Migrating from static IPs to Fiber DHCP

First, Tom – thank you for all the videos on setting up pfSense. They helped guide me to setting up physical separate zones for LAN, LAN_TRUST_WIFI, UNTRUST_WIFI, DMZ at my house.
Sorry if this has been asked and answered, I found some similar questions, but still cannot figure it out. I am trying to determine how to move from 5 static IP’s to a Dynamic DNS.
I have my domain registered with Network Solutions for another 10 years. They currently handle DNS for my 5 static IP addresses, which I setup years ago. My ISP is currently Comcast, which provided the 5 static IP’s. The static IP’s are mainly used for Web sites and email server (iRedmail). I host a web site for my friend’s company with a different domain, pointing to my web server.
I am migrating to Fiber. Half the price of Comcast and twice the speed. The Fiber only provides DHCP, so far, they have said they could give me one static IP for $25/month, “soon”, so I have the fiber unplugged until they can do this. In the meantime, I am thinking of just using DDNS without the static IP from fiber, using CloudFlare with pfSense (using Services->Dynamic DNS) to update my IP address whenever it changes. I have a second psfense FW setup for the Fiber, so far with just a backup of the Comcast settings.
As I understand it, there are two parts to the Domain.

  1. Domain Registrar – Network Solutions
  2. Domain Name Server – Network Solutions (but migrate to Cloudflare)
    If this is possible to do, I would like to keep email and web available as much as possible.
    I am unsure what to do to make these changes. I am guessing I do these steps:
    A. Move DNS for static IP’s from Network Solutions to CloudFlare
  3. Sign up / create account for CloudFlare.
  4. Remove my DNS (A, CNAME, MX, TXT) records from Network Solutions.
  5. Add DNS Records to CloudFlare.
    From here, I want to plug in my fiber and setup some sort of test to try the DDNS, and hit my email / web server, physically unplugging from Comcast and plugging into Fiber with DDNS. But I don’t know how to do all this. Can you please help me, I feel I am over my head and not sure what to do.
    Thanks

First, yes if you want to move to using Cloudfare tunnels then you would need to move your domain and make the DNS settings the same. Provided they are the same what ever service they point to, such as email (MX records), will continue to work.

I have never use the DDNS from cloudflare but it should work fine for telling the service what your IP is. Are you sure the fiber provider is giving you a public IP and not a CGNAT IP?

Thanks Tom. Cloudflare has very good instructions on how to move it. I put in my domain, and they found and imported all my records, with the exception of my mx and mx2 records. They told me how to change the Name server on Network Solutions, and within an hour everything moved over to Cloudflare.

I will try to work on changing the static IP’s (firewall NAT rules, etc.) to DDNS possibly this weekend.

I am not sure if the provider will do a public IP or a CGNAT IP, but I think the pfSense DDNS will solve it, and I won’t need a static IP from the provider.

If they are using CGNAT then DDNS will not help you. You need a public facing ip.

I finally got fiber and found out they used CGNAT as I could not access via VPN. Fortunately a static ip was only $10 a month and I have never been billed for it.

1 Like

Ah, thanks! I didn’t know that. I will check with the provider before I do too much more.

NGROK will however save your bacon behind CGNAT for free. :slight_smile:
And of course do even more if you need their paid features, but as just ingress as a service, its hard to beat.

My home ISP is CGNAT, I use NGROK to tunnel back into it over SSH while traveling, and do everything form dynamic forward web traffic so my stream providers think I am home, to RDP into lab computers.

I contacted my fiber operator. They were able to re-provision my equipment to a public IP from CGNAT, so I think I am back to setting up my firewall. Thanks everyone for your help!

1 Like