Hello friends,
Today I called Metronet and asked them to give me a static IP so that I can portforward and host servers.
I was on the phone for over an hour, and couldn't get it to work.
This is the information I was given by the ISP support regarding my new static IP -
static ip, ipv4 149.154.37.18
gateway 149.154.37.1
subnet 255.255.255.192
Here is what I tried to do
System>Gateways>Configuration NEW configuration for WAN interface, IPv4, set to 149.154.37.1
(originally I set it to the ipv4, and realized because I am in the "gateways" configuration, this value should probably be the gateway he gave me. so I later changed it to the gateway he provided, but it didn't seem to fix the issue).
Interfaces>[WAN] change "IPv4 Configuration Type" to "STATIC" and at the bottom change "IPv4 address" to 149.154.37.18
(there is an option to the right of this with numbers ranging from 1 to 32, but I have no idea what this means, so I left it at the default "32" value)
I was at a loss for what to do with the "subnet" value he sent me, so I disregarded it.
This did not work. I tried Firewall>Settings>Advanced and enabled "Disable Firewall" in case some sort of establishing connection was being blocked, but this did not fix the issue either.
I had to end the call with Metronet support by having him change it back to DHCP on his end, so that I could change it back to DHCP on my end to get my non-static connection going in the meantime.
The only special changes in my OPNSense setup is I have the Zenarmor plugin, and I have IPv6 pretty much disabled system-wide for all matters WAN and LAN. The tech asked what my DNS settings were, and I found them in System>Settings>General where I earlier set them to Cloudflare's 1.1.1.1 and 1.0.0.1 which seemed harmless to me and him.
Any help is appreciated! I am not super experienced with networking so I wouldn't be surprised if I missed something that is obvious to an expert! :)
Quote from: RainOfPain125 on October 29, 2025, 03:43:55 PMInterfaces>[WAN] change "IPv4 Configuration Type" to "STATIC" and at the bottom change "IPv4 address" to 149.154.37.18
(there is an option to the right of this with numbers ranging from 1 to 32, but I have no idea what this means, so I left it at the default "32" value)
That's why it doesn't work. They gave you this information:
Quotesubnet 255.255.255.192
which means you must use a /26 instead of a /32 value. Networking 101.
255.255.255.192 and /26 are two different ways to specify the "size" of the network you are connected to. You cannot disregard this. With /32 in place your OPNsense cannot reach any other host on that link. Specifically not the default gateway.
See: https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing
Quote from: Patrick M. Hausen on October 29, 2025, 03:47:39 PMQuote from: RainOfPain125 on October 29, 2025, 03:43:55 PMInterfaces>[WAN] change "IPv4 Configuration Type" to "STATIC" and at the bottom change "IPv4 address" to 149.154.37.18
(there is an option to the right of this with numbers ranging from 1 to 32, but I have no idea what this means, so I left it at the default "32" value)
That's why it doesn't work. They gave you this information:
Quotesubnet 255.255.255.192
which means you must use a /26 instead of a /32 value. Networking 101.
255.255.255.192 and /26 are two different ways to specify the "size" of the network you are connected to. You cannot disregard this. With /32 in place your OPNsense cannot reach any other host on that link. Specifically not the default gateway.
See: https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing
Ah, thanks for this reply.
I tried to connect the dots between the subnet and the 1-32 values, and what I was *very quickly reading while the tech was on the phone with me* was that yeah, the two are connected.
I looked up the "conversion" for it on my phone (since my internet was out) and I found a website https://dnsmadeeasy.com/resources/subnet-mask-cheat-sheet where it said 255.255.255.192 is equal to /26.
I believe I successfully changed the value to /26 while we were troubleshooting but it still did not work.
I read elsewhere that in Interfaces>[WAN] the enabled defaults "Block private networks" & "Block bogon networks" might be problematic. I did not get the time to try disabling those before we had to end the call and switch to DHCP. Do you think those could be the problem?
Another thing I found while searching similar topics, someone wrote
"When you use static ips from isp you need to add static route so all 0.0.0.0/0 will go to your gataway that is x.x.x.69." although none of what they said makes much sense to me.
I called back today, no new progress has been made.
I tried turning off "Block private networks" and "Block bogon networks" in Interfaces>[WAN] but this did not fix the issue.
I again had "Disable Firewall" enabled in Firewall>Settings>Advanced just to be sure, and this also did not fix the issue.
I had the subnet set to /26 as it should be, and the issue persisted.
Here are screenshots of my Interfaces>[WAN] /// & System>Gateways>Configuration. Ignore the title of the gateway being "DHCP".
You can also ignore "promiscuous mode" being enabled in the screenshot. I tried with it on and off and it didn't help.
(https://media.discordapp.net/attachments/1211885710089519167/1434207025755328512/Screenshot_20251101_113802.png?ex=69077ce1&is=69062b61&hm=ad5eb663b2e1b9a67b816efd57cfa94e41096c97c00caf62cf99cf79c8be5d2f&=&format=webp&quality=lossless&width=1431&height=891)
(https://media.discordapp.net/attachments/1211885710089519167/1434207025348219052/Screenshot_20251101_113823.png?ex=69077ce1&is=69062b61&hm=fa5a18681a33c2acb4069a475d6e95ec532d41f47c4aaddc22c920ad8d1a0588&=&format=webp&quality=lossless&width=1229&height=1782)
Just as a hint, if you disable the firewall you also disable NAT (Outbound NAT et al) which your internal clients need to get to the internet.