WAN DHCP not obtaining public IP from provider's router



  • It seems I'm going to start chasing my tail again.

    My provider uses a BGW 210-700 (from now on referred as router) and it has IP Pass through capabilities.

    I've tried in three different locations to setup a pfSense box for IP Pass through and it won't get the Public IP - it gets the class C IP from the router.

    To test got a linux box connected to the router, did the IP Pass through and the same, won't get the Public IP.

    Tried the same test with a windows box and it worked fine; got the public IP first attempt.

    At this point I'm assuming there is a difference between the dhcp client requests from freebsd/linux/windows, so will sniff the traffic to see how they request the info from the DHCP Server and compare.

    If you guys have any clue, will be appreciated.

    If I found the cause, will also post.

    Regards,
    Al



  • @amello

    There shouldn't be any difference between Windows and Linux/Unix. DHCP is DHCP and is a very simple protocol. That you're getting RFC 1918 addresses indicates the router isn't configured for bridge mode. What addresses are you getting ith Linux & pfSense?



  • I know some ISP equipment will only lease out a single IP address, to be sure power-cycle your equipment prior to connecting pfSense and see if that makes any difference.



  • @JKnott said in WAN DHCP not obtaining public IP from provider's router:

    @amello

    There shouldn't be any difference between Windows and Linux/Unix. DHCP is DHCP and is a very simple protocol.

    I'd agree with you, but in my case is only working on Windows.

    That you're getting RFC 1918 addresses indicates the router isn't configured for bridge mode. What addresses are you getting ith Linux & pfSense?

    I do get RFC1918 addresses on pfSense and ubuntu; Windows gets a public IPv4.

    @awebster said in WAN DHCP not obtaining public IP from provider's router:

    I know some ISP equipment will only lease out a single IP address, to be sure power-cycle your equipment prior to connecting pfSense and see if that makes any difference.

    The tests were successfully done with Windows, after the two other attempts with FreeBSD and ubuntu, so no power cycle is needed.

    Will analyze the sniffs to see what's different.



  • Quick update:

    WIreshark shows that, if the dhcp clients send a request for the public IP, the router ack and assign that IP; if the client sends a request with the class C IP and the client is setup in pass through, the router is not ack with the public IP.

    Only can think it is a bug on the router firmware, so if you are using BGW210-700, you might be facing that issue.


  • Netgate Administrator

    Does the DHCP server appear the same in both cases? If it appears to be a public IP (or just something upstream) when it gives a public IP but something local when it gives private IPs you can just set the WAN to reject leases from the local server address.
    If pfSense is asking for a private IP that's because it one had that. You can probably remove that, though I'd have to dig to find out where!

    Steve



  • @stephenw10

    It is the ISP router for sure. Tested with a new one and worked fine. What I noticed was that when the client had the Public IP before and sent the request to the server to get it, the server ack with the public IP. When the client had a private IP, the ack didn't came with the public one, but with the private.
    The new router has software version 1.10.9, and my pf has the public IP now.

    Edit: To answer your question re: the DHCP server, yes, the only ack I see is from the router, so no conflicting DHCP servers on that LAN.



  • @stephenw10 said in WAN DHCP not obtaining public IP from provider's router:

    If pfSense is asking for a private IP that's because it one had that. You can probably remove that, though I'd have to dig to find out where!

    If there is a way to tell pf to request an IP from the DHCP server, I could try to setup to ask for the public one. Hope once it is assigned will continue in case it changes, as now I have dynamic IPs (Cancelled my public subnet to save $).



  • @amello said in WAN DHCP not obtaining public IP from provider's router:

    (Cancelled my public subnet to save $)

    That might have something to do with what you were experiencing. I don't think you mentioned the public subnet before, but it is relevant. I don't know how your ISP works, but it might have something to do with MAC addresses etc. For example, with pfSense, when you map an IP address to a MAC, the device with that MAC will always get the assigned address and other MACs will get an address from the pool. Perhaps something similar is happening with your ISP.



  • @JKnott

    Not the case, I've tested with four different sites. Only worked when I used a new router. Probably will have issues agein when the firmware is updated - I can't prevent from happening. The only hope is that, as pf has the ip already, the DHCP will let it be :)



  • Hi,

    Check out this option :

    https://forum.netgate.com/topic/147480/sg-1100-not-getting-wan-ip-if-internet-is-connected-after-solid-black-diamond

    They permit, among others, the DHCP WAN Client to refuse RFC 1918 IP's.


  • Netgate Administrator

    If the local router gives you a private IP from it's own DHCP server you can just set the WAN DHCP client to refuse leases from that server.
    But you can only do that if the DHCP server that hands you a public lease is not that same IP. Otherwise you've refused all leases 😉
    https://docs.netgate.com/pfsense/en/latest/book/interfaces/ipv4-wan-types.html#dhcp

    Steve


Log in to reply