Netgate SG-1000 microFirewall

Author Topic: WAN IP  (Read 349 times)

0 Members and 2 Guests are viewing this topic.

Offline ast

  • Jr. Member
  • **
  • Posts: 63
  • Karma: +0/-0
    • View Profile
WAN IP
« on: August 02, 2017, 08:58:10 pm »
Hi guys!

Just want to check if there's a work around for this, I'm getting two different ip addresses from my WAN, we're using DYNDNS, basically for me to remotely access our pfsense box (i know this is not advisable, and should set up VPN).   Please see attached screen shot.  With these two different ip address, I cannot access our pfsense box remotely.

TIA!


ast

Offline tim.mcmanus

  • Sr. Member
  • ****
  • Posts: 585
  • Karma: +25/-7
    • View Profile
Re: WAN IP
« Reply #1 on: August 02, 2017, 09:38:09 pm »
What IP address do you get when you go to:  http://checkip.dyndns.org

Intel Core i3-2100 Sandy Bridge dual core - Intel BOXDQ77MK LGA 1155 Intel Q77 - 4GB RAM - 320 GB 7200RM HD - 2 x Intel EXPI9301CTBLK 10/ 100/ 1000Mbps PCI-Express Network Adapter

Offline ast

  • Jr. Member
  • **
  • Posts: 63
  • Karma: +0/-0
    • View Profile
Re: WAN IP
« Reply #2 on: August 02, 2017, 09:47:06 pm »
What IP address do you get when you go to:  http://checkip.dyndns.org


from my screen capture, its the 112.xxx.xxx.xxx

Offline tim.mcmanus

  • Sr. Member
  • ****
  • Posts: 585
  • Karma: +25/-7
    • View Profile
Re: WAN IP
« Reply #3 on: August 03, 2017, 12:41:21 pm »
What IP address do you get when you go to:  http://checkip.dyndns.org


from my screen capture, its the 112.xxx.xxx.xxx

Okay, that's interesting.  pfSense is seeing a DHCP address that it's been given as the border IP address, but external sites are seeing the 112.x.x.x address.  That means there is another device upstream that may be NATing other devices downstream.

I would contact your ISP and ask them why there is a difference.
Intel Core i3-2100 Sandy Bridge dual core - Intel BOXDQ77MK LGA 1155 Intel Q77 - 4GB RAM - 320 GB 7200RM HD - 2 x Intel EXPI9301CTBLK 10/ 100/ 1000Mbps PCI-Express Network Adapter

Offline ast

  • Jr. Member
  • **
  • Posts: 63
  • Karma: +0/-0
    • View Profile
Re: WAN IP
« Reply #4 on: January 03, 2018, 10:14:16 pm »
Just wondering if you guys know of a workaround for this issue?

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9560
  • Karma: +1083/-309
    • View Profile
Re: WAN IP
« Reply #5 on: January 04, 2018, 12:33:08 am »
Seems like your traffic is being translated on the way out by something. Your ISP is the best place to ask.
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM

Offline Grimson

  • Full Member
  • ***
  • Posts: 250
  • Karma: +34/-2
    • View Profile
Re: WAN IP
« Reply #6 on: January 04, 2018, 05:20:42 am »
https://en.wikipedia.org/wiki/Carrier-grade_NAT your local WAN address matches it.

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9560
  • Karma: +1083/-309
    • View Profile
Re: WAN IP
« Reply #7 on: January 04, 2018, 05:22:34 am »
Nice. That's one I (thankfully) don't deal with every day.
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM

Online JKnott

  • Hero Member
  • *****
  • Posts: 1074
  • Karma: +43/-6
    • View Profile
Re: WAN IP
« Reply #8 on: January 04, 2018, 05:46:04 am »
https://en.wikipedia.org/wiki/Carrier-grade_NAT your local WAN address matches it.

Of course, for NAT they should be using RFC1918 addresses to the customer.  Hopefully there's no real world address they want to reach that's on the same subnet.

Offline Grimson

  • Full Member
  • ***
  • Posts: 250
  • Karma: +34/-2
    • View Profile
Re: WAN IP
« Reply #9 on: January 04, 2018, 05:50:36 am »
Of course, for NAT they should be using RFC1918 addresses to the customer.  Hopefully there's no real world address they want to reach that's on the same subnet.

You might want to actually read that wikipedia article.

Offline ast

  • Jr. Member
  • **
  • Posts: 63
  • Karma: +0/-0
    • View Profile
Re: WAN IP
« Reply #10 on: January 04, 2018, 09:07:36 pm »
Are there any work round for us to 'forcefully' connect to our pfsense for remote access? :D take note of the word 'forcefully' haha

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9560
  • Karma: +1083/-309
    • View Profile
Re: WAN IP
« Reply #11 on: January 05, 2018, 01:07:06 pm »
No. Upstream has to forward to you. pfSense cannot do anything to allow inbound connections if the connection doesn't arrive on the interface in the first place.

You could use an OpenVPN client to connect to a fixed location and route over that but you cannot run an OpenVPN server without a port forward.

Again, your ISP is the one to contact about the behavior of their network outside your WAN interface. Why the hesitation there?
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM

Offline KOM

  • Hero Member
  • *****
  • Posts: 5496
  • Karma: +680/-23
    • View Profile
Re: WAN IP
« Reply #12 on: January 05, 2018, 01:22:14 pm »
Quote
Why the hesitation there?

He's probably a Comcast or Verizon customer.