Old age newbie in need of assistance regarding WAN IP

TerryB58

Hi all, as the subject title, I am in need of some assistance.
I have searched this group and found similar but not quite the full monty.
I have set up my pfSense (2.5) on a Fanless Firewall Micro Appliance/Mini PC with 4x Intel Gigabit Nics.

I am connected to my ISP by a HG366 router (Wifi turned off) and my pfSense (igb0) is getting a local IP and I have internet access from all the other LAN's that are connected to the 3 remaining NIC's.
I have a Wireless router connected to igb1, and the other 2 ports are in use by two other LAN's.
All LAN's have internet access and I have currently got it set so each LAN is accessible from each other - this will change in the future.

My issue is when I set the router to bridge mode and turn DHCP off my pfSense WAN port gets a public IP address but I then have no internet access from any of the LAN's.
I then have to change my WAN to static IP, same range as my router and add the router as an 'upstream Gateway' to once again get access to my router to change it back. OK, I could connect direct to the router and change it back but that requires me moving :-). Once I get access to the router (still in bridge mode) it is showing as 'showtime' and showing my up/down speeds.

I want to change my router as the HG366 only has 100Mbps Ethernet Ports. However, before I spend more I need to know that I can get this to work as I think it should do.

I have BMS controllers on one of my LAN's for work and ideally I want these accessible via VPN from site when I am working away. The current setup is making it difficult as I would need to port forward from the router to the pfSense then do the rules in the pfSense to direct to my controllers.

Can someone point me in the correct direction regarding the original issue of the pfSense getting a Public IP but no Internet access, please?

Sorry for the long intro but I thought more info would be better TIA

NogBadTheBad

@terryb58 Who is the ISP.

You may need to modify the WAN interface to PPPOE.

TerryB58

@nogbadthebad many thanks for the response.

I had previously tried PPoE and added my details but no joy.
However, I am unsure of my details due to them being from many moons ago, I am with the same ISP but now on VDSL2 and the current modem does not have any username/passwords etc.

I have also added a VLAN 101 assigned to the WAN port as the ISP uses VLAN 101.

I have just done another test and when I get access to the router and in the diagnostic ping I cannot ping my dyndns host - error hostname not found so it could be a DNS issue perhaps.

Thanks again,

dma_pf

@terryb58 said in Old age newbie in need of assistance regarding WAN IP:

I have just done another test and when I get access to the router and in the diagnostic ping I cannot ping my dyndns host - error hostname not found so it could be a DNS issue perhaps.

If it's a DNS issue you will be able to ping 8.8.8.8 and not be able to ping www.google.com. If both fail than it's not your DNS.

You might have a NAT issue. What is your Default Gateway in System/Routing/Gateways? Can you post a screenshot of your NAT outbound rules?

TerryB58

@dma_pf
Hi, just tried to ping 8.8.8.8 from within the router whilst it is bridge mode and all packets failed.

Unfortunately I have to be away from my system for a few hours now, I will have to put things on hold until tomorrow.

Will post some screen shots then.

Many thanks for assistance.

AKEGEC

@terryb58 Who's your ISP? If it's UK I will try to guide you.

TerryB58

@akegec

Many thanks for the offer, my ISP is TalkTalk.

I have spent a bit of time on this this morning with some success.

I placed the HG366 router in bridge mode and disabled DHCP.

I then set the WAN port of pfSense to PPPoE and just entered dumb info into the user name password. As the ISP has stated none required but pfSense required an input.

I then added a VLAN 101 and attached to the WAN port.
After a reboot of the router my WAN interface status showed as UP with a public IP address and I then had internet access.

But, after a few minutes I lost internet access and my WAN port was showing as down.

It appeared very hit and miss, perhaps it is the router causing issues. I really need a better one, but I also need to know it will all work before I spend more.

On a side note, if I get a modem with multiple ethernet ports and set the new modem in bridge mode, do the other ethernet ports no longer connect?

TIA

AKEGEC

@terryb58 the probs could be anything. try to configure DHCP in pfsense. But usually something is blocking, see if any connection blocked from or to your ISP, firewall log (status>system log>firewall) and would you share a screenshot of your states (Diagnostics > States) make sure to cover/blur your info.

stephenw10

If the modem auth is set to DHCP/IPoE you should not be using PPPoE. It's only working there by some chance which probably explains the seemingly flaky connection.

You said with DHCP set pfSense gets a public IP but there is no connectivity.

How were you testing that? Does pfSense itself have a connection from Diag > Ping?

Steve

TerryB58

@akegec

Cheers for the assistance, I will have a look tomorrow, beer and football delaying things. :-)

TerryB58

@stephenw10

When I set the WAN to DHCP, I did get a public IP, however no matter what I tried I could not get internet access. As @AKEGEC has stated, probably something blocking traffic.

Tomorrow is another day to delve further.

I have currently set my WAN IP address as a DMZ in my router and set up Port Forwarding which has enabled access when I am away from home, not ideal but it is working.

Cheers

stephenw10

Actually pulling a public IP via DHCP but not being able to connect out is unusual.

It could only be a few things. No default route or an invalid default route maybe.

If you can ping, say, 8.8.8.8 from the firewall itself but not a clinet then it could be an outbound NAT problem. If you can ping 8.8.8.8 buit not google.com it's a DNS issue.

Steve

TerryB58

Success.

I tried again this morning, doing the exact same this I have done over & over.

HG366 in bridge mode - DHCP off

pfSense WAN set to DHCP

Rebooted HG633

Status, Gateways, WAN_DHCP - online
Status, Interfaces, igb0 Wan - Public IP
Status, OpenVPN - PIA Connected
Diagnostic Ping 8.8.8.8 - success

Checked a web site tab from my browser - no connection.
Tried another as everything should be working - success

Not sure why it hadn't worked for the past few days, but it is now.

Many thanks for all the comments and assistance.

Stay Safe.

Edit - I had a VOIP & TV connected to other ports on the HG366 - I disconnected them for this test. May I now assume that having these plugged in to a bridged modem would stop the pfSense, or at least make it flaky?

stephenw10

In bridge mode it would only expect one device I imagine. It could have been handing a public to one of those other devices.

It's more likely though that the OpenVPN connection was causing an issue if you're using that as a WAN. Especially if it's the default gateway.

Anyway glad you got up and running. If you're connected over VDSL2 without g.fast then you won't see any benefit to going to a 'modem' with 1G ports. You will never pass >80Mbps anyway.

Steve