Comcast Dual Stack in Washington - IPv4 not working, IPv6 does…



  • Okay, I've been at this way too long.

    On saturday, I brought my PFSense install to current.  Rebooted and no longer had internet connectivity.
    I have rebooted and reinstalled PFSense several times at this point over the course of the weekend, and the current situation is thus:

    IPv6 sites work from any machine.
    IPv4 sites do not.
    DNS resolveds IPv4 address using the DHCP addresses.
    Ping to the IPv4 fails - either 'no route available' or 'TTL exceeded'.

    I wiped the configuration to default.
    I even turned off IPv6 for a while to see if that was the issue.

    I have seen a few non-routeable IPv4 addresses assigned to PFSense, and release / renew - often with a modem reboot - will result in picking up a real IP.

    I am posting this from work without any configuration screenshots due to the fact that, as of today, I only have IPv6 access at home which had made researching a solution a bit of challenge.

    I have discovered that Comcast updated my area to Dual-stack as of Friday 9/20/2013.  After 8 calls into Comcast support to get help, I've come to the conclusion that the support group doesn't even know the change occurred, much less the difference between an IPv4 / IPv6 address.

    Direct plug into a Windows 7 machine works both IPv4 / IPv6.
    Cloning the Windows 7's MAC address to the PFSense WAN does not help.

    So, anyone have hints what to look for that would allow a clean / default install of PFSense 2.1 Release to handle IPv6 but fail on routing IPv4?

    WAN interface: IPv6 and IPv4 set to DHCP.
    LAN interface: IPv4 static (172.31.0.1), IPv6 set to track WAN DHCP.
    DHCP server setup for IPv4 addresses (Range: 172.31.0.100-199, SM /24, GW 172.31.0.1)
    All other settings left to defaults.



  • I have finally discovered the answer to this issue, and a reasonable explanation of what happened.

    The issue was that PFSense, during install, had added a default route to the first IP it received from the Motorola SB6121 modem - that being 192.168.1.1.

    I have figured out that when the modem initializes, for a brief time it assigned the 192.168.1.100 address to the system it is connected to so that you can pull up a status page to see what is happening with the modem.  This is the route that PFSense added during install.

    Thus, when it finally pulled a public IPv4 & IPv6 address, only the IPv6 address has the correct route.  The IPv4 connection was still set to use the outbound route to 192.168.1.1, regardless of the address in question.

    This only started occuring with what appears to have been an update to the modem with the rollout of IPv6 by Comcast on 9/20, which is why I apparently never experienced it before.  I mainly have to guess at this since I do not know when a firmware or setting update occurred to the DOCSIS modem.  From what I have read, however, that is completely controlled by the ISP - in this case Comcast.  To re-address the modem via IPv6, however, an update to the settings was required.



  • The 192.168.100.x addresses handed out by DOCSIS modems prior to registration are very short leases, and a proper address provided by your ISP's DHCP server should have been assigned within 30 seconds of the modem completing registration. At this point pfSense should have updated the default route.

    If your modem is DOCSIS 3.0 it likely didn't need a firmware update at all. The reconfiguration for IPV6 happens at the CMTS end of the connection with your modem only needing a reset. For a modem to be certified for DOCSIS 3.0 it must support dual stack out of the box.


Log in to reply