Brand new SG 5100 trouble
-
I just bought a new SG 5100 after using one of the cheap prebuilt boxes for a while. I don't have a networking background, just really just a basic home user. Probably pfblockerng, snort, and vpn after awhile. I recently just got frontier fiber optic internet, and tried connecting to my ONT. I am unable to pull and IP address, and I'm unable to figure out why. All my settings on pfsense are standard out of the box, no packages. I'm getting a pending message for both dhcp4/dhcp6 gateways, and it cant start the service. I contacted frontier and they said they don't need any mac assignment for a router. Otherwise my internet is working with frontiers own router. Any help would be appreciated.
-
Focus first on DHCP4.
It should work right away, when you put pfSense right after your ISP router.
You'll loose a couple of milliseconds (latency).Before you start even thinking about removing the ISP router, you should know how your ISP has set up the connection = the IP negotiation, between the ISP router and it's own equipment.
It could be as simple as 'DHCP client' on the router (pfSense) and is you're good. -
When I spoke to frontier they said I can use my own router, and they do nothing to prevent me from doing as such. I'll try plugging pfsense in behind their router and see if that works. Im using all pfsense factory settings, and I can plug my windows 10 PC into the ONT and get an IP. Should I try logging into the frontier router and release the IP? I saw that was an issue with verizon fios.
-
@pfsensefiber said in Brand new SG 5100 trouble:
I'll try plugging pfsense in behind their router and see if that works.
Put their router in bridge mode, otherwise you'll not get IPv6 working.
-
Checked connections on frontier router and it's just dhcp4. I released the dhcp lease on the router then unplugged it to aquire a new IP when I connect to the wan of pfsense. I also spoofed the wan mac address to match the frontier router, but still nothing. I can bridge the frontier router and disabled dhcp, but I wanted to eliminate it all together. Any thoughts?
-
I don't know about Frontier, but putting the ISP provided device into bridge mode is quite common. That's what I did on Rogers.
-
@jknott said in Brand new SG 5100 trouble:
but putting the ISP provided device into bridge mode is quite common.
If the incoming 'line' is some POTS with an ADSL carrier, that you need this device.
Something has to "translate" that bunch of frequencies on a phone line to a Ethernet compatible connection.
But when you have a ONT type line terminator, with an Ethernet plug, there is no need to convert Ethernet to Ethernet (right ?) The ONT is already bridging laser light to Ethernet.A couple of ISO layers higher, if the ISP router only does "DHCP" and some basic routing, then it isn't needed : pfSense can do this out of the box.
Anyway, this is me talking without actually seeing (== touching) such a connection.
I'll have my "fiber ONT" very soon now.
Still don't know if I will chose for the ONT with 'fiber out' - and use a SPF capable pfSense device.
Or take the ONT-with-Ehernet jack. -
@gertjan said in Brand new SG 5100 trouble:
If the incoming 'line' is some POTS with an ADSL carrier, that you need this device.
Yep, that's why you put it in bridge mode. It still handles the ADSL signal, but leaves the router/firewall function to a separate box. I'm on a cable ISP, but the idea is still the same.
-
So I was able to find some information related to my problem. You do have to set the gateway to bridge mode. There is a certificate authentication process that can only be handled by the frontier gateway. Supposedly there is a workaround on pfsense, but it's way over my head. Here is the link on reddit.
[https://www.reddit.com/r/PFSENSE/comments/eukg72/is_there_a_way_to_completely_remove_the_att/]
The other problem I have with my gateway is that there is no bridge mode. So I ended up disabling everything on the gateway except for dhcp, and set a dmz. I then set it to forward all packets to a mac address I set for the wan on pfsense.
Everything has been working perfect, so I guess this is what I have to live with until there is a better solution for certificate authentication on pfsense.
