trouble configuring WAN interface/gateway with public static IP

pzanga

I think this is the proper sub-forum for this topic, but if not, feel free to move it.
I am trying to change my WAN interface from DHCP to static and cannot get it to work for some reason. I am hoping someone can point out what I may be doing wrong and/or give me a starting point for troubleshooting. I am going to be reaching out to Comcast to see if there is anything on their end that could be causing issues.
I currently have pfsense (on a Netgate SG-1100) configured in the DMZ of my Comcast cable modem/router (Cisco DPC3941b) and it works fine. I want to place the CM in pass through mode (Comcast does not support true bridge mode with static IPs) and assign our single static public IP to the pfsense WAN. I have made several attempts at this and have double/triple checked that I have the correct static IP info from the ISP and correctly configured the CM for pass through mode. And I believe I am following the correct workflow for reconfiguring my WAN interface. But each time I do I end up with no IPv4 connectivity from WAN or LAN.

Here are the steps I have followed:

1. Reconfigured CM for passthrough, reboot, confirm settings and then power cycle/reboot (I have seen some recommendations to power off the CM for a few minutes .

2. In pfsense go to Interfaces/WAN and change Ipv4 configuration type from DHCP and static Ipv4. Leave IPv6 configuration type as DHCP6

3. Under “static IPv4 configuration” I add my static IP as the IPv4 address, with correct /30 notation.

4. I have followed 2 different paths here, both with same end result
   a) Pathway 1

   1. For IPv4 upstream gateway select “add new gateway” - default gateway checked, name WANGW and enter gateway IP provided by ISP, click Add
   2. Save interface changes

   b) Pathway 2

   1. Leave IPv4 upstream gateway as “none”
   2. Save interface changes
   3. go to System/Routing/Gateways and click Add
   4. leave address family as IPv4, enter ISP provided gateway IP as “Gateway”
   5. enter 4.4.4.4 as monitor IP (already have 8.8.8.8 as monitor on the WAN_DHCP gateway)
   6. click Save
   7. go back to Interfaces/WAN and select newly created gateway as the IPv4 upstream gateway
   8. Save interface changes

5. reboot pfsense

6. upon reboot, no IPv4 connectivity at all, gateway status on dashboard shows “offline, packetloss”, but WAN_DHCP6 gateway is online (I didn't touch any IPv6 settings during any of the above)

I haven't done any methodical troubleshooting, mainly because I am not sure where to start. But a few things I did note:

• cannot ping or traceroute any IPv4 address

• gateways widget on dashboard shows both the new WANGW gateway and the WAN_DHCP gateway, both with status of “offline, Packetloss” and both displaying same gateway IP (the public gateway IP from ISP); WAN_DHCP6 gateway is online

• tried with default IPv4 gateway set to automatic and WANGW with no change

• disabled, then deleted the WAN_DHCP dynamic gateway, with no change

• attempted to clear the monitor IP field for WANGW (no rhyme or reason why, just a shot in the dark) and when I click Save I get an error message along the lines of “the gateway IP xxx.xxx.xxx.xxx (the ISP provided gateway) is already in use”, and cannot clear the field. This occurs even after disabling/deleting the WAN_DHCP gateway. In a previous forum post it was mentioned that pfsense wouldn't let a new static gateway be created with the same IP as an existing DHCP gateway, which this seems related to. However, when I created the new static gateway, the DHCP gateway had an IP of 10.1.10.1, so it seems that pfsense then assigned the static IP gateway to the old DHCP gateway as well as to the newly created static gateway. Makes me think maybe I need to delete the DHCP gateway before adding the new static gateway.

So my questions are:

1. Are there any errors in my workflow i.e. am I missing something or doing something I shouldn't? As per my last bullet point above, I think I may need to do something differently with the gateway creation. Anything else?
2. Any troubleshooting tips? I'd like to be methodical in my approach and not so haphazard, and I'm just not sure where to start.
3. What, if anything, should I be looking for in the log files? I do have the system log file from when I was attempting this yesterday, but not sure exactly what to look for there.

Thanks for reading through my post. If any further details are needed, please let me know. Any and all help is greatly appreciated.

pzanga

Well, I figured out the issue, so thought I should post what I found, even though I feel a bit stupid now. Seems the main problem was a lack of knowledge on my part and that of Comcast Tier 1 support. Basically I had my gateway IP and static IP reversed.

Turns out that since we were originally using the Comcast CM as a modem/gateway without a firewall behind it, and then later set up the firewall in the CM's DMZ, the gateway IP was functioning as our public static IP. It didn't help that the person who set up the network had documented the gateway IP as our static and vice versa. And Tier 1 support apparently had no clue. It took Tier 2 support to point out my mistake and of course it seems fairly obvious to me now. I suppose my one remaining question is whether this is typical behavior of static IP implementations or specific to Comcast and/or other ISPs? Either way, lesson learned.

I should note one thing. I am 99% sure I did try reversing the gateway/public IPs when I first failed in configuring the static WAN interface, and that it did not work. What I did differently this time, however, was power cycle both the CM and FW, as opposed to just rebooting each; a simple step, mentioned by others in various posts, that might have helped me solve this sooner. Another lesson learned.