No WAN connectivity (Static IP)
-
Hmm, that's got to be something low level then. Like the gateway is configured with static ARP for that IP, which seems unlikely.
I would try to connect a separate client directly even if it's not a laptop and make sure that static IP works there.
Otherwise using one of the switched ports as a WAN might reveal an issue if the WAN port is somehow dropping the incoming packets in hardware. I've only ever seen that with DHCP though and that was fixed in 23.05.
-
@stephenw10 I have tried 2 different old gateways - one d-link and one netgear. Totally different MACs and they would need to ARP for the gateway. Incidentally I also did a pcap from the netgate while one of these was establishing it's connection and could see it's ARP go out (never saw a reply though which is interesting!)
I will try switching to one of the WAN ports. Given the above fail to see the reply it does sound like responses might be getting dropped.
-
@pawprint said in No WAN connectivity (Static IP):
Incidentally I also did a pcap from the netgate while one of these was establishing it's connection and could see it's ARP go out (never saw a reply though which is interesting!)
How was the Netgate connected? I wouldn't expect it to see the ARP reply from the gateway unless it was somehow inbetween the modem and router.
-
@stephenw10 I had the netgate wan port connected to a standalone switch, also the wan port on the other device and the modem on the same switch. The netgate was in promiscuous mode.
-
Yeah, the switch should not have passed an ARP reply to pfSense in that scenario because it's sent back to the specific MAC of the other router WAN and the switch knows what port that's on.
You'd need an old skool hubto see it.
Or to setup a mirror port on the switch if it supports that. If you have a switch that can do that it would be a very good way to test what's happening when pfSense is trying to connect.
-
@stephenw10 right - duh...
OK I tried setting up a one of the switch ports as a WAN and still no joy.
I have a pretty nice Cisco 48 port switch that I believe will do it. I can't easily access that at the moment because of this gateway problem (no DHCP for my entire network or internal DNS etc) I'll see if there is some way for me to connect to it.
I'm basically out of ideas at this point.
-
Yeah, there really doesn't seem to be any reason it's not responding.
It likely is responding and somehow pfSense just never sees it....
A mirror port on a switch should at least confirm what's not happening.
-
@stephenw10 Another idea has presented... I have a spare RasPI so I've installed that and will bring that up directly on the modem with the static IP. That should allow me to get the MAC of the gateway as well as confirm the connection to it. Once I have that I'll try adding the MAC for the gateway to the ARP table manually and see if it connects. I also manually added a FW rule to pass all traffic from the gateway (shouldn't be necessary but just in case)
-
EUREKA!
Finally the WAN is working.
The Pi also couldn't connect.
So, while I had tried this already once before I again tried rebooting the cable modem with the netgate connected. That worked this time. Seems somehow it does lock in to the MAC of certain devices. I don't understand why all the different retail wifi/gateways were working but at this point... I don't care.
Thanks @stephenw10 for your help. it is MUCH appreciated!
-
Ah nice result! Yeah that can be hard to get past if you think you've already disproved something.
