Quick network setup with pfSense
-
I thought this question would be a simple one for the real pfSense guru's here! ;)
Basically I just got a SMC networks cable modem for high speed internet, and it does not want to "handshake" with my pfsense box.
I've set the IP of the modem to 192.168.0.98, the netmask to 255.255.255.0 and enabled the DHCP server with lease time forever. Everything else is disabled.
If I connect my slackware laptop to the modem, and execute the IP renewal, I get 192.168.0.11 and I can access the web.
Now, if I connect my pfsense router to the modem, and then plug my laptop to the router, I can get an IP from pfsense via DHCP, and fhe WAN side is configured to get an IP from a DHCP. In fact it gets 192.168.0.10 from the cable modem.
So everything is working normally, but I cant get on the WAN,..
What's the problem?
-
I looked in the modem options, there is really not a whole lot of options there…
Really, I can guarantee that pfsense is the problem. When my pfsense router stands between the modem and the laptop, its failure.... even the router cant access the web... I ping the modem IP and get 100% packet loss.
any clue?
-
@lpallard:
What's the problem?
You might have many problems, but lets start here: Please post the output of the pfSense shell command ifconfig -a.
-
Thanks for the reply wallabybob! I am just about to build a new pfsense box so I expect things to work smooth…
The output of ifconfig -a on the router gives (when plugged to the damn modem):
$ ifconfig -a fxp0: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500 options=9 <rxcsum,vlan_mtu>ether 00:09:6b:5a:59:d1 inet6 fe80::209:6bff:fe5a:59d1%fxp0 prefixlen 64 scopeid 0x1 inet 192.168.0.10 netmask 0xffffff00 broadcast 192.168.0.255 media: Ethernet autoselect (100baseTX <full-duplex>) status: active xl0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=8 <vlan_mtu>ether 00:60:08:4a:39:aa inet 192.168.0.100 netmask 0xffffff00 broadcast 192.168.0.255 inet6 fe80::260:8ff:fe4a:39aa%xl0 prefixlen 64 scopeid 0x2 media: Ethernet autoselect (100baseTX <full-duplex>) status: active lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384 inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 enc0: flags=0<> metric 0 mtu 1536 pfsync0: flags=41 <up,running>metric 0 mtu 1460 pfsync: syncdev: lo0 syncpeer: 224.0.0.240 maxupd: 128 pflog0: flags=100 <promisc>metric 0 mtu 33204</promisc></up,running></up,loopback,running,multicast></full-duplex></vlan_mtu></up,broadcast,running,simplex,multicast></full-duplex></rxcsum,vlan_mtu></up,broadcast,running,promisc,simplex,multicast>I also did that from my laptop, connected to the router. Works flawlessly.
eth0 Link encap:Ethernet HWaddr 00:1d:09:48:97:c8 inet addr:192.168.0.106 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::21d:9ff:fe48:97c8/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:970 errors:0 dropped:0 overruns:0 frame:0 TX packets:1061 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:790896 (772.3 KiB) TX bytes:141077 (137.7 KiB) Interrupt:17 -
Got it to work! But I wonder if it is normal and also if I did the proper thing…
Under Interfaces>LAN I selected WAN in the dropdown menu for "Bridge with" (it was set to None)...
Is that OK to do so?
-
In this instance, the cable modem is actually doing the NAT/ routing. If you want the pfsense as a NAT router (which it is much more robust), you need the SMC to bridge instead.
-
Thats a stupid SMCD3GN cable modem/router/everything-in-the-universe and I cant find option to deactivate the routing functions… Might have to call my ISP and get a basic cable modem from them.
-
Call your ISP and request for the tech to:
1) Login to the modem with the higher level admin account.
2) Select "Disable all commercial gateway functions" under the systems page.
No need to replace the unit at all. If your ISP is Rogers, try logging in as:
User name: cusadmin – Password: password
Or
User name: rogcesadmin – Password: wra8uje
-
Just called Rogers (you must be in Canada as well ;) and the tech guy deactivated the commercial roiuter functions, now it works perfectly.
I guess he deactivated everything but the modem function because even the web interface is gone..
-
What was wrong with your original configuration was that you had your WAN and LAN interfaces in the same IP subnet: 192.168.0.0/24. Consequently when you tried to access the modem (192.168.0.98) there wasn't a single interface for pfSense to use to access the modem.
If you had made your LAN interface 192.168.1.x/24 (and suitably modified the DHCP address range on LAN) you would probably have got a bit further.
http://forum.pfsense.org/index.php/topic,25373.msg131688.html#msg131688 links to some articles that explain IP addressing in more detail.
-
No. I live in a country where the political system is an Authoritarian Democracy but the way things work, it seems more like a Socialist Republic.
-
Thanks guys for your help! Very appreciated! I guess I'll read some of the documentation about IP addresses….