Give router name on tracert?
mystycs last edited by
Is there a way to give these routers a name like when i do tracert it shows
5 9 ms 43 ms 10 ms 126.96.36.199
6 14 ms 17 ms 13 ms rtr2-ge1-1.mhe.hcvlny.cv.net [188.8.131.52]
7 * 11 ms 14 ms 451be079.cst.lightpath.net [184.108.40.206]
8 15 ms 19 ms 24 ms rtr3-tg10-1.in.nycmnyzr.cv.net [220.127.116.11]
Those cool domain names next to the ips and so on, Can that be given to routers on pfsense?
Shouldn't be a problem, just put them in the Host Overrides section of the DNS page.
t310:/home/stan # traceroute cox.net traceroute to cox.net (18.104.22.168), 30 hops max, 40 byte packets using UDP 1 pfsense.home (172.16.0.1) 0.057 ms 0.049 ms 0.039 ms 2 Cox-Modem.home (10.48.32.1) 9.215 ms 8.985 ms 7.923 ms 3 172.21.0.204 (172.21.0.204) 11.277 ms 11.449 ms 10.334 ms ... ...
to be honest if you gave your pfsense a name and your using it for dns it should be already there.
That may work for the pfSense box but not for the upstream unnamed devices like cable modems as seen on my 2nd line of the traceroute above. Without the entry it looks similar to the 3rd line with no useful name, just the IP duplicated.
A cable modem would NOT be seen in a trace.. Your double natting there - actually your triple natting.. Why anyone would set something up like that is beyond me..
But sure you can setup whatever you want for private IP space, you could even over ride the public space with a name if you wanted.
but cable modems provide an IP from your ISP to the device connected to the cable modem, be it a router or pc - they should not be a hop.. So I would assume you have a cable "gateway" and then some other router or your ISP nats you as well, etc.
Your first 3 hops are all private IP space.
You can see in in my trace after pfsense I hit my ISP device on a public IP, not my SB6120 Cable Modem.
traceroute to www.google.com (22.214.171.124), 30 hops max, 60 byte packets
1 pfsense.local.lan (192.168.1.253) 0.266 ms 0.216 ms 0.238 ms
2 c-24-13-176-1.hsd1.il.comcast.net (126.96.36.199) 15.441 ms 15.514 ms 38.060 ms
I have my pfSense box connected directly to a Motorola SB6120 which is a straight cable modem as far as I know, no user configuration options aside from a reset button and only a power, coax and single Ethernet port on the back.
You can view the 6120 modem's internal status pages at 192.168.100.1 but it gives no clue about addressing beyond that so maybe the 10.48.32.1 is the first upstream Cox piece of equipment that has an IP address.
The network above the pfSense box 172.16.0.1 is out of my control and is whatever Cox Cable has configured.
Trace with no entry for the cable modem - or whatever that IP is on line 2:
t310:/home/stan # traceroute pfsense.org traceroute to pfsense.org (188.8.131.52), 30 hops max, 40 byte packets using UDP 1 pfsense.home (172.16.0.1) 0.157 ms 0.143 ms 0.118 ms 2 10.48.32.1 (10.48.32.1) 7.883 ms 7.725 ms 9.682 ms 3 172.21.0.206 (172.21.0.206) 9.803 ms 9.723 ms 11.726 ms 4 184.108.40.206 (220.127.116.11) 11.542 ms 10.452 ms 9.524 ms 5 18.104.22.168 (22.214.171.124) 10.977 ms 10.832 ms 10.168 ms 6 126.96.36.199 (188.8.131.52) 24.517 ms 23.429 ms 21.318 ms 7 184.108.40.206 (220.127.116.11) 25.420 ms 23.726 ms 22.834 ms 8 xe-2-2-0.cr2.lax112.us.above.net (18.104.22.168) 22.615 ms 25.782 ms 23.097 ms 9 xe-3-1-0.cr2.iah1.us.above.net (22.214.171.124) 48.119 ms 46.022 ms 45.781 ms 10 xe-3-2-0.cr2.dfw2.us.above.net (126.96.36.199) 47.706 ms 69.883 ms 57.478 ms 11 xe-0-1-0.er2.dfw2.us.above.net (188.8.131.52) 49.093 ms 46.833 ms 46.674 ms 12 Core-Nap.us.above.net (184.108.40.206) 57.698 ms 56.656 ms 55.615 ms 13 * * * 14 * * * -- snip -- 28 * * * 29 * * * 30 * * *
phil.davis last edited by
2 10.48.32.1 (10.48.32.1) 7.883 ms 7.725 ms 9.682 ms 3 172.21.0.206 (172.21.0.206) 9.803 ms 9.723 ms 11.726 ms
Those are both in private IP address space. If they are not boxes in your own upstream installation, then that means your ISP is being "naughty" and using private IP address space in their internal network. If those IP addresses, particularly hop 2 that you go to first from pfSense, happen to conflict with your own private address there is trouble.
We are seeing this in Nepal nowadays. One ISP seems to use 10.20.0.0/16 address space, so it is just lucky that we didn't choose that for our own intranet. And of course that means we don't get even a dynamic public IP, so we can't have a VPN server, web server… available for connection from outside.
When the ISPs run out of public address space to use for their internal routing, they should be using the Carrier Grade NAT address space 100.64.0.0/10
Well now that I notice the times, 7 some ms – that points to being outside your lan yes.
2 10.48.32.1 (10.48.32.1) 7.883 ms 7.725 ms 9.682 ms
I would really contact your ISP about this.. Does inbound unsolicited traffic work? In other words are they giving you a 1:1 Nat or is inbound traffic blocked to you?
IPv4 space is tight yes, but I would assume you have been customer for quite some time.. Should be no reason not to give you a public IP to work with.
Have they enabled ipv6? Guess you could always go with a tunnel if you want to have a public ip for inbound traffic
The Cox Cable tech support folks position is that they are within the RFC 1918 rules with these addresses as they stay on the private Cox Cable system and are not passed to the Internet. There is some discussion of this use of 1918 addresses by Cox but Cox Cable isn't interested in buying a pile of v4 addresses to move the huge number of systems they have set up this way, maybe holding out for IPv6 to make it all go away. It would be a big help if they would at least publish the ranges they are currently using and ones they plan on expanding to so you could pick a safe range for your local network but they don't.
Cox Cable's 1918 use topic: http://www.dslreports.com/forum/r28510902-LA-Cox-routing-class-C-over-the-internet-
Inbound does work but Cox Cable gets really cranky if you use it for anything server related (www, ftp and other protocols) but so far haven't gotten unhappy about VNC. I can get a static IPv4 address for an rather steep additional price, just not worth it for my needs.
IPv6 is promised someday but is still in testing, has been at this stage for a couple years now. They are listing older IPv4 only modems as unsupported now although so that may either indicate some IPv6 progress or just be related to the DOCSIS 2 to 3 cable modem transition.
For now I use dyndns to get to my system from outside but with their new rules on activation being such a pain I'm about ready to just stuff my current IP into my personal domain's DNS and hope my home IP doesn't change at an unfortunate time. In four years it has changed once and that was when I moved from a DOCSIS 2 to 3 modem so next time I miss a dyndns activation I'm going to risk it.