PfSense 2.0 RELEASE Can't Cope w/ AT&T DSL Dynamic IP Change



  • On my AT&T Gateway, 2Wire 2701HG-B, every so often, because of street light interference, the DSL signal would go out and gateway needs to re-login, which causes my public IP to change.  pfSense 2.0 RELEASE is running on an Alix.2D3 board w/ no packages installed.

    I have the 2Wire in DMZ+ mode, but pfSense does NOT know that IP has changed so I must manually disconnect & reconnect the WAN interface from within the pfSense WebGUI.  After doing it so many times, I temporarily connected a Tomato Router running Toastman's latest build and it seems to detect the IP change and reconnected without intervention.

    I replaced the CF card w/ one running pfSense 1.2.3 and it seems to run OK and the interface took 15 minutes to re-connect after the change in IP which is MUCH better than pfSense 2.0 RELEASE.  I finally placed the gateway in "bridge-mode" which turned it into a dumb modem & pfSense 2.0 worked for weeks without issues.

    However, I've recently been forced to "upgrade" (feels like a downgrade) to U-verse which does NOT support "bridge-mode", best I can get is the same DMZ+ using a 2Wire 3600HGV VDSL2 Gateway.

    I'm wondering if there is some sort of thing I can do to force pfSense to renew the WAN to keep my Internet connection UP without manual intervention if & when the public IP given to pfSense changes.

    Any help would be greatly appreciated!!



  • Not sure how the Uverse RG works with dynamic IP, mine's static, but my former DSL modem's passthrough was just DHCP with a ridiculously short lease time (30 seconds IIRC). Aside from the log spamming inherent in renewing your DHCP lease every 15 seconds, it worked fine that way for years. How does that passthrough work? The DMZ+ from the looks of my RG shouldn't ever require changing the IP on the firewall, the RG handles everything automatically in a way that it doesn't matter if your firewall knows whether the IP changed (and it has no means of knowing).



  • DMZplus appears to try to "simulate" bridge-mode, but fails miserably if the public IP changes.

    The gateway will "Double-NAT" if I manually set it up in regular DMZ mode, and pfSense will get a 192.168.1.64 address which NEVER changes and everything is fine.

    Is it possible to make my personal webserver/fileserver Internet accessible if pfSense gets a private 192.168.1.64 with all its ports open in regular DMZ mode, and NOT the so called public IP pass-thru mode of DMZplus?



  • So it does pull its IP from the RG via DHCP in that passthrough mode, just the public IP? In that case it should act the same as the modem, with a very short lease time and the RG should hand it its new IP when it gets one. That apparently doesn't work right on the RG (damn things are buggy as hell if you try to do anything other than using it as your NAT device, so that wouldn't surprise me in the least). The firewall you put behind it isn't "detecting the IP change", the RG has to assign it the new IP via DHCP and such devices generally do so quickly by assigning very short lease times. If it's not handing out very short leases, it'll take time until the lease is renewed and the new IP picked up. Doing double NAT isn't the best thing in the world, but I would expect that to behave better on the RG, and its regular DMZ mode seems to work fine. There isn't a functional difference between the two.

    If I've learned anything in having the misfortune of working with those Uverse RGs on mine and several customers, it's do what works on the RG and be glad it's working. From its crappy stateful firewall that can't be disabled even with a static IP assignment (disable firewall doesn't disable anything), to numerous bugs throughout other things, those RGs suck.


Locked