Static IP Wan -> no internet



  • Setup:

    Cable modem -> router -> Pfsense Wan -> Pfsense Lan -> PC

    I use Pfsense 2.03

    When i use dhcp for the wan side i have internet.

    When i use a static ip for the wan side i have internet.

    So now i'm rebooting pfsense and i don't have internet anymore.

    when i change the wan side for DHCP i have internet.

    anyone knows how to solve this problem.



  • Most likely your ISP assigns IP addresses via DHCP and your attempt to assign an IP address statically will fail.



  • i use a private ip  address for the  wan si de.
    router  192.168.11.1

    pfsense wan 192.168.11.xxx

    pfsense plan 192.168.1.1

    l



  • If the WAN is connected to a typical ISP then that won't work.  For several reasons.  Here are the two biggies:

    1. The pfSense WAN must be configured accordingly to the equipment at the other end.  Such as DHCP or static address, DNS, gateway, etc.

    2. 192.168.x.x is private address space and is not routed over the internet.



  • taktje, it looks like you are using double NAT

    router  192.168.11.1

    pfsense wan 192.168.11.xxx

    pfsense plan 192.168.1.1

    Do you have a cable modem/router or a separate router between the cable modem and pfSense?

    If a separate router, what is it doing?  It would be better to connect pfSense directly to the cable modem.

    If it's a combined modem/router can you bridge it (turn off the routing) and use pfSense to do that?



  • it's a seperate router.

    i know i am doing double nat.
    i am  testing pfsense at home for fun.

    why does everything works fine When  the  wanside get's An ip from dhcp?
    i don't see why setting a static ip/24 and gateway of 192.168.11.1 won't work


  • Banned

    @taktje:

    why does everything works fine When  the  wanside get's An ip from dhcp?

    Because DHCP does not misconfigure things, unlike you?  :-*



  • Its a matter of policy - Much like assigning a static IP in the DHCP range isn't good for you on pfsense, so its the same for them.  :-X  (kiss free zone)



  • Because DHCP does not misconfigure things, unlike you?  :-*

    Thx nice answer ;D
    i only want some help and this  helps alot.


  • LAYER 8 Global Moderator

    And what are you setting for the mask and gateway?

    I have yet to see a soho router that cares if your IP is static or dchp as long as your on the correct network.  And nothing is stepping on the IP your using, via a dhcp on another box.

    if you router your behind is 192.168.11.1/24

    Then you should have not issues setting pfsense lan as 192.168.11.2/24 with gateway of 192.168.11.1

    What are you using for dns?  I find sometimes when users say they have no internet, what it means is that www.something.com does not resolve..  Can you ping 192.168.11.1 from wan of pfsense, from lan side of pfsense

    edit: fixed typo of what gateway to use ;)


  • LAYER 8 Global Moderator

    yeah My bad - corrected ;)



  • My setup is :

    Cable modem

    Router wan ip 82.73.xxx.xxx

    Router lan: DHCP 192.168.11.100 - 192.168.11.255
                    Netmask:    255.255.255.0 
                    Gateway:      192.168.11.1

    Pfsense :WAN            192.168.11.39/24 (static ip)
                Netmask      255.255.255.0
                Gateway      192.168.11.1

    Pfsense: Lan              DHCP 192.168.1.10 - 192.168.1.255
                Netmask        255.255.255.0
                Gateway        192.168.1.1


  • Rebel Alliance

    And What about  your DNS Servers settings ?



  • Here is the thing.  Is this the USA?  If so, they like to hold you hostage with DHCP.
    They will give a consumer an IP via DHCP and change it periodically.
    They could just as easily give you a static IP but they know that if they do that you can run a server there.
    So, they will pull out all the stops to make sure you never get a static assignment to work…

    UNLESS you pay them extra for a "business" connection, which is pretty much the same connection you have now except they don't hamstring you with dynamic IPs and blocked port 25 "for your safety".

    If you pay them more, they will allow what you are trying to do and stop screwing you on port 25.  Its extortion.



  • You know what?  It actually takes effort on the part of an ISP to make internet this broke.
    A business connection is basically just an un-tampered-with, unmolested connection with simple bandwidth limits.

    (End of ISP rant - My advice is go with the DHCP setup on WAN and get yourself a DynDNS account)


  • Banned

    To move this somewhere: what's exactly "no internet"?

    traceroute 8.8.8.8
    traceroute www.google.com



  • I had the exact same thing happen to me and none of my settings were wrong.  Doesn't take a genius to type in an IP address and a subnet.
    However, I knew what was going on.  Its the ISP - If you want a static IP they will make you buy one.


  • Rebel Alliance

    @kejianshi:

    I had the exact same thing happen to me and none of my settings were wrong.  Doesn't take a genius to type in an IP address and a subnet.
    However, I knew what was going on.  Its the ISP - If you want a static IP they will make you buy one.

    Where, the ISP comes to Play in the OP Scenario ?

    Setup:

    Cable modem -> router -> Pfsense Wan -> Pfsense Lan -> PC

    My setup is :

    Cable modem

    Router wan ip 82.73.xxx.xxx

    Router lan: DHCP 192.168.11.100 - 192.168.11.255
                    Netmask:    255.255.255.0 
                    Gateway:      192.168.11.1

    Pfsense :WAN            192.168.11.39/24 (static ip)
                Netmask      255.255.255.0
                Gateway      192.168.11.1

    Pfsense: Lan              DHCP 192.168.1.10 - 192.168.1.255
                Netmask        255.255.255.0
                Gateway        192.168.1.1

    it's a seperate router.

    i know i am doing double nat.
    i am  testing pfsense at home for fun.

    why does everything works fine When  the  wanside get's An ip from dhcp?
    i don't see why setting a static ip/24 and gateway of 192.168.11.1 won't work



  • Hmmm.  I was under the impression he was trying to static IP on the pfsense connected to the modem.
    That might have been wrong and if so, then yeah - My rant wouldn't apply.

    If he is double NATing, should be easy so long as OP assigns different IP to the WAN on pfsense2 than is on pfsense1, puts it outside the DHCP range on the LAN (assuming DHCP is running) and unchecks the block private IP block.



  • taktje-

    Can you ping your cablemodem through the pfsense box?

    c:>ping 192.168.100.1



  • Are you kidding me?

    There is nothing to ping at 192.168.100.1

    cable modem gives a wan ip to my router of 82.73.xxx.xxx

    I think it's a DNS issue.

    I set everything to "default settings" (again) and try again.


  • Banned

    As already requested a couple of hours ago…

    traceroute 8.8.8.8
    traceroute www.google.com



  • So, by doing this for fun, you mean having fun watching us chase our tails?



  • Problem solved  :D

    Had wrong DNS settings.

    And i'm doing this for fun and to learn.
    My goal is to setup a hotspot at a campground with Pfsense and some Ubiquiti Nanostations M2 (great stuff).

    Thx all



  • doktornotor - I think you were on the right track way back.



  • i know.

    lack of time and some private stuff.
    have not worked on pfsense for a long time so i am starting from the  beginning.


Log in to reply