Comcast High Speed Internet and pfSense?



  • Hey gang,
    Sorry if this has been posted before, if so please direct me to the thread? Please?
    Comcast recently updated their network cabling in the city and since then pfSense will not work with the internet service. It works if I have my router handling DNS and DHCP before it hits my pfsense box, but what I want is the firewall to be in between the modem (WAN) and the routers/clients(LAN) so the firewall and caching is effective. I mean like what is going on here? I am certified in Comptia networking (C++) and general system analyst, IT, and a few others that are irrelevant to the issue. I am very confused as to why pfSense is not working correctly/like it should.
    Any help would be GREATLY appreciated!
    thanks,
                ~Jonathan


  • Netgate Administrator

    I would guess at some new authentication process. Could be they're using a VLAN, you'd be able to see that in a packet capture on WAN.
    Exactly what Comcast product are you connecting to? What modem? Any other info?

    Steve



  • In some places, you still need to clone the MAC of the router they provided and installed onto the pfsense WAN.  Maybe this is the case here?  Not sure.



  • @kejianshi:

    In some places, you still need to clone the MAC of the router they provided and installed onto the pfsense WAN.  Maybe this is the case here?  Not sure.

    I concur, I've had to clone the MAC address of my COMCAST Cable Modem.



  • For many (most?) modems, just power cycling the thing will allow it to "bond" it to a new MAC.



  • In my experience the problem is not the modem, but the provider refusing to connect to a different MAC. Sometimes it helps to wait some hours and you will get an IP even with a different MAC, but who wants to wait… ;-)


  • LAYER 8 Global Moderator

    So question – did it work before they did the wiring update with pfsense.  Or is the first time your actually trying to connect pfsense..  What actual modem you have, and what your using as your router might be helpful info.

    Not sure what dns has to do with anything - but if pfsense can not get an IP via dhcp, this is simple enough to troubleshoot with a sniff.  Do you not get an offer to your discover that goes out?

    As mentioned already - rebooting your cable modem when you change devices connected to it is normal practice.



  • @chemlud:

    In my experience the problem is not the modem, but the provider refusing to connect to a different MAC. Sometimes it helps to wait some hours and you will get an IP even with a different MAC, but who wants to wait… ;-)

    All I can say is, I am on Comcast, and I'm using a Moto SB6120 (but I've had the exact same experience with multiple other Comcast customers with other modems), and power cycling that is completely sufficient to use a different MAC on my end.



  • Also on Comcast.
    May not be the solution, but thought I'd throw this out anyway.
    I've found that there's a difference in behavior between simply power cycling the cable modem and unplugging it and waiting about 5 minutes before plugging it back in.

    I've found that if the modem, SB6121, isn't connected or pfsense isn't getting a lease on the WAN side, this extended power cycle usually seems to resolve it, whereas just a quick power cycle doesn't.  Not sure why though.



  • I know in the past Comcast has insisted on unplugging the modem for a minute a half before turning it back on.  And if you still have one of those old cable modems and VOIP services built into the same modem, they had battery backups in the modem for the VOIP services so you couldn't just pull the power.  PITA.

    Now they're injecting javascript ads into their citywide WiFi off of paying customers with their opt-out program.  And you wonder why people hate Comcast.


Log in to reply