Unable to use static IP for WAN interface

Limones

Hello, I have seen this issue on here but have not seen a solution.

I have a pfSense VM on an ESXi hypervisor with a WAN and LAN interface configured. The WAN is behind a Time Warner Cable Arris all-in-one cable modem/router (TG 1672). I have installed pfSense several times before on hardware with excellent results.

The pfSense works and performs very well as a firewall if I configure the WAN interface to obtain an address from the DHCP server (192.168.0.200-254 range) on the Arris. However, if I assign the WAN IP manually as 192.168.0.100 it cannot see the gateway and no routing to the internet occurs. I have tried setting the default gateway, leaving the gateway blank, spoofing the mac address of my computer onto the pfSense VM and variations of all above. I have also disabled the WAN firewall rule blocking private subnets. My only thought is that the Arris does not like that pfSense is trying to use an IP not in the DHCP server range. However, my computer (physical Windows 7 box) can self-assign a static IP outside the DHCP range and use the Arris router as a gateway just fine.

Please let me know if I'm missing something stupid.

johnpoz

No device cares if your dhcp or not dhcp.. Why would this matter.  Leaving the gateway blank - how would that possible in a trillion years work??  What did you set the gateway too..

Your windows 7 boxes proves out what I am saying about dhcp vs static  If it works with dhcp and not with static then your doing the static wrong, or something else already has that IP.  Did you set the static and then reboot pfsense?  Or bring down the interface and back up?

cmb

Also never spoof your machine's MAC on any other device that you actually want your machine to be able to communicate with. Likely won't work at all from the machine whose MAC you have spoofed.

You're getting the subnet mask wrong, or gateway wrong, or using an IP that's in use elsewhere.

johnpoz

What is the IP address of your Arris, what do you set for gateway or get for gateway for example from dhcp.  What mask

While its good to know your dhcp is 192.168.0.200-254, what is the mask on the actual nework?  Could be /24 or /23 or /22 ??  is the arris 192.168.0.1??  I would guess so but can not be sure..  So you set your windows 7 pc to static - are there any other static IPs on this network?

Common mistake is that when you set static on interface I think it default to the /32 in the dropdown list - this needs to be changed the mask your using most likely /24, and it needs to have a gateway - which I would guess your arris is 192.168.0.1 but without you telling me this it is only a guess.

Your the one that knows that IPs and masks are being used on your network..

Limones

@cmb:

Also never spoof your machine's MAC on any other device that you actually want your machine to be able to communicate with. Likely won't work at all from the machine whose MAC you have spoofed.

You're getting the subnet mask wrong, or gateway wrong, or using an IP that's in use elsewhere.

Thanks CMB, I spoofed my Win7 mac onto the pfSense router in case it would help connect the pfSense to the Arris, I was thinking that the Arris might accept it with a legitimate device mac that had previously been on the network. I also tried it with a few bits changed just in case. I'm aware it was a long shot, but I was really out of ideas :)

Subnet mask of the pfSense WAN is the subnet of the Arris' LAN: 192.168.0.0/24. Unfortunately, not a lot of room for error there. The Arris is at 192.168.0.1, also not a lot to get wrong. Lastly, my pfSense VM and the Win7 physical box were the only two devices on the network at the time. I also keep my DHCP range >200 so that I can use static IPs under 200 without conflict. You are right in that it's a gateway/subnet/IP issue, but that hasn't helped me troubleshoot. I was hoping for specifics of what might be misconfigured by someone new to pfSense. I appreciate the tips though!

Limones

@johnpoz:

What is the IP address of your Arris, what do you set for gateway or get for gateway for example from dhcp.  What mask

While its good to know your dhcp is 192.168.0.200-254, what is the mask on the actual nework?  Could be /24 or /23 or /22 ??  is the arris 192.168.0.1??  I would guess so but can not be sure..  So you set your windows 7 pc to static - are there any other static IPs on this network?

Common mistake is that when you set static on interface I think it default to the /32 in the dropdown list - this needs to be changed the mask your using most likely /24, and it needs to have a gateway - which I would guess your arris is 192.168.0.1 but without you telling me this it is only a guess.

Your the one that knows that IPs and masks are being used on your network..

Hey johnpoz, I'll try to fill in some details. For the record, I work at Red Hat and I have a degree in networking so I'm new to pfSense, I'm not new to routing. That being said, I'm sure this is a simple misconfig somewhere and that's where you can help me figure this out.

Arris LAN: 192.168.0.0/24, Arris LAN IP: 192.168.0.1, and yes the Arris is the gateway before you think I'm trying something exciting.
pfSense static: 192.168.0.100 fails, I'll check what the default mask is when I try again and I'll let you know. Thank you for the help.

Limones

The /32 mask default on the static WAN interface was doing it, I never gave it a second look. Changed to /24 and connects fine now. Thanks for mentioning it, I knew it was one simple setting somewhere!