Newbie struggle…

  • I've trolled the forums for the past couple days… I see some similar issues, but have struggled to apply them directly to my situation, so I'm posting what is hopefully not an exact repeat question... I have a Motorola cable modem > Cisco 800 series router which are both supplied by my ISP.. the Cisco serves static IP's to me, and my understanding is it is in Bridge mode... Historically I just plugged in a commercial router... entered the WAN IP/Subnet Mask/Gateway and off I go... connect my switches and things work... After replacing my 4th commercial router, I decided to try to repurpose an old PC to a PfSense router... but I am no network expert...and am stumbling my way thru this... I've gone thru setup, and I can reach the Web configuration tool... I have entered my info via the Wizard... but I cannot reach the Web.  I cannot ping any outside addresses either from the GUI itself, or needless to say, a client.  What stands out to me is that under Status>Gateway I have a "Pending" message... Was hoping for some direction on this... for the time being I had supplied OpenDNS DNS addresses in the General setup... and disabled DNS Forwarding...

  • Netgate Administrator

    Please could you give us some IP details for any/all devices and interfaces in the chain.
    It seems odd to me that you would have a modem then a router then another router. What is the purpose of the Cisco router if it's in bridge mode?


  • I'm assuming the ISP Router is there to provide the static IP that I have thru my ISP… the modem is a cable modem…

    I am provided 5 static IP's thru the single gateway by my ISP (but I only use 1)… so I have available via the gateway on Subnet Mask (/29).  If I plug the modem directly into pfsense… I get a dynamic IP, and I am able to ping the internet from the main menu… when i try to assign a static IP to the WAN interface… I use / 29 as my IP address… and as gateway… but pfsense won't even take the gateway IP when I try to enter it thru the main menu, it will simply keep asking for it over and over… it will take it via the GUI, but as I indicated, it clearly doesn't accept it, as it never show's available. For the LAN side I have simply accepted the default IP setup for now while I'm just trying to get it to work.

    Thanks again for any help…

  • additional info… my apologies.. the Cisco does NOT operate in bridge mode… it is a "router", but does not operate a firewall, but simply is there to provide the static IP addresses for my location…

  • Netgate Administrator

    So have you tried the pfSense box behind the Cisco router, in place of your previous failed router?

    I'll ask this right now because a lot of people seem to be falling foul of it recently; have you added a gateway on the pfSense LAN interface? You shouldn't have. If you go to System: Routing: Gateways: the only gateway there should be the WAN gateway and it should be set as default.

    Maybe the gateway device doesn't respond to pings? Maybe the Cisco router is the gateway device normally? In that case you can disable gateway monitoring or change the IP to some external device that does respond in System: Routing: Gateways: (edit gateway).


  • Stephen…

    I have tried the pfSense box behind the Cisco router… the problems I'm describing I've done while connected.

    I have no gateway selected on LAN, as u indicate, I had seen that problem all over the forum.

    When you say maybe the device doesn't respond to pings… is that what pfSense would be doing to test the gateway?  I'm not exactly sure what you mean by "normally", but yes, I have always assumed the Cisco router is my gateway device… I'm also not really sure what you mean by the last part… changing the IP to some external device… i'm not sure what you mean by external? and where in pfSense do you disable gateway monitoring?

    thanks for your help…

  • Netgate Administrator

    Ah sorry I skipped a few steps there.  ;)

    Yes, pfSense uses the apinger service to monitor it's gateways. This pings each gateway at a default of 1sec intervals. The data is then used for the packet loss and latency graphs and also to failover to another gateway in the case that limits are exceeded.

    The service can be disabled or tuned by using the webgui menu:
    System: Routing: Gateways tab. Then editing the WAN gateway. You can change the monitored IP to something else on the WAN side. The closer to the WAN interface the better (hence using the gateway by default) but you can also use any public IP that responds to pings like

    By 'normally' I meant in the previously working setup, presumably what was recommended by your ISP.

    I would expect pfSense to work without any complications if it replaces you previous failed router behind the Cisco router.

    I would also expect to be able to replace the Cisco router with pfSense but that would require more knowledge of how your ISP is delivering your static IPs.


    Edit: typos

  • thank you, that all makes sense… I'll definitely try to disable that, and see if i can get it to work…

    I did try to replace the Cisco w/ pfSense… I thought maybe I could "MAC spoof" the modem…. and then basically let pfSense be the gateway… I tried to get the MAC of the Cisco from an IP scanning program I have, but for some reason that MAC was not accepted… so I didn't take that any further, but that might be an approach if disabling gateway monitoring fails…

    thanks again for your help…

  • life is good… problem solved... despite the fact it was my own ignorance...

    i was inputting my gateway as rather than ... that darned zero was killing me.... for some reason i have to believe the commercial routers and my laptop must correct the same error for me.. as i can't believe i only made this mistake w/ pfSense... but at this point I don't care...

    thank you Stephen for your assistance....

  • I just tried to enter stuff like a.b.c.09 in LAN interface static IP, adding a gateway on the interface page, adding a DNS server IP, editing a gateway IP. On 2.1.1 none of those let me enter anything like
    It would be interesting to know where and how you entered that - then we can check that it validates it properly in 2.1.1.

  • Netgate Administrator

    Hmm, interesting discovery.
    I wouldn't have expected it to make any difference. 9, 09 or 009 all result in the same binary number 0000 1001. Leading 0s mostly just clipped automatically in anything I've ever coded with. If that's not happening then, yes, the input validation should catch it.


Log in to reply