pfSense Spectrum
-
Re: pfsense with Spectrum Internet
After reading the above topic several times over and over again, it seems as tho you can not set up a private IP Address on the WAN interface if you are connecting the modem directly to the pfSense box. If this is true, then can you set a private IP Address for the LAN interface and have the two talk back and forth to each other? I've been trying to get my network set up with my Spectrum modem connected directly to my pfSense device which is an older watchguard firebox.Is there any way to set up a private IP Address for the WAN interface and be able to get out into the internet from a LAN computer?
-
@StacyAnn33 Sounds like you are behind a modem/gateway that is assigning a private IP on it's LAN side via its own DHCP? If so, you need to turn off the checkbox at "Interfaces/WAN/Reserved Networks/Block private networks and loopback addresses" so it won't ignore a private address. But if you could set your gateway to bridge mode you would be better off, avoiding the double NAT.
-
Ok, I did try that and it didn't seem to do anything. Currently I have the dhcp setup for WAN configuration. Tho I can not even get to the LAN webgui to change anything. I took time and unplugged the modem itself to set up all interface IP address with a /16 subnet mask as that's what my wifi router needed just to connect to the internet before. Seems as tho if I factory reset pfsense everything works just fine. Tho, I'd rather not have my ISP giving out my LAN ips. But since I can't even connect to the webgui to change any settings once I set the private IP's all around, it tends to leave me stumped because I simply can't figure it out. I can post my network settings if it will help. I tend to have them memorized. It just stumps me because of my own IT background. I do happen to have an associate degree as a Help Desk Support Specialist from a few years ago, but I didn't really learn any of this in the program itself. If I can get back to the webgui I will try your suggestion as it seems to have worked for others. But like I said, I can't even connect to the webgui unless I factory reset pfsense itself.
-
@StacyAnn33 Yes, post your WAN/LAN settings. You may want to pick up a copy of the pfSense book from https://docs.netgate.com/pfsense/en/latest/book/index.html and review https://docs.netgate.com/pfsense/en/latest/book/install/index.html
-
My WAN settings are totally configured by DHCP from Spectrum.
My LAN Settings are 7.7.7.1/16.
I do have Opt1 as 8.8.8.1/16
Opt2 10.10.10.1/16
Opt 3 9.9.9.1/16Now when I unplug my Spectrum Modem and allow it to reset before plugging the net cable into my watchguard firebox with pfSense installed and I plug the modem back in and allow it to boot up, the only connection that seems to be active is the WAN as it is configured via DHCP from Spectrum. Like I said previously I cannot get a connection on my LAN at all. Which the way I want my entire home network setup is Spectrum modem > pfSense > Cisco 2960 switch > Patch Panel, with the patch panel being the end of it as it will get connections from either pfSense or my switch via DHCP. Oh, I forgot one, I'll also have my linksys router for Wifi Connections as I do have several wifi devices, which would hopefully have it's own IP Address or it will acquire one from either Opt1-Opt3 interfaces. I simply may have to switch it to bridge mode for that to work how I want it to.
Yes, I will happily get myself a copy of the pfSense book as well as review the other link so more familiarize myself with pfSense. I do ofcourse appreciate the help as well.
-
I hope those are not your real IP addresses.. 7.7.7.0 belongs to the department of defense and 8.8.8.0 belongs to Google.
Static IPs work just fine on the pfsense WAN. If the static you are attempting to use really does belong to you and you have set it up correctly it will work. The OP in the link you provided had other configuration issues obviously. Like I said in that post.. My Spectrum customers all work just fine.
Im betting you have no reason at all to be using /16 on your networks.. You should make those a more realistic number.
-
This should work without any special setup. You don't even need to uncheck
Block private networks and loopback addressessince that only applies to incoming connections.Assuming here that you are not just trying to access the modem it sounds like you just have a subnet conflict. Probably both your Spectrum modem (actually a router) and pfSense are using 192.168.1.0/24 on their LANs. Also assuming those IPs above are not what you actually have there. If they are then, yeah, that's completely invalid, change those subnets to real private address space.
Steve
-
Ok, I didn't know that those two addresses where used by Google and the DoD. I have been using the 7.7.7.0 address for quite some time and have never had an issue with it until now. I will change them both when I get home from Thanksgiving tonight. I will also double check everything else as well. I hope everyone has a good Thanksgiving.
-
Just to be clear are you getting a public IP on the pfSense WAN via DHCP?
It looked like you are not initially but now I'm unsure...
Steve
-
Yes, I do get a public IP on the WAN interface. It's the LAN, Opt1, Opt2 and Opt3 all have no connection even with a statitc IP.
-
https://en.wikipedia.org/wiki/Private_network
-
Ok, so if you are getting a public IP on WAN then check you can connect out from pfSense itself. In webgui go to Diag > Ping and try to ping an fqdn, say, google.com. If that fails try 8.8.8.8.
If those succeed but clients inside cannot connect you may have a NAT problem, check Firewall > NAT > Outbound mode is set to automatic.
Or it could be a bad route, check you have a default route showing in Diag > Routes.Steve
-
@StacyAnn33 said in pfSense Spectrum:
where used by Google and the DoD. I have been using the 7.7.7.0 address for quite some time and have never had an issue with it until now.
Wait .... you choose these IP's yourself for your own usage ??
You saw any of these lately in your neighbourhood ?
-
Ha. I mean it's bad, you shouldn't do it, but it's all NAT'd it would only prevent you reaching any IPs in those subnets.
-
@stephenw10 said in pfSense Spectrum:
only prevent you reaching any IPs in those subnets.
Well, here we are :
@StacyAnn33 said in pfSense Spectrum:
and have never had an issue with it until now.
Example : if you use 7.7.7.0/24 on your LAN, you can't reach 7.7.7.0/24 on the Internet.
-
Gertjan,
Um, Yes I've seen those around since I do happen to live near a National Guard post. So yes, I do tend to see them from time to time. Yes, I chose them for myself and I never had an issue reaching google before. I kid you not, I do live next to a National Guard post and I had no previous issue reaching google. But with that said I did change them last night and was going to test what stephenw10 mentioned.
-
Ok. I have figured out the issue. I am just a little unsure how to fix it. Issue is a gateway issue. That is the only thing that is stopping me from being able to ping anything straight from pfSense. Once I figure that out I should be ok. Everything else looks like it's set right.
-
What sort of gateway issue? Not there? Doesn't respond to ping? No default route?
Steve
-
It responds to ping. Default Gateway is set as WAN static IP. Which I did change to a more appropriate private address space. There is no default route. Gateway is set for DNS servers in General Setup. So yes, there is no default route.
-
You said your WAN is DHCP and receives a public IP address. It should therefore receive a gateway from the ISP at the same time and that will be the default gateway unless you have any other gateways defined (which you should not).
What is configured as the default IPv4 gateway in System > Routing > Gateways?
Set it as the WAN_DHCP gateway if it is not.Steve
-
@stephenw10 ok, I really got stupid for a bit.i have to admit I didn't even realize my linksys router was set to dhcp for the wan port. I've been in and around its firmware more than enough that I should have known that. But oddly enough I didnt. So I just did exactly what you said without knowing you had said to do that for a few minutes. So now its working as it should. So yes I seriously got stupid for a bit.
-
It's easy to overlook stuff especially when you've been trying things over several days.
So is it up and running as expected now?
Steve
-
Yes, the only thing left for me to do is get my wireless router connected up to it. Thanks everyone for all the help. I really learned something along the way.
