• Ok really need some help here as I'm losing it. I've spent the last two hours trying to figure out what the issue is to no avail. Really need some help as I don't want to nuke my current pfSense setup if I don't have to do so. So here are the particulars:

    • I had an (Metro) Ethernet connection running to my house with 40/40 and with 5 IPs from my provider.
    • My internal LAN has been setup with with
    • I have vLANs that operate at 192.168.2.x 192.168.3.x and 192.168.50.x
    • I switched my provider and now have Cox residential service (300/30) with just 1 dynamic IP.
    • I purchased a Motorola 8600 cable modem, which seems to default to for internal traffic

    So I connected to the router via SSH and changed it so that my WAN ip would now be pulled via DHCP. I then powered off the router, powered on the modem and then powered it back up (the router) with the Ethernet connected to the modem. I have not gotten past this step as my modem shows it is connected to Cox, however, I can't get to the internet.

    When I got to Status > Interfaces: it shows the IP that I am being assigned by Cox!alt text
    However when I got to Status > Gateway: it shows that the WAN DHCP gateway is "offline." alt text

    I've checked the firewall logs and I see nothing except for IPv6 traffic that is blocked by default.
    However, I can not browse to any websites, or directly by IP addresses. I can't ping, I can't even ping the Gateway address in the image above. At first I couldn't browse to from behind the pfSense, however, now it lets me.
    When I go to this address and log into the modem it tells me that the modem is connected to yet another private IP alt text. I can ping this address from pfSense.

    I'm at a loss and need help. Please let me know what I'm missing. Thank you in advance.

  • LAYER 8 Netgate

    It doesn't look like you are missing anything.

    Did you set something like manual outbound NAT before? (Firewall > NAT, Outbound)

  • No outbound is set to Automatic Outbound NAT rule generation.

    However, there do appear to be automatic rules that were created. Do I need to refresh this? I don't see a way to delete these rules and see if that might help.

  • LAYER 8 Netgate

    No. They should be fine.

    You should be able to ping that gateway address. Not exactly sure why you wouldn't be able to.

    Have you called your ISP?

  • LAYER 8 Netgate

    I have Cox and a Motorola 8600 too. It just worked for me.

    I do not have an address on the modem, however, so that's different:

    Screen Shot 2019-08-19 at 12.57.23 AM.png

    It looks like my firmware version is about a decade later than yours.

  • I will call them tomorrow morning.
    Just want to be sure that I'm not crazy, or didn't setup something correctly. My understanding is that this modem operates in Bridge mode, so I wanted to make sure there is nothing I need to do in pfSense to make sure that it is operating correctly. Why can I ping a 10.130 address but not the gateway? I'm wondering if I need to set the gateway as the IP address given to me by the modem? Could that be it? If so how can I change it considering since I have it coming from DHCP it doesn't allow me to change the ip just says "dynamic"

  • LAYER 8 Netgate

    You should not have to do anything. DHCP will assign your WAN address, subnet, and gateway.

    Your firmware version looks ancient compared to mine. I would start there.