I was recently sent a new modem from Spectrum with a letter stating I had to upgrade or face service disconnection. I installed the new modem last night and now I have no internet when connected to pfSense.
If I connect the modem directly to a laptop, the connection works fine. I link at 1000baseT and I get full throughput as verified by fast.com. Because of this, Spectrum is saying the issue is on my end…
Originally when I connected the modem to pfSense, I got the red X and “autoselect” for the WAN interface. I’ve since found that if shutdown the modem, unplug ethernet from modem, boot modem completely, then plug the Ethernet cable back in from my pfSense box I will get a link at 100baseTX and a public IP. However, things are still not working. Note: I also added “reject leases from” 192.168.100.1 to the WAN interface per a Netgate forum thread but I am unsure of its affect.
Although the WAN links at a parltry 100baseTX, I still can not reach the internet. nslookup google.com and ping 126.96.36.199 all fail from both my desktop and the pfSense box itself.
- pfSense v2.5.2
- Intel 2 port NIC
- WAN interface
– set DHCP for IPv4 and “None” for IPv6
– Speed and duplex set to “Default” (changing this causes weird issues)
– Blocking private and bogon networks
No issues that I can see in the logs.
Anyone in this forum have any ideas on what the issue may be?
Thanks in advance!
Sounds like you need to put your modem in bridge mode then connect it to pfsense. You must have double NAT situation, which is why when you connect your laptop to the modem you get internet but not pfSense.
If it’s one of those combo devices you may have to unblock private networks on the WAN interface, and also in any firewall rules you have. Otherwise you turn everything off, connect the LAN port on the modem into the WAN port on pfSense, turn the modem on and look a the lights and wait for service to come up, then turn on pfSense and wait for it to come up and you should be good. If that doesnt work and it is a combo modem device then you could poke around in the settings. Otherwise take a long look at your firewall rules and consider making a backup and restoring default pfSense. Also see if you can ping 188.8.131.52 vs google.com just to test if maybe it’s only DNS that’s broken. Good luck!
Do “modems” do NAT? I believe bridge mode is only for routers.
By “combo” do you mean modem/router/ap? It’s not; its a simple modem.
I tried pinging 184.108.40.206 and got the same result.
Modems can do NAT which use to be their default settings. You had to specify you wanted “Bridge Mode” from the ISP. These days that’s not usually the case as they’ll usually be in bridge mode due to most homes using a WiFi router/firewall. Just for the sake of argument double check your plugged into the right port on your PfSense box. If your PfSense box is set to DHCP are you getting a 192 address or are you getting a public address. If you’re getting a 192 then your modem may not be online as that’s what they will push for diagnostic reasons. If you are getting a public IP then use the diagnostics menu in PfSense and run a trace route to see how far it’s able to get out. If the PfSense box can get to the internet then you may have a setting wrong, it could be DNS or even a bad outbound firewall or NAT rule.
It’s plugged into the right port; same port that worked with the “old” modem.
WAN interface is set to DHCP for IPv4 and “None” for IPv6. I’m getting a public IP; 63.33.x.x. However, the link isnt too stable. It drops (link down) every 30mins or so.
I get a “could not be traced/resolved” in traceroute for 220.127.116.11 and google.com. From my deaktop, it doesnt get past pfSense (192.168.1.1).
Unchecking Block private and bogon networks had no affect.
The 63.33 means you are getting a public which is good. The issue that it’s dropping could be an indicator to the card going bad or the modem is actually DOA meaning it’s not 100% operational. Does your computer drop connection every 30 minutes or so when it’s connected directly to the modem?
Well, the other thing to check is that the WAN interface on pfSense is correctly configured for the type of connection you have.
Are you sure DHCP isn’t running on the modem ? Unless you happen to be on the same subnet as the modem, I can’t see how it would access the internet when connected to the modem.
Might help to know the specific modem you are now using.
What I can find for a “user manual” is garbage. What I found online suggests that you can no longer get into the Spectrum supplied modems. Are you renting this modem or is it provided free?
If renting I would price out a nice DOCSIS 3.1 modem and be done, only issue might be if you have voice service through Spectrum, and then you are probably stuck.
I did see something about a PUMA 6 or PUMA 7 chip and having drop outs, would need to chase that much farther.
The only other thing I can think to check, is to try a crossover cable between modem and router. Maybe there is an issue and it needs a crossover or maybe the supplied cable is a crossover and you need a straight cable.
One reason I was interested in which modem is because I need to get something newer at home, ours is probably 7 years old and I think it is causing some issues due to age and level of support for older equipment. I haven’t nailed down what I’m going to buy, but it will be a DOCSIS 3.1 going forward. Up until the last few months my ARRIS has been pretty good, so probably what I would buy again.
That’s close to the one we have here at work. 2250 instead of the 2251. We do however have static IPs instead of DHCP (biz reasons). I would think it’s the same as what we have at home. At home here are the settings on the WAN interface:
Block private networks and loopback addresses: CHECKED
Block bogon networks: CHECKED
FIREWALL → NAT (OUTBOUND): Start with “AUTO” so it creates the outbound NAT rules correctly
FIREWALL → RULES → WAN: Should just have block rules for BOGON and PRIVATE networks
FIREWALL → RULES → LAN: Start with just an open “ANY” “ANY” rules set to allow all traffic out
If that works then you can trim the allow rules to lock it back down, but that’s a basic starting point for a DHCP WAN link. After all that is setup go to the dashboard (STATUS → Dashboard) and see if the WAN is getting an IP address.
Yea, the user manual they provide the “public” isn’t very useful. It appears its configured via TFTP and SNMP, both of which are not enduser accessible from what I can tell.
I am “renting” the modem as I believe I have to. I’m not being charged for it.
I saw the thread on PUMA 6 / 7 but not sure it’s related to the same issue I’m having.
What’s more interesting is that I tried connecting the modem to the Realtek NIC on my pfSense box and it negotiated to 1000baseT, unlike my Intel NIC/ports which negotiate at 100baseTX. Still no outbound traffic tho using the Realtek.
I tried setting a Static IP & Gateway based on the DHCP settings that my laptop received when directly connected but no dice.
I will double check my FW settings but I believe my WAN settings are exactly that, minus pfblockerNG.
I do get a WAN IP (if following the exact steps mentioned in my first post).
Try disabling the PfBlockerNG.
Try spoofing the MAC address of the PC on your firewall WAN connection, that was a trick from decades ago.
Spectrum came out. Technician said he’s seen all sorts of problems with the new modem and advised me to try to avoid replacement like the plague. The old modem is working perfectly fine and he made a note on my account to (hopefully) allow me to keep the old one in service.
So although it’d be nice have a resonable answer as to why the new one works fine on my laptop, but not pfSense, I’m happy to have internet again.