Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Comcast Business Modem Prefix is different than PFSense prefix, is that an issue?

    Scheduled Pinned Locked Moved IPv6
    15 Posts 5 Posters 803 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      davidg1982
      last edited by

      I have an issue where my IPv6 routing for the LAN stops working. Link-Local stops working, Public IPV6 stops working. PFsense continues to work, but the LAN doesn't work. I've been trying to get IPv6 working on my Comcast business line, but I have not had much luck. The thing that concerns me is that my Comcast modem Prefix is different from PFSense's prefix. Is that a problem? Can that result in me losing connectivity after...let's say, a day? Here is my setup. Is my setup correct?
      2.7.2-RELEASE (amd64)
      2024-08-02_11-03.png
      2024-08-02_11-06.png
      2024-08-02_11-11.png 2024-08-02_11-10.png 2024-08-02_11-09_2.png 2024-08-02_11-09_1.png 2024-08-02_11-09.png

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @davidg1982
        last edited by

        @davidg1982

        Humm.
        Seeing this :

        ba89b970-f282-4fab-9749-b280d2ca6de7-image.png

        I would expect a a first prefix like this 2603:3ooa:13o5:f6oo::/64
        A second 2603:3ooa:13o5:f6o1::/64
        and so on, up until 2603:3ooa:13o5:f6ff::/64 being number 254.

        Not sure why pfSense 26o3:3ooa:13o6:o3oo::/64 came from.

        But, hey, if it routes, go for it ^^

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        D JKnottJ 2 Replies Last reply Reply Quote 0
        • D
          davidg1982 @Gertjan
          last edited by

          @Gertjan Exactly. That's what I thought logically would happen.

          1 Reply Last reply Reply Quote 0
          • JKnottJ
            JKnott @Gertjan
            last edited by

            @Gertjan

            I'm trying to make sense of what you're talking about. You're talking about the modem address. Where do you show it? I just checked and my modem's address shares only the first 32 bits with my WAN address and neither has anything to do with my prefix.

            BTW, it would probably work better if you used the number 0, instead of the letter o in the addresses. 😉

            PfSense running on Qotom mini PC
            i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
            UniFi AC-Lite access point

            I haven't lost my mind. It's around here...somewhere...

            D 1 Reply Last reply Reply Quote 0
            • D
              davidg1982 @JKnott
              last edited by

              @JKnott The Comcast Modem is saying the Delegated prefix (IPv6): 2603:300a:1305:f600::/56 , however PFsense is assigning 2603:300a:1306:300::/64.

              JKnottJ 1 Reply Last reply Reply Quote 0
              • JKnottJ
                JKnott @davidg1982
                last edited by

                @davidg1982

                With mine, the modem also shows a different prefix than pfSense. I suspect the modem prefix is what would be used if it was in gateway mode and not bridge mode. Regardless, if you want to see what you should get, you can do a DHCPv6 capture and examine the capture.

                What modem do you have? I'm on Rogers and have a Technicolor CGM4140COM. They use the same equipment as Comcast.

                PfSense running on Qotom mini PC
                i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                UniFi AC-Lite access point

                I haven't lost my mind. It's around here...somewhere...

                1 Reply Last reply Reply Quote 0
                • P
                  PlyrStar93
                  last edited by PlyrStar93

                  abc.png

                  Did you manually set the IPv6 address on your pfSense WAN interface (c) to be the same /64 of the WAN shown in the modem (a)? This is not correct. If you didn't manually set the pfSense WAN IPv6, how did you manage to make it like that?

                  (c) It should be within the first /64 of the "delegated prefix" (b) of the modem. WAN is usually set to DHCP6 and automatically gets the address. Then have your LAN set to track interface or manual (normally, the LAN should be able to get a /59 delegation).

                  --

                  1722615185349-2024-08-02_11-09.png

                  This part, assuming it's your WAN interface setup, is also incorrect. It should not be /56. I put it as /64 and uncheck "Send IPv6 prefix hint".

                  JKnottJ 1 Reply Last reply Reply Quote 0
                  • JKnottJ
                    JKnott @PlyrStar93
                    last edited by JKnott

                    @PlyrStar93 said in Comcast Business Modem Prefix is different than PFSense prefix, is that an issue?:

                    This part, assuming it's your WAN interface setup, is also incorrect. It should not be /56. I put it as /64 and uncheck "Send IPv6 prefix hint".

                    It is correct, assuming Comcast hands out /56 prefixes. That tells the ISP how big of a block to allocate. If he uses 64, he will receive only a single /64, instead of 256 of them.

                    PfSense running on Qotom mini PC
                    i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                    UniFi AC-Lite access point

                    I haven't lost my mind. It's around here...somewhere...

                    P 1 Reply Last reply Reply Quote 0
                    • P
                      PlyrStar93 @JKnott
                      last edited by

                      @JKnott said in Comcast Business Modem Prefix is different than PFSense prefix, is that an issue?:

                      It is correct, assuming Comcast hands out /56 prefixes. That tells the ISP how big of a block to allocate. If he uses 64, he will receive only a single /64, instead of 256 of them.

                      @JKnott That should be true if he is requesting prefix from Comcast directly and not from within the modem's 2603:300a:1305:f600::/56. I still wonder how he manages to do this on a Comcast business line, it just looks like he brought in his own non-gateway modem and put the Comcast provided one aside.

                      When requesting prefix from the modem's /56, it will only hand out /59s and the modem doesn't seem to respect what I put there but if I put /56 it would not get a prefix if I remember correctly.

                      JKnottJ 1 Reply Last reply Reply Quote 0
                      • JKnottJ
                        JKnott @PlyrStar93
                        last edited by JKnott

                        @PlyrStar93

                        If he's requesting a prefix from the modem, then all he'll get is a /64 on the pfSense WAN interface, leaving nothing for the LAN. The modem has to be in bridge mode and then pfSense can request anything up to whatever Comcast offers. Gateway mode, which is what you're in if you get a prefix from the modem, is for just a simple, single prefix network, without a customer owned router in between the modem and LAN.

                        PfSense running on Qotom mini PC
                        i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                        UniFi AC-Lite access point

                        I haven't lost my mind. It's around here...somewhere...

                        P 1 Reply Last reply Reply Quote 0
                        • E
                          eagle61
                          last edited by eagle61

                          Did you solved the problem in the meantime?

                          If not try the following, since your Modem seem not to be in Modem-Mode but in Router-Mode:

                          • Switch Modem into Modem-Mode
                          • Switch pfsense WAN-Interface into PPPoE-Mode.
                          • Configure PPPoE on the pfsense (how to do so you will find Netgate help).

                          The pfsense will then get an ipv6-Prefix and LAN and all other subnets will also get Prefix depending from the WAN-Prefix too.

                          The modem will not get any ipv4- or ipv6-Adress anymore

                          That's how i did it with my Modem (Vigor 167), because ipv6-Prefix delegation was not working with Vigor 167 in Router-Mode very well

                          And in case you wanna still keep the modem in Router-Mode,
                          The pfsense must ask for a 57 prefix (DHCPv6 Prefix Delegation size at WAN DHCP6 Client Configuration), not a 56 prefix. If if you have the pfsense behind another Router, the prefix of the sense should ask for is 1 bigger then the prefix of the router (eg. 56 + 1 = 57).
                          Also the Modem in Router-Mode must be aware it will be asked for Prefix-Delegatin. I do not know about your Modem, bit i did so for testting purposes with an in Germany very popular FritzBox. By default the FritzBox does not offer prefixed to devices in its LAN. The Setup of the FritzBox neetds to be changed so the FritzBox will deliver Prefixes instead of an IP-Adress to a pfsense in the LAN of the FritzBox.

                          P 1 Reply Last reply Reply Quote 0
                          • P
                            PlyrStar93 @JKnott
                            last edited by PlyrStar93

                            @JKnott said in Comcast Business Modem Prefix is different than PFSense prefix, is that an issue?:

                            If he's requesting a prefix from the modem, then all he'll get is a /64 on the pfSense WAN interface, leaving nothing for the LAN.

                            That I know is not the case for Comcast Business gateways. The CBR-T should have a /56 prefix given if looking at the Comcast Network tab. The pfSense LAN can get a /59 from it. In my case below, 2603:X:X:6040::/59

                            The pfSense WAN would only need a /64 to link to Comcast's gateway, in this case 2603:X:X:6000::/64

                            cbrt-info.png
                            pfsense-interfaces-stats.png

                            Check the interface status, you see the PD is indeed a /59
                            pfsense-interfaces-stats-detail.png

                            This is despite what I put in the DHCP6 Client Configuration at the WAN. All WAN and LAN settings are just the out-of-the-box ones as if pfSense just installed or reset.
                            Screenshot 2024-08-07 at 09-38-19 pfSense.home.arpa - Interfaces WAN (ixl0).png Screenshot 2024-08-07 at 09-38-44 pfSense.home.arpa - Interfaces LAN (ixl1).png

                            @JKnott said in Comcast Business Modem Prefix is different than PFSense prefix, is that an issue?:

                            The modem has to be in bridge mode and then pfSense can request anything up to whatever Comcast offers.

                            You are likely correct here, I have suspicion OP set it to bridge mode. It may be causing problems with the IPv6 routing (due to some proprietary Comcast stuff) but I don't have an environment where I can test bridge mode.

                            E 1 Reply Last reply Reply Quote 0
                            • P
                              PlyrStar93 @eagle61
                              last edited by

                              @eagle61 Most of these may be specific for your internet service provider but don't apply to Comcast. Comcast don't use PPPoE anywhere in their network.

                              1 Reply Last reply Reply Quote 0
                              • E
                                eagle61 @PlyrStar93
                                last edited by eagle61

                                @PlyrStar93

                                The shown configuration for IPv6 can't work.
                                You did not ask specifically for a IPv6-Prefix.
                                But you need to do so.

                                Go to Interfaces / WAN
                                Try to check the following in "DHCP6 Client Configuration"-section

                                • "Use IPv4 connectivity as parent interface" (this might not be necessary in the US). You can check and uncheck for testing. In Europe historical reason in the Network will need to check that.
                                • "Request only an IPv6 prefix" This must be done if you don't ask a Prefix you will not get one
                                • "Send IPv6 prefix hint" Also this must be done
                                • also it could help to also check "Do not wait for a RA"
                                • last but not least: Your Modem gets an /56 Prefix. So put "DHCPv6 Prefix Delegation size" to 57 now it is set on 64
                                  That's how it usually works behind a Router that get its own IPv6-Adress and a /56 Prefix as your NT gets it from your ISP

                                Give it a chance. I have had the same done just a month ago. And i did also not have done all like above before, with the same result as you experience, wrong or none IPv6, no IPv-Connection

                                you need not to reboot the pfsense after any change

                                • /etc/rc.linkup interface=[Interface action=stop
                                • /etc/rc.linkup interface=[Interface] action=start
                                  in command line of your pfsense will stop and start the WAN interface.
                                  You need to replace [Interface] with Interface of your device. In your case ixl0

                                If you get an correct IPv6 on WAN you have also to go to LAN and all other local interfaces.
                                at Interfaces / LAN

                                • set in "General Configuration" "IPv6 Configuration Type" to "Track Interface"
                                • The "IPv6 Prefix ID" in "Track IPv6 Interface" can be at LAN "0" for each other local Interface, like WLAN, etc. it needs to be different, Eg 1 for WLAN, 2 for DMZ etc. The "IPv6 Interface" in this section is always "WAN"

                                In my case, me helped this very much:
                                https://docs.opnsense.org/manual/how-tos/ipv6_fb.html
                                Its for OPNsense, but its regarding WAN-PIv6 configuration the same as pfsense
                                And this was also helpful:
                                https://docs.opnsense.org/manual/how-tos/ipv6_dsl.html

                                1 Reply Last reply Reply Quote 0
                                • D
                                  davidg1982
                                  last edited by

                                  I am not sure why everything is working, but it's working. Perhaps my configuration will be of assistance in the future.

                                  1 Reply Last reply Reply Quote 0
                                  • First post
                                    Last post
                                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.