Messages

I was able to get a year-long promotion free for the static IP. Hopefully that will be enough enough time to figure out another solution. It would be cheaper to buy a VPN in foreword it's traffic through VPN tunnel to the firewall to have a public IP. According to what I'm writing sort like a bastion set up.

I want the firewall to still handle all the traffic from the VPN into treated as just another hop from from the source destination. Nor do I want to forward all the traffic out of the network through the VPN justice services I wish to port forward. Normally bastion is used to filter traffic/logging/antivirus and such.  I have that set up on the firewall so no sense in paying for a higher grade VPN to run opnsense. So the question is there an easy way just to simply forward all traffic regardless of ports through the tunnel. I think I would need some sort of proxy to forward all the traffic.

I'm new to professional networking so I'm stretching the limits of my knowledge what's possible in the terms to educate myself further. So any help in that direction would be helpful.


However the issue at hand with the WAN dropping internet every 24 to 36 hours will still be an issue without the static IP. That's the 1st hurdle I need to solve.

Greetings everyone, I'm looking for some help diagnosing WAN IPv4 dropping every 24 to 36 hours. The WAN interface is not considered down when this event occurs. WAN is connected to directly to the modem which connects out to the Internet via fiber. The WAN interface details do not change when I release/renew to restore Internet. That process restores the network connection.

As I understand Metronet does not provide you with a public facing IP address be default. They use what is called Carrier Grade NAT. "Carrier Grade". You end up with a double NAT situation.

Similar netgate topic
https://forum.netgate.com/topic/150572/metronet-fiber-internet-goes-down-roughly-every-24-hours/15

Suggestions how to tweak to make wan properly in sync with the nokia g-010g-a ont modem?

Things that I prefer not to do or cannot do.
- Bridge the modem
- Dedicated IP
- Communicate to the ONT by the webqui or ftp etc.

Perhaps I created an alias of the domain name url that references the Public IP address which is tied to a dynamic DNS service.  Then I can use that as a destination for port forwarding because it resolves to my  public IP?

works for only Automatic outbound NAT for Reflection

PS C:\Users\Main> tracert 1.1.1.1

Tracing route to one.one.one.one [1.1.1.1]
over a maximum of 30 hops:

   1    <1 ms    <1 ms    <1 ms  OPNsense.localdomain [192.168.1.1]
  2     *        *        *     Request timed out.
  3     1 ms     1 ms    <1 ms  10ge7-5.core1.rst1.he.net [184.105.27.57]
  4     4 ms     3 ms     3 ms  100ge8-2.core1.blp1.he.net [184.105.65.157]
  5     4 ms     4 ms     4 ms  100ge8-2.core1.msp1.he.net [184.105.64.97]
  6     4 ms     4 ms    16 ms  AS13335.micemn.net [206.108.255.45]
  7     4 ms     4 ms     5 ms  one.one.one.one [1.1.1.1]

I believe this has to do with Metronet Internet service provider.

https://www.reddit.com/r/Metronet/comments/ieohps/does_metronet_provide_a_standalone_not_a_combo/

Public IP -> Metronet Router -> ONT (provides private IP from Metronet router) -> Your Router (has private IP from metronet as the WAN IP) -> Computer/Device (has private IP from your router)... Metronet does not provide you with a public facing IP address be default. They use what is called Carrier Grade NAT. "Carrier Grade" means nothing. You end up with a double NAT situation

Outside of dedicated IP is there anything else I could try to do to remedy the situation?

  Interfaces: Diagnostics: DNS Lookup


Wan IPv4 address xxx.xx.xxx.216/19  is the IP to opnsense firewall which I normally log into via `192.168.1.1`

Response    
Type    Address
   OPNsense.localdomain
Resolution time per server    
Server    Query time
127.0.0.1    25 msec
1.1.1.1    9 msec
1.0.0.1    5 msec

Public IP: xxx.xx.xx.65

Taken from `WAN interface (wan, igb0)`
IPv4 address xxx.xx.xxx.216/19
IPv4 gateway xxx.xx.224.1

I think the public IP should be reflected in the WAN interface...


screen shot windows 7

Thank you for taking a moment to respond!

My setup is very basic. I recently upgraded to symmetrical fiber service. Currently have a dynamic IP however to my knowledge that shouldn't affect this process.

Version: 21.1.3_3

Modem Alcatel-lucent G-010g-a -> Firewall -> Switch

No multi WAN setup

The only thing deviating from the standard install

- Sensei
- https://forum.opnsense.org/index.php?topic=8783.0  [Tutorial] How I do port forwarding - simple and straightforward
- Unbound DNS: Blacklist for ad blocking


` I'm assuming the WAN interface is actually bound to the public IP?`

When initially setting up WAN interface during install time it did correctly pull the public IP so I assume it's bounded. is there a way for me to check?

When I configure port forwarding to use the `WAN address` resources/server not reachable.

- Destination: WAN address

However if I utilize I can reach the resource/server just fine defining destination `Single IP or Network` as my public IP.

- Single IP: my public IP

Shouldn't the Public IP and the WAN Address be the same?
Suggestions for troubleshooting?

A little help would be appreciated.

Greetings everyone, I'm looking for some help diagnosing WAN dropping every 24 to 36 hours. The WAN interface is not considered down when this event occurs. WAN is connected to directly to the modem which connects out to the Internet via fiber. The WAN interface details do not change when I release/renew to restore Internet.

What recommendations would you have for me to provide better troubleshooting info?