New ISP, settings wont work (Resolved)

  • So I've had my pfSense firewall up and humming away for 4 months now. Today ive beem forced to change ISPs and I gave been unable to get their settings to work.

    So far Ive plugged straight into the equipment the telecom gave me and with a static IP in the range they gave me I can get online and surf just fine. Next I unplugged from my laptop and removed my current WAN cable from the firewall and plugged in the new ISPs line. Then I updated the WANGW to reflect my new gateway and changed the DNS servers on the General page to those supplied by my ISP with thrown in for good measure. Finally I changed the WAN interface address to the IP adress right after the gateway in the range I was given.

    These are the same settings that I put into my laptop when I connected without the firewall and yet it will not let me pass traffic either way. Ive double checked my Firewall Rules and made sure that my 'Allow LAN to any rule' was still in place, and the 'Block local networks' option was also unchecked on whatever page its on.

    Ive got a telecom tech calling me in an hour but I doubt he is going to be any help if its my equipment that isnt working.

  • If they the Telecom doesn't suggest it (and they really should), try a reboot of their equipment.

    Their modem may memorize the MAC address of your first connection and no recognize your pfsense box right away.

    Have you tried to ping from the pfsense console shell as a simple test of connectivity to the internet?

  • Netgate Administrator

    Can you ping external IPs or URLs from the pfSense box? (Edit: Already asked ^.  ::))

    Do you have multiple gateways on the pfSense box? Possibly you removed the default gateway and now some rogue gateway has become default.


  • Thank you for your replies. It turns out my knowledge of pfSense was up to snuff, but not my knowledge of IP address blocks. Apparently I was trying to squat the pfSense interface on an address that is used by a piece of equipment my telco uses for 'redundancy.'

    Apparently out of the block of 8 IP addresses they gave me there were only 3 usable. They had two blocked off for normal uses like Gateway and Broadcast (expected) but then they had 3 more blocked off for other pieces of their equipment. So I was simply trying to use the wrong IP address. As soon as I changed it over to the one recommended by the tech it came up instantly.

    On a not so funny side note, as soon as our connection came back up, after 6 hours of being down during business hours, we flooded our EOP gateway with so many messages at once that they blacklisted our IP. Thankfully I had a spare address and I was able to reassign the pfSense interface IP and get our mail flowing again. I'm still waiting on a response from Microsoft's Delist team about the original address though. I should probably go see if there are other Blacklist services that partner with Microsoft too.

Log in to reply