pfSense no internet connection with Rogers Coda 4582 in Bridge Mode
-
Switch from Bell to Rogers. pfSense behind Coda 4582. It works under gateway mode but not bridge mode. Despite that in bridge mode, the gateway and WAN interface in pfSense both indicate online. However, with the same NAT and firewall rules, there is internet connection under gateway mode not in bridge mode.
Any idea on how to trouble shoot? Or any working configuration you can share with me?
Bridge Mode- WAN static IPv4 = 192.168.100.2 pointing to gateway of 192.168.100.1
Gateway Mode - WAN static IPv4 = 192.168.0.2 pointing to gateway of 192.168.0.1
Let me know if further info needed here.
thanks,
S.
- WAN static IPv4 = 192.168.100.2 pointing to gateway of 192.168.100.1
-
In bridge mode you should be using DHCP on your WAN connection and will be assigned a routable public IP address by the cable modem termination system your modem syncs with.
-
@subx said in pfSense no internet connection with Rogers Coda 4582 in Bridge Mode:
WAN static IPv4 = 192.168.100.2 pointing to gateway of 192.168.100.1
Gateway ModeWhy would you be assigning a NAT address to the WAN port? Just use DHCP and Rogers will provide your WAN address. Don't forget, IPv6 is available from Rogers. You can have a prefix of up to /56, which provides 256 /64s. Each /64 provides a block of 18.4 billion, billion addresses.
-
@bfeitell Thanks. I will try DHCP.
-
@jknott Thanks.
So in WAN interface, select DHCP for IPv4. How to config IPv6 in pfSense? Just select DHCP6. In your other post, you mention select IPv4 as parent (why I can't find this option?).Bridge Mode vs. Gateway Mode
What is the advantage of bridge mode? From some online post, it seems that people has speed issue with bridge mode.
What would be the limitation of gateway mode? In this mode, if I disable the wifi, then it would be the same as bridge mode, correct? Is it the firewall feature from coda will have some impact with the firewall feature I setup in pfSense?Thanks, S.
-
You ask why I use NAT, does it mean that there is no need to setup gateway (192.168.0.1)? If going to bridge mode, it would be 192.168.100.1.
Thanks,
S.
-
If you put your pfSense box behind a NAT you will be double NAT-ing all of your connections to the internet. This can disrupt many protocols like ipsec and voice over IP. In bridge mode pfSense controls your NAT, the number of firewall states available, and the timeouts on your connections. In addition, you would need to forward ports from the cable router to run any services accessible to the outside world, like OpenVPN for remote access, or for safe browsing when using public wifi. When pfSense is in control you are in control.
I am not familiar with how your ISP hands out IPv6 addresses, but someone has probably already written about it here on the forums.
The standard allocation will probably be a single /64 network, but you may be able to request a /56. You can set your LAN to track the WAN, and use the prefix ID In the IPv6 track interface dialog to set other LANs or vlans to a different prefix ID. If you request a /56, you may provide independent IPv6 subnets for each of your internal networks.
If you are worried about having an IPv6 address on the WAN interface, you can request only an IPv6 Prefix, and only the internal interfaces will get IPv6 addresses.
-
@subx said in pfSense no internet connection with Rogers Coda 4582 in Bridge Mode:
@jknott Thanks.
So in WAN interface, select DHCP for IPv4. How to config IPv6 in pfSense? Just select DHCP6. In your other post, you mention select IPv4 as parent (why I can't find this option?).It's on the WAN page, under DHCP6 Client Configuration
Bridge Mode vs. Gateway Mode
What is the advantage of bridge mode? From some online post, it seems that people has speed issue with bridge mode.
What would be the limitation of gateway mode? In this mode, if I disable the wifi, then it would be the same as bridge mode, correct? Is it the firewall feature from coda will have some impact with the firewall feature I setup in pfSense?With bridge mode, the router and firewall are separate from the modem. In this case, you're using pfSense. In gateway mode, you'd have to use NAT on IPv6, which is strongly discouraged. By using bridge mode, then entire /56 prefix is available for you use as you wish. In gateway mode, only a single /64 is provided. Yes, you'll need something else for WiFi. I have a separate access point, which uses PoE and is mounted roughly in the middle of my condo.
-
@subx said in pfSense no internet connection with Rogers Coda 4582 in Bridge Mode:
You ask why I use NAT, does it mean that there is no need to setup gateway (192.168.0.1)? If going to bridge mode, it would be 192.168.100.1.
Thanks,
S.If you're in bridge mode, you allow Rogers to assign the WAN address. You can't just pick one to use and most certainly don't want to use one in the RFC1918 ranges, as it won't be able to connect to anything out on the 'net.
-
@bfeitell said in pfSense no internet connection with Rogers Coda 4582 in Bridge Mode:
I am not familiar with how your ISP hands out IPv6 addresses, but someone has probably already written about it here on the forums.
He's on Rogers, which uses DHCPv6-PD. Configuration info has been posted in this forum and elsewhere by me and others.
-
@bfeitell said in pfSense no internet connection with Rogers Coda 4582 in Bridge Mode:
If you put your pfSense box behind a NAT you will be double NAT-ing all of your connections to the internet. This can disrupt many protocols like ipsec and voice over IP.
Even single NAT does that, which is why we should move to IPv6, where NAT is not needed. NAT is a hack to get around the IPv4 address shortage. Because it breaks things, additional hacks, such as STUN servers, are needed to get around the problems NAT causes.
-
@jknott @bfeitell thanks a lot!
After setting as DHCP, internet works under bridge mode. Will spend some time to explore IPv6.
