Pfsense/Fibre question

[adviseme]

In preparation for fibre connectivity at home I setup PFsense on an old PC and tested it at work using a spare DSL line. The reasoning being that I should do something and learn something about home internet security because I have CCTV, newsgroup server, gaming, PC's and portable devices attached to a wifi router with basically no security other than a VPN subscription.
I'm not very technical so this took a while but eventually got the box configured and working with snort, squid and some whitelists etc.
Fibre was activated last week so took the box home, changed the WAN interface to DHCP. No IP appears on the WAN interface so after probably breaking things further, did a factory reset on PFsense and an auto detect on the LAN and WAN interfaces. Still no joy with seeing the WAN. CW via Vumatel.
My question is, does it make any difference plugging in different routers to a fibre line in succession? Will it take a while to refresh and is there some type of mac address monitoring/blocking from the provider? My standard wifi router (with WAN port) is up and running and the only configuration change I made was to select DHCP. Most likely I'm doing something totally dof. If there's someone in the JHB area who knows their stuff and wants to make some extra $ helping me out....forum rules permitting...I'd appreciate the help.

 

[Packet-Kollector]

Did a similar thing, with the complexity of VLans and VMs to do the work.

It works, but, your MAC Address changes when you plug the fiber into the new PFSense box, and it doesnt get its DHCP over that WAN interface.
Vumatal lock your service to the first MAC address that it sees looking for an IP down your line.
If you know the MAC Address of the first device, PFSense will let your spoof the MAC and set it to the one you need to use, if not, your provider can do a MAC reset on your line.

But I can confirm it works, my PFSense has the public IP from my provider on its WAN interface

 

[Genisys]

Vumatel locks to a specific MAC address. Call them and ask them to release the mac as you have a new firewall.

 

[adviseme]

Thank you both for the quick responses. Will try spoof the MAC address tonight.

 

[Packet-Kollector]

Did you win?

 

[DMNknight]

Don't spoof the MAC address, because it very much sounds like it's your wifi that you first plugged into the CPE.
You're asking for trouble by having two of the same MAC addresses on your network.

Don't call Vumatel either, it's CrystalWeb you need to phone to unlock the mac address. Once that's done it will automatically pick up your pfSense MAC address if it's configured for DHCP.

 

[adviseme]

I didn't win by spoofing the MAC. I made sure that the wireless router wasn't up at the time I tried plugging PFsense into the CPE. I didn't have much time to play around but did notice that the lights on the CPE seemed to register a valid connection. Results from PFsense were either 0.0.0.0 or n/a for the WAN.
I'm planning on trying to get this right this weekend so thanks for the additional pointers above.

 

[adviseme]

...and of course if you like BEER, PIZZA and $$$ and know your stuff you can come show me how to properly secure things.

 

[DMNknight]

You're welcome to give me a shout if you need help. I've got a pfSense firewall working on Cool Idea's/Vumatel

 

[adviseme]

Thank you for the help DMNknight. Much appreciated.

 

[DMNknight]

No problem at all, glad it was an easy fix.

 

[Dizzle]

So what was the fix?

 

[DMNknight]

Phone ISP, release old MAC address, accept the new

 

[Dizzle]

Thanks for letting me know.

 

[Arthur]

Good to know, for when we finally get fibre in 2027.