WAN IP, Behind "Router"

  • Hi,

    My apologies, as I'm sure someone has already solved this, I searched but just couldn't find it ๐Ÿ˜ž .

    My pfSense box is behind another "router" (cable modem) - and I can't avoid that, it's just the way it is. That's fine, but I'm seeing then that the WAN address isn't really my external IP, so then some UPnP and NAT-PMP items fail ... as the WAN IP fed back to them is incorrect.

    Is there a way to have this be detected correctly? Perhaps the WAN address overall, or perhaps just for UPnP and NAT-PMP (better answer?).


  • @arrmo UPnP in pfSense in a doube-NAT situation is broken for many months now. Only the development version was fixed, as far as I know. So the "Solution" is not to use UPnP with pfSense in this situation.

  • Gotcha. FYI, I'm running 2.5.0-DEVELOPMENT => not working in this version either?


  • @arrmo There it should work, not tested it myself.

  • FYI, it works if I (forcefully) override "Override WAN address" ... but of course, with a dynamic IP, that's not such a great answer ... LOL.


  • How about setting your modem to Bridge Mode, that way your WAN interface on pfSense will pull a public IP address and your double natting issues will go away.

  • Yep, agreed - but their firmware won't let me do that. Some settings are locked out ๐Ÿ˜ž. Would be nice to be able have the actual WAN detected for PNP.


  • Netgate Administrator

    The reason that UPnP was initially disabled upstream for private WAN IPs is that generally it won't work anyway.
    UPnP does not 'pass-through' the requests to an upstream router. It can only open and forward ports if the upstream device is already forwarding all traffic to pfSense.


  • Gotcha. And yes, I to have DMZ on (just not bridged, like asked about above). So PNP can work, it just needs the right IP address ๐Ÿ˜†. I manually entered it, then PNP is fine, but being a dynamic IP that's not really a great approach - rather, detect the real internet IP.


  • @stephenw10 said in WAN IP, Behind "Router":

    The reason that UPnP was initially disabled upstream for private WAN IPs is that generally it won't work anyway.

    The real reason was that the miniupnp guys changed their software and that got integrated into pfSense. Then they fixed it or made a patch, because there are still many use cases, and that is still not back in the regular pfSense.

    @arrmo I thought that 2.5 got the fix. If you still have to do anything manually then this doesn't seem to be the case. ๐Ÿ˜ž

  • @Bob-Dig No worries! I did check, with a specific server trying to use UPnP. If I don't manually set the WAN IP, it flags "Router WAN IP: Unknown". But if I set it ... it's happy, and uses it.

    I also have no issue writing a script to get my WAN IP, but not sure how to then set the variable in pfSense ๐Ÿ˜ž


Log in to reply