Comcast ipv6 / Netgear C7100V

rdunkle

I am working with a Comcast Xfinity home connection.
I finally replaced the old modem with a Netgear C7100V.

The old modem was working in bridge mode and obtained an
IPv4 dhcp address on the pfsense WAN interface.
This worked fine for years.
I installed the C7100V and activated the connection using the Xfinity 800 phone number.
At this point, I only had a pc hooked to the Netgear and no PFsense firewall.
The Netgear got a ipv6 and ipv4 address. The Netgear acts as a router.

I put the Netgear into what the manual claims is bridge mode.
PFSense WAN did not acquire any ipv6 or ipv4 address.
I attempted the release and renew on the WAN interface.

I turned back on the Netgear router function and Netgear gets the ip addresses.
I conencted the PFsense to the LAN port on the Netgear.
The Netgear has a feature "Default DMZ Server" to place an ipv4 address in DMZ.
That is what I did to "simulate" bridge mode.
The Netgear LAN gave the PFsense WAN an ipv6 and ipv4. IPv4 works normally. IPv6 is broken.
Now, I have problem with the PFSense LAN ipv6 routing gateway.

The Netgear web interface shows it it gets a /60 system delegated prefix from Comcast.
The LAN delegated Prefix given is a /64.
The WAN on PFsense in dhcp6 is getting a /64 ip address from that LAN pool.
The PFsense WAN can ping and traceroute to external ipv6 addresses.

I set the PFsense LAN to use the next free subnet from the /60 address space.
I configured a range for dhcpv6 from the /60 address space.
The LAN gets a ipv6 address from the pool.
I cannot ping from LAN to WAN interface.
I have a LAN rule to allow all ipv6.

Also, I have tried on the PFsense LAN to use Track Interface.
I can ping from WAN to external ipv6 addresses.
From the LAN ipv6 I can ping and traceroute to external ipv6 addresses.
From the pc on the PFSense LAN I cannot ping past the LAN ipv6.
I have good experience with HE Tunnel Broker, but this Comcast is not in the same league.

I need some pointers on what I am doing wrong with the ipv6.

JKnott

@rdunkle

Do they use DHCPv6-PD? That's the typical way an ISP provides IPv6. Did you have IPv6 with the old modem? Is pfSense configured for DHCPv6-PD?

Is there a Comcast user forum that can help?

johnpoz

If you have the device in bridge mode, and you had connected your pc... And then you connected pfsense - you would of needed to power cycle the netgear "modem" (Not really its a gateway - modem/router combo)

Pretty much any cable modem will pair with the mac it sees connected.. And to clear that you will need to power cycle it before you connect a different device.

Or! your new device you connect needs to "clone" the mac of the previous device..

Napsterbater

@johnpoz said in Comcast ipv6 / Netgear C7100V:

If you have the device in bridge mode, and you had connected your pc... And then you connected pfsense - you would of needed to power cycle the netgear "modem" (Not really its a gateway - modem/router combo)

Pretty much any cable modem will pair with the mac it sees connected.. And to clear that you will need to power cycle it before you connect a different device.

Or! your new device you connect needs to "clone" the mac of the previous device..

Cloning should (keyword) not be necessary, but I bet a power cycle with ONLY pfSense's WAN connected wold have worked.

Getting bridge mode working would be a MUCH better/cleaner setup.

johnpoz

@Napsterbater said in Comcast ipv6 / Netgear C7100V:

Cloning should (keyword) not be necessary

Completely agree.. Shoudn't be needed - but I use to when running pfsense as VM, use the technique so that I could bring up different pfsense snapshot versions on different vms, or even other router distro's to play without getting a different IP or having to power cycle the modem.. But I would just set the mac on the vm nic to be the same vs using any "cloning" feature in pfsense for example.

rdunkle

The old modem never had ipv6 support.

PFsense is configured on the wan with:
-IPV6 configuration type: dhcp6
-Use ipv4 connectivity as parent interface
-DHCPv6 prefix delegation size 60
-Send an ipv6 prefix hint
I am able to get an ipv6 address only when pfsense wan is put in the Netgear DMZ
.
What mac address would I possibly need to clone?
When the modem is in bridge mode it still is using the CM Mac address.

Another question.
When this Netgear C7100 is in bridge mode you can start to administer it on ip address 192.168.10.1. I figured if the modem is in bridge mode it becomes completely dumb. But that is not the case, as you still can access the web ui on 192.168.10.1.

I am remote from the site for a week. I will give these suggestions a try when I can get back.

Thanks everyone!

Napsterbater

@rdunkle said in Comcast ipv6 / Netgear C7100V:

Another question.
When this Netgear C7100 is in bridge mode you can start to administer it on ip address 192.168.10.1. I figured if the modem is in bridge mode it becomes completely dumb. But that is not the case, as you still can access the web ui on 192.168.10.1.

I am remote from the site for a week. I will give these suggestions a try when I can get back.

Thanks everyone!

Just because you can access the modem via that IP address does not mean the modem is not in true bridge mode. Cable modems have long been able to be accessed via a particular IP most notably the old surfboard modems but pretty much all of them can be from some particular IP.

@rdunkle said in Comcast ipv6 / Netgear C7100V:

What mac address would I possibly need to clone?
When the modem is in bridge mode it still is using the CM Mac address.

Ignore cloning for the time being. I am pretty much definite on that not be needed. What you do need to do though. Is put the modem in bridge mode and then once it's rebooted assuming it's going to reboot on its own pull the power plug from the modem completely wait 5 seconds and then start it back up with it now plugged into your pfSense WAN.

In bridge mode the modem will only allow a certain amount of Mac addresses to be bound to the bridge and cross the bridge. If you boot the modem up plugged into your personal computer and then try to plug in pfSense you will hit the limit of one that is likely on your account. So anytime you switch devices you must power off the modem completely plug it into your new device and then power back up.

johnpoz

@Napsterbater said in Comcast ipv6 / Netgear C7100V:

I am pretty much definite on that not be needed.

Never said it was... My point is if you change the device connected to the modem, your going to want to power cycle the modem before you connect a new device.

Napsterbater

@johnpoz said in Comcast ipv6 / Netgear C7100V:

@Napsterbater said in Comcast ipv6 / Netgear C7100V:

I am pretty much definite on that not be needed.

Never said it was... My point is if you change the device connected to the modem, your going to want to power cycle the modem before you connect a new device.

Op mentioned it again, was in reply to Op. Edited post to clarify

rdunkle

I got some remote hands on the modem. I set the modem to "Router mode" No. The Netgear then updated the settings and rebooted. I waited about 5 minutes. Then I powered off the Netgear. The PFSense machine was still wired to the modem. I waited ~ 30 seconds. Then powered up the Netgear.

The PFSense picked up a WAN ipv4 and ipv6. The LAN picked up an ip6 address. Clients on the LAN have functional ipv6 and ipv4.

So, just like you told me the important step was to power off the modem. I did not clone any MAC address, just went with what it had.

I can still log into the Netgear on 192.168.100.1, but the functions and menu are slim. There is not even a choice to update the administrator password.

I have some questions about ipv6 LAN - track interface and about ipv6 WAN prefix delegation, but I will start another thread for those questions.

Thank you for the correct solution.

johnpoz

@rdunkle said in Comcast ipv6 / Netgear C7100V:

I did not clone any MAC address, just went with what it had.

I am thinking my mention of cloning mac address might of muddled the conversation... This is an option for when you want to change devices and not power cycle a modem..

I use to do this when I wanted to fire up a different router distro most of the time on a vm.. So that my public IP wouldn't change.. And allowed me to switch between distros faster without having to wait for the modem to power cycle as well.

It for sure is an "option" if you do not have an easy method of power cycle the modem, or not enough time to wait for it, etc. etc.. Prob the only option you will have once you place a modem in bridge vs router mode would be to switch it back to router mode.. I hit the 192.168.100.1 address to view "status" of my cable modem for example.. Which doesn't even have a router mode.

Glad you got it all sorted.