No internet connectivity after replacing cable modem
-
I have an existing pfsense installation (21.02-RELEASE-p1) which I have been using for years. All the time I had my ISP's router ("Vodafone Station") in front of the pfsense, which provided an IP address via DHCP on the pfsense's WAN interface. Usually I had 192.168.0.10 as my WAN IP, and the other router was having the actual internet connection.
My private LAN networks are in the 10.0.0.0/16 space.
Now I have replaced this second router ("Vodafone station") with an actual cable modem, the TC4400. When connected, the pfsense will first receive a 192.168.0.xx address on the WAN interface, but once the TC4400 is synced with the cable network, the WAN interface on the pfsense will have the public IP assigned (178.xx.xx.xx).
The problem is, that I no longer have internet connectivity, neither on any of the clients in my network, not on the pfsense box itself.
To make sure its not an ISP issue, I have connected the TC4400 directly to one of my PCs. I would get an IP in the 80.xx.xx.xx space via DHCP, and internet would work fine.
Trying some pinging yields:
[21.02-RELEASE][root@pfsense]/root: ping 1.1.1.1 PING 1.1.1.1 (1.1.1.1): 56 data bytes ping: sendto: Permission denied ping: sendto: Permission denied ping: sendto: Permission denied ping: sendto: Permission denied ping: sendto: Permission denied ping: sendto: Permission denied ^C --- 1.1.1.1 ping statistics --- 4 packets transmitted, 0 packets received, 100.0% packet loss [21.02-RELEASE][root@pfsense]/root: ping 10.0.60.1 PING 10.0.60.1 (10.0.60.1): 56 data bytes 64 bytes from 10.0.60.1: icmp_seq=0 ttl=64 time=0.403 ms 64 bytes from 10.0.60.1: icmp_seq=1 ttl=64 time=0.211 ms ^C
In the pfsense web interface under routing/gateways I can see the default gateway named "DHCP_WAN" with the supposedly TC4400 IP (178.xx.xx.1). Is this correct? When my supposed public IP is something like 178.xx.xx.86, then there should be no "modem IP" like 178.xx.xx.1 "in between"?
What configuration do I have to change in order to get the internet up and running again?
-
If you're using DHCP, something has to tell pfsense the address has changed. I would expect something like the connection dropping briefly. Do you have a switch between the modem and pfsense?
-
@jknott I had like a dozen of reboots of the pfsense, should this be sufficient?
There is no switch between modem and pfsense. The modem is connectes directly to the WAN port of the pfsense.
-
Well, it's time to start some packet captures to see what's happening. As I mentioned, something has to tell pfsense to get the new address. As for rebooting, Is the modem going through the same steps when you reboot pfsense? If so, then all you're doing is repeating the situation. The only alternative I can think of, other than the modem dropping the connection s an extremely short DHCP lease on the first address.
Disconnect the modem and reboot pfsense. Once it's up, start Packet Capture on DHCP and reconnect the modem. You might keep an eye on the Ethernet LEDs to see if the link drops briefly when the modem changes addresses.
What happens if you use the ifconfig command to disable and enable the WAN port?
-
@jknott said in No internet connectivity after replacing cable modem:
Well, it's time to start some packet captures to see what's happening. As I mentioned, something has to tell pfsense to get the new address. As for rebooting, Is the modem going through the same steps when you reboot pfsense? If so, then all you're doing is repeating the situation. The only alternative I can think of, other than the modem dropping the connection s an extremely short DHCP lease on the first address.
Disconnect the modem and reboot pfsense. Once it's up, start Packet Capture on DHCP and reconnect the modem. You might keep an eye on the Ethernet LEDs to see if the link drops briefly when the modem changes addresses.
What happens if you use the ifconfig command to disable and enable the WAN port?
Okay so, in fact, I had a second router running OpenBSD, and it was suffering from the same issues. I had set up the OpenBSD box as replacement for the pfsense even, and I have used for a while now instead of the pfsense, but now I switched back to pfsense to track down the internet issues.
As it turned out, I had a firewall rule which was preventing the traffic:#--------------------------------------------------------------------------- # default deny rules #--------------------------------------------------------------------------- block in log inet all tracker 1000000103 label "Default deny rule IPv4" block out log inet all tracker 1000000104 label "Default deny rule IPv4" block in log inet6 all tracker 1000000105 label "Default deny rule IPv6" block out log inet6 all tracker 1000000106 label "Default deny rule IPv6"
Which is a bit weird, after I removed the
block out log inet
things went back to normal. I don't quite understand this; since I don't have succeeding pass rules, which should have allowed outgoing traffic. So this rule should have blocked internet even before I have replaced the cable modem? The essential change was that the WAN IP of the box changed from 192.168.0.10 to 178.xx.xx.xx (public IP).