VDSL modem/router not assigning address to pfsense WAN interface

Installation and Upgrades
Log in to reply
  • H

    Hello all, I'm sure this question has been asked in many different ways already, I have poured over these forums looking for answers but none popped out.

    My problem is stated in the title, what I am trying to set up is the following:

    VDSL modem/router "zyxel C1000z I believe, the model escapes me as I am at work" –--> Homemade pfSense router with WAN/LAN/Wireless interfaces ----> LAN interface out to a switch, and wireless is to be set up later.

    I have reconfigured the pfSense box, and the DSL pppoe modem/router numerous times trying to get an IP on the pfSense box's WAN interface to no avail. I can tcpdump from pfSense and see that traffic is coming through it on the WAN interface, yet I can't reach the outside world through the DSL modem/router of course, since I cannot resolve to it.

    I have tried taking the dsl modem in and out of NAT, disabled the entire firewall portion, as well as the firewall on the pfSense box, etc.. no luck. I've also tried using my pppoe creds in the pfSense box but to my knowledge that should be of no use since the DSL modem/router would be authenticating for me through it's pppoe interface anyways.

    The vdsl modem/router is on a 192.168.0.1/24 network

    The pfSense box is on it's default 192.168.1/24 network "at least that is where I can get to the web GUI from, and that is what is set up for it's LAN interface through the DHCP server." I know this should probably be changed, and I have read that the pfSense WAN interface should possibly be set up with a NAT address on the same subnet as the main DSL modem/router. It should also be noted that at boot the networking init section hangs at "configuring WAN interface..." until it times out, of course this is likely due to no address resolution.

    I am likely missing something extremely simple, and the 10 or so hours I spent troubleshooting on it last night would have turned out to me a couple minutes. If you need more info I'll try to provide it from my memory until I get home. Thanks a ton if you can help, I know you get a lot of these simple issues with stupid simple solutions. :)

    0
  • S

    OK so – just to make sure we're both on the same page, from your description I think your network looks something like this:

    Internet <--> DSL Router <--> (WAN) pfSense (LAN) <--> SWITCH

    Basic things to check on the WAN interface:

    • is the cable actually in (layer 1)
    • run wireshark and verify ARPs are coming from pfSense (layer 2)
    • the WAN interface of pfSense needs to have an IP in the same subnet as the DSL router.  when you have the basic home/soho router, it will usually be 1 WAN port and 4-8 LAN/switchports.  these switchports ports are essentially like having a layer 3 switch, or a router and switch combo.  since all devices connected to the 4-8 switchports will find each other at layer 2 (ARP), they all need to have an IP address in the same subnet as each other.  (layer 3)

    On the LAN interface, you can still keep the 192.168.1.0/24 subnet, but you will have to add a static route on the DSL router to 192.168.1.0 255.255.255.0 via the IP on pfSense's WAN interface.  Or, you could use a routing protocol like RIP but I feel thats excessive.

    If all these are verified as being correct and there are no firewall rules blocking the traffic, then you may be looking at bad hardware.

    EDIT: forgot to add, you can set up a DHCP reservation on the DSL router so pfSense's WAN interface always gets the same IP, or you can assign a static one out of the DHCP range, but still in the subnet.

    0
  • P

    On the LAN interface, you can still keep the 192.168.1.0/24 subnet, but you will have to add a static route on the DSL router to 192.168.1.0 255.255.255.0 via the IP on pfSense's WAN interface.

    pfSense by default will NAT from LAN to WAN, so the front-end DSL-router will not see those LAN addresses anyway. Normally, there is no need for any special routes (or settings) on the front-end DSL device.
    You really can put a completely default pfSense install with WAN onto a front-end LAN as long as the front-end LAN and pfSense LAN have different subnets. pfSense WAN gets DHCP on the front-end LAN, pfSense NATs everything from pfSense LAN to WAN (=front-end LAN) and as far as front-end LAN is concerned, pfSense WAN is a single client that just seems to have a lot of connections coming from it.
    So don't mess with too many things - do a really default install first.

    0
  • H

    Thanks a lot for the tips. I am getting who-has ARP requests hitting pfsense from the front end DSL modem. I statically assigned 192.168.0.2 to the pfsense MAC addr "which is the same as the front end modem's" and it was listed as unknown in the modem's DHCP reservation list and then.. wallah! It got named pfSense dynamically. I am still having issues getting to the front end modem from the pfSense router though..

    pfSense interface list:

    WAN ipv4 192.168.0.2/24

    LAN ipv4 192.168.1.1/24

    It seems I am making headway though! About to go poke around in the pfSense web UI and disable the firewall to see if that is causing issues, though I cannot get into the web interface at this time via the address it should be on "192.168.1.1"…..

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2021 Rubicon Communications, LLC | Privacy Policy