Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Interaction with modems

    Scheduled Pinned Locked Moved General pfSense Questions
    11 Posts 3 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mgiammarco
      last edited by

      Hello,
      I have a pfsense box with dual wan.
      In each wan there is a modem and pfsense is configured that in each wan it uses dhcp.
      The first modem connects to adsl using pppoe, the second using ipoa (rfc1483? ).
      Pfsense for first wan shows public wan ip as gateway, for second wan show private ip of modem (that is also GW).

      I would like to understand:

      • why in first case it discover real wan address and in the second case not;
      • who told pfsense to discover public wan address
      • what advantages are in first case if any

      Thanks in advance for any help,

      Mario

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        Reason pfsense gets any address on it when set to dhcp, is what is returned when it sends out dhcp discover.  It getting a public or private IP address would be what your isp device, modem/gateway is set to do.  Bridge or Nat, etc.

        Advantage in the first case is your not double natted.  Double natted can have all kinds of problem with different protocols, PITA to get unsolicited inbound traffic to work - since you have to allow for the taffic on the 1st nat (which may or may not be in your control) and then again on the 2nd nat (pfsense)

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • M
          mgiammarco
          last edited by

          @johnpoz:

          Reason pfsense gets any address on it when set to dhcp, is what is returned when it sends out dhcp discover.  It getting a public or private IP address would be what your isp device, modem/gateway is set to do.  Bridge or Nat, etc.

          Advantage in the first case is your not double natted.

          Ok thanks so I explain better. Also the first modem is configured as dhcp server. So I supposed that pfsense should get a private ip in the range of modem dhcp server. But pfsense seems to cheat and take public ip of modem.
          Infact I would like to avoid double nat as you explain.

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            Well clearly if the 1st modem is suppose to be dhcp server its handing out public IP range then..

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • M
              mgiammarco
              last edited by

              @johnpoz:

              Well clearly if the 1st modem is suppose to be dhcp server its handing out public IP range then..

              It is not possible because I have configured personally the modem and it has only one static public ip address (they cost too much) and it has internal dhcp with private ip.

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by

                here is the thing – if you have pfsense set to dhcp on wan, its just a dhcp client -- it broadcasts a discover, and will take the first dhcp server that offers it an IP address it doesn't care what it is, etc.

                You sure you don't have it set in bridge mode?

                You could sniff on the wan to see what is happening, or you could look to the lease details that should show the ip of the dhcp server that gave the lease.

                edit:

                example.. in /var/db you should see file with the interface of your wan do a cat and in there should be the IP of the dhcp server it got its lease from.

                cat dhclient.leases.vmx3f0

                option dhcp-server-identifier 69.252.202.7;

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • M
                  mgiammarco
                  last edited by

                  @johnpoz:

                  example.. in /var/db you should see file

                  Great info for debugging thanks!!
                  Infact now I see:
                  lease {
                    interface "em1";
                    fixed-address 5.x.y.z;
                    option subnet-mask 255.255.255.255;
                    option routers 192.168.1.1;
                    option domain-name-servers 212.97.32.2,94.141.24.92;
                    option host-name "host-5-x-y-z";
                    option dhcp-lease-time 60;
                    option dhcp-message-type 5;
                    option dhcp-server-identifier 192.168.1.1;
                    renew 2 2014/11/18 21:57:44;
                    rebind 2 2014/11/18 21:58:06;
                    expire 2 2014/11/18 21:58:14;
                  }

                  It is very strange, infact modem is 192.168.1.1 but it is giving external ip as a lease ?!?!?!

                  1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator
                    last edited by

                    This makes now sense to me

                    fixed-address 5.x.y.z;
                      option subnet-mask 255.255.255.255;
                      option routers 192.168.1.1;

                    So you got a public IP, but it says your gateway should be 192.168.1.1 ???  To be honest that is a broken setup - gateway needs to be on the same segment as your address, or how else you suppose to get there?  A windows machine will not even allow you to set that up.  While other OS can allow for it - its broken if you ask me.

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                    1 Reply Last reply Reply Quote 0
                    • P
                      phil.davis
                      last edited by

                      If your pfSense LAN is already using something like 192.168.1.0/24 then change your LAN to some other private address space that you can hope your ISP or "modem" does not try to use.
                      That will make it easier for pfSense to ARP for 192.168.1.1 on em1 and maybe even find it and use it as a gateway - but as Johnpoz says, that is a really weird DHCP lease given there. But if you are lucky it might work.

                      As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
                      If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

                      1 Reply Last reply Reply Quote 0
                      • johnpozJ
                        johnpoz LAYER 8 Global Moderator
                        last edited by

                        that lease time of 60 seems pretty broken to me as well.  Can you turn off the dhcp server on that device..  Make it a bridge?  Or clearly need to adjust the dhcp server so that it hands out private IPs, where that 192.168.1.1 would be valid as long as it doesn't conflict with network on your lan side or your other wan connection nat network.

                        if your going to double nat on your wan connections, you need to make sure they do not overlap each other or your lan network.

                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                        If you get confused: Listen to the Music Play
                        Please don't Chat/PM me for help, unless mod related
                        SG-4860 24.11 | Lab VMs 2.8, 24.11

                        1 Reply Last reply Reply Quote 0
                        • M
                          mgiammarco
                          last edited by

                          First thanks for all replies.
                          The strange thing is that this setup is working (apart https).
                          I have luck that my private lan has another subnet than 192.168.1.0/24 (I never use that!).

                          Here is an (censord) extract of netstat -r:

                          default          z.y.x.5.cust UGS        em1
                          z.y.x.5.cust link#3            UHS        lo0
                          5.x.y.z/32  link#3            U          em1

                          As you can see default gateway is the same address of pfsense… but it works!
                          And, I can reach also 192.168.1.1., probably thanks to default route.

                          Now I will try to configure modem as bridge or static ip, anyway I would like to understand this thing. It is a dlink dsl320-b

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.