Switched ISP, PPPoE to DHCP
-
Very quick one which is probably down to my stupidity but i'm going to ask and i did search but DHCP brings up other posts about local network.
I have recently switched from one UK ISP on FTTC which used PPPoE to an altnet which uses DHCP on FTTP. All i have done in pfsense is switched the WAN interface and i have internet yay but all of my firewall rules (BQM monitor to thinkbroadband, port forwards for the 2 game server i run for my friends) have just stopped working.
Have i missed something?
-
Anything referencing the old PPPoE gateway might need to be changed to the new WAN_DHCP dynamic gateway. But rules on WAN allowing traffic to, say, WAN address should still apply.
Unless you created a new interface almost everything should carry across a change like that.Steve
-
@stephenw10 Thanks for the reply, I thought i removed all the references to the PPPoE stuff. I have a new box turning up in the next few days to migrate my VMs to (including the PFSense VM) I may just rebuild the router and see if that fixes everything.
-
So doing some playing I notice the following the IP i get from a "what is my IP" lookup and what appears in the addresses on the interface are different.
For example:- what is my ip = 188.74.x.x
WAN interface on pfsense = 100.64.x.xMy no-ip dynamic ip points at the 188 address so i'm guessing this is why the port forwarding is borked? I did some testing with a friend by opening ICMP to just his public IP and doing packet captures all i could see where 100.x addresses. Is this a case of chatting to my ISP?
-
@f022y You are behind carried grade nat.
This is where 100.x is used for.
Unless your new isp can switch you to "public" ip, nothing related to port forward will ever work. -
@netblues Thank you for the reply, i had a horrible feeling that would be the case.
-
@f022y CGNAT only applies to IPv4, see if they can get you on an IPv6 address.
Doubtful, but worth a try. -
@jarhead one can get a tunneled ipv6 from hurricane, but the whole point is most probably irrelevant to the op.
-
@netblues said in Switched ISP, PPPoE to DHCP:
@jarhead one can get a tunneled ipv6 from hurricane, but the whole point is most probably irrelevant to the op.
No, what I meant was from his ISP. If they have IPv6 capabilities he wouldn't be behind the CGNAT.
Problem is, not many ISP's offer v6 yet. -
@f022y said in Switched ISP, PPPoE to DHCP:
WAN interface on pfsense = 100.64.x.x
Yup, CGN. That will prevent any port forwards working. So likely the firewall rules are actually fine.
Steve
-
So got an email today from their support to confirm CGNat is used but i can buy a static IP for a monthly fee I see on their website they support IPv6 so asking about that.
-
@f022y Getting a static ipv4 is your only viable option
Life with ipv6 only needs also some kind of nat upstream, if you are to be connected to the Internet as we know it.Sad but true :)
-
@netblues bugger. Annoyingly since discovering CGNat (i'll be honest never came across it in the UK must have been lucky) this explains a few things.
Since switching i've had strict NAT on my PS5 which i've not been able to work out, previously I would look at port forwarding to fix but obviously i now know why that didn't work.
-
So after a chat with my ISP they offered me a free public IP, all my rules work again!!
Thank you all for the help i'd never come across CGNat before. The more you know.
