'm going to go ahead and start moving more traffic over using the cascaded outer feature. If NAT Table continues to fill though I will probably go back to disabling this feature, and programming my static IPs on the modem so that I can manipulate my outbound traffic through my different IPs which is my preferred setup.

      M 1 Reply Last reply Reply Quote 0
      • M
        merc @phatty
        last edited by merc

        @phatty ok, I think I understand what AT&T is doing, and why they are doing it, but they are doing it wrong. First off, they should be doing a public IP subnet check in the static addresses entered, which allows you to make assumptions that they can’t currently make.

        If the packet coming from your pfSense appliance has a source address of a public IP within the subnet that you entered, then the destination must either be a public IP address, or a private IP address on the LAN side of the gateway. All other packets can be ignored. By making this assumption, everything is simple IP routing, and a NAT session is not needed outside of your pfSense appliance.

        The NATing that they are doing allows you to access private IP addresses within the AT&T network, which you don’t need. There isn’t any business reason that any customer would need such ability from a Uverse or DSL type account. Only someone with an OC3, T1, or T3 type account MIGHT possibly need such access.

        They are way over thinking it. If they just enabled the bridging functionality, you’d have direct access to the gateway, and to the Internet, exactly as I’ve described. They need to hire someone who can think outside the box, and actually make it work for you. That was the only way that I was able to get it to work.

        On a side note, you can use the additional network functionality and CARP aliases, each IP in a different group, and achieve the same thing. Or use a Cisco router, and assign a different MAC address to each public IP address. pfSense doesn’t support a different MAC address for each IP alias, but it does assign a different MAC addresses to each CARP group.

        P 1 Reply Last reply Reply Quote 0
        • P
          phatty @merc
          last edited by

          @merc I thought I would follow up and say I am now 99% confident that AT&T was actually correct, and there is no avoiding the NAT table. I have tested in Cascaded Router mode, and in the typical mode of configuring the gateway/static IPs on the modem, and both create about the same number of NAT sessions in use. If it was just a reporting glitch, I would suspect the routing table display when in cascaded router mode should have been much smaller than the display that tracks each and every session like a typical NAT table.

          With that said I think overloading the modem is very much the exception in my office, but still a risk. So I was able to talk the powers that be into adding a Spectrum coax modem for backup. It will also have the bonus result of improving work from home performance for our users who use Spectrum at home as I can lower their latency by routing through the spectrum connection.

          Thanks for the help, but I think this particular modem is a no go for anything even slightly resembling bridge mode.

          M 1 Reply Last reply Reply Quote 0
          • M
            merc @phatty
            last edited by

            @phatty that is unfortunate. I did find some old documentation on features that were made available to customers like AT&T, but unfortunately, AT&T never implemented them. One of the features was a Pass-Through for customer data, which allowed the gateway to also perform the required tasks that allow it to work on AT&T's ATM network. I'd describe it as a smart Bridged Mode that doesn't prevent the gateway from doing what it needs to do. They have many different options to implement what is needed, but I have a feeling that they aren't doing it to force you to upgrade to an OC3 or similar connection. :/

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.