Re: PfSense + ubiquity

Ideally when you plug into a cable modem, it comes up, and passes your
ethernet to the cmts in a bridge, lets one mac address dhcp/arp, and things
work. It learns that one ip/mac, and disallows any other mac. No
security, nat, nothing, just real dumb dhcp + default routing with a public
ip. Routers/firewalls try to NAT you, thus double NAT if using a router
behind it.

CL sells you a dsl modem/router that does your local security whether you
want it or not, full router/nat/firewall, and probably spyware. Making it
a modem is possible, but takes work, and your firewall has to support PPPoE
(not all can/do). Last time I touched a combo Cox router/modem, I didn't
see any way to do so. I told them to buy a real modem, and that worked
with their belkin/cisco/linksys/netgear they had.

If your "modem" mentions wifi, it's a router/firewall, not a modem. Not
all are clear about this, as they dumb it down for consumers, but an
important point.

-mb


On Mon, May 4, 2020 at 1:53 PM Stephen Partington via PLUG-discuss <
plug-discuss@lists.phxlinux.org> wrote:

> I Owned a Nighthawk Router/Modem combo, The way that Netgear handled that
> is that the modem was hard-wired to a bridge on the router side. and
> technically you could see it as a separate device in the router configs if
> you rooted around enough. but the modem side was just a modem.
>
> On Mon, May 4, 2020 at 11:03 AM Michael Butash via PLUG-discuss <
> plug-discuss@lists.phxlinux.org> wrote:
>
>> Cox modems *are* bridges first and foremost typically, unless you get a
>> bundled router/modem, which is only what CenturyLink sells. If you got a
>> "router/modem" combo, just buy a modem-only device for a dumb bridge and
>> simple ethernet for a public ip. I recommend staying with an arris cable
>> modem, originally motorola, they basically developed cable modem docsis,
>> and are always the best.
>>
>> I moved from Cox to CL when Cox started adding a usage cap, and that was
>> new to me to get my Fortinet firewall online with CL and their DSL doing
>> PPPOE. I've seen the router/cable modem combo boxes later, but never owned
>> one as I always have my own router/firewall.
>>
>> -mb
>>
>>
>> On Mon, May 4, 2020 at 8:36 AM Donald Mac McCarthy <mac@oscontext.com>
>> wrote:
>>
>>> Will Cox allow for a bridge/virtual bridge mode? Xfinity does, which
>>> allows you to put in a firewall, and use the modem only as a gateway,
>>> therefore preventing a double NAT situation. Never lived in a Cox area
>>> before, and currently ride CL fiber.
>>>
>>> Mac
>>>
>>> Michael Butash via PLUG-discuss wrote on 5/3/20 2:00 PM:
>>>
>>> Cox modems will learn and allow only 1 mac at a time (unless business is
>>> set to allow more, but not on residential). If switching out firewalls, I
>>> 99% of time reboot the modem first and foremost.
>>>
>>> -mb
>>>
>>> On Sun, May 3, 2020 at 12:08 PM Snyder, Alexander J via PLUG-discuss <
>>> plug-discuss@lists.phxlinux.org> wrote:
>>>
>>>> I got it working.
>>>>
>>>> I assigned the SFP+ port as my LAN and assigned it the 10.x.x.x/16
>>>> network. Then I had to call COX and list the WAN Mac address with them.
>>>> Upon doing so I was able to reach external sites, and all downstream
>>>> devices started coming alive!
>>>>
>>>> Thanks for all the suggestions and help!
>>>>
>>>> Thanks,
>>>> Alexander
>>>>
>>>> Sent from my Galaxy S10+
>>>>
>>>> On Sun, May 3, 2020, 03:14 Herminio Hernandez, Jr. via PLUG-discuss <
>>>> plug-discuss@lists.phxlinux.org> wrote:
>>>>
>>>>> Can you login to the FW via the LAN interface? Can you ping the FW
>>>>> LAN interface? Check the routing and NAT policy on the FW. All outbound
>>>>> traffic should NAT to the FW WAN interface and there should be a default (
>>>>> 0.0.0.0/0) route to the internet.
>>>>>
>>>>> On Sat, May 2, 2020 at 7:27 PM Seabass via PLUG-discuss <
>>>>> plug-discuss@lists.phxlinux.org> wrote:
>>>>>
>>>>>> I'm with Mac, I think it is not the firewall, but if you have the
>>>>>> ability to plug it into a display with a keyboard, you can use that for
>>>>>> configuration and modify a different device at the same time.
>>>>>>
>>>>>> Makes it easier to troubleshoot by giving you the ability to
>>>>>> configure your pfSense ports at the same time.
>>>>>>
>>>>>>
>>>>>>
>>>>>> Message: 2
>>>>>> Date: Sat, 2 May 2020 09:04:35 -0700
>>>>>> From: Donald Mac McCarthy <mac@oscontext.com>
>>>>>> To: "Snyder, Alexander J via PLUG-discuss"
>>>>>> <plug-discuss@lists.phxlinux.org>
>>>>>> Subject: Re: pfSense + Ubiquity
>>>>>> Message-ID: <18adfa38-3e72-7b0a-e31a-1ddf175d717f@oscontext.com>
>>>>>> Content-Type: text/plain; charset="utf-8"
>>>>>>
>>>>>> I can help - but I am unavailable to do so until tomorrow.
>>>>>>
>>>>>> Make sure there are not any thing other than default VLANs on the
>>>>>> interfaces to start with. Ubiquiti is famous for not havinght eSFP+
>>>>>> ports active in the default configuration, and I believe the switch
>>>>>> has
>>>>>> all the ports to shutdown on default config as well.
>>>>>>
>>>>>> I think it is the switch not passing traffic through - no the
>>>>>> firewall.
>>>>>>
>>>>>> Mac
>>>>>> Snyder, Alexander J via PLUG-discuss wrote on 5/2/20 8:53 AM:
>>>>>> > Does anyone out there have experience with pfSence and Ubiquity
>>>>>> switches?
>>>>>> >
>>>>>> > I have zero with either but that didn't stop me from buying both
>>>>>> ....
>>>>>> > how hard could it be?! LOL.
>>>>>> >
>>>>>> > I bought a Negate XG-1537-1U. I bought a Unifi Pro 24 PoE switch.
>>>>>> >
>>>>>> > I can configure the FW immediately after
>>>>>> > firstboot/restore-default-configs, but only if i set the LAN
>>>>>> interface
>>>>>> > to be the cable that goes directly to my laptop. That's great, but
>>>>>> > that does shit for the downstream switch.
>>>>>> >
>>>>>> > I have a 10GB SFP+ Port that I want to configure as the downstream
>>>>>> > port to ubiquity, but any configuration other than mentioned above
>>>>>> > fails .... and I'm now on my 12th "Reset To Factory Defaults" ...
>>>>>> any
>>>>>> > help on this would be greatly appreciated!
>>>>>> >
>>>>>> > Thanks,
>>>>>> > Alexander
>>>>>> >
>>>>>> > Sent from my Galaxy S10+
>>>>>> >
>>>>>> >
>>>>>> > ---------------------------------------------------
>>>>>> > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
>>>>>> > To subscribe, unsubscribe, or to change your mail settings:
>>>>>> > https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>
>>>>>> --
>>>>>> Donald "Mac" McCarthy
>>>>>> Director, Field Operations
>>>>>> Open Source Context
>>>>>> +1.602.584.4445
>>>>>> mac@oscontext.com
>>>>>> https://oscontext.com
>>>>>> -------------- next part --------------
>>>>>> An HTML attachment was scrubbed...
>>>>>> URL: <
>>>>>> http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20200502/aeab14b4/attachment-0001.html
>>>>>> >
>>>>>>
>>>>>> ------------------------------
>>>>>>
>>>>>> Subject: Digest Footer
>>>>>>
>>>>>> _______________________________________________
>>>>>> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
>>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>
>>>>>>
>>>>>> ------------------------------
>>>>>>
>>>>>> End of PLUG-discuss Digest, Vol 179, Issue 2
>>>>>> ********************************************
>>>>>>
>>>>>>
>>>>>>
>>>>>> ---------------------------------------------------
>>>>>> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
>>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>
>>>>> ---------------------------------------------------
>>>>> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>
>>>> ---------------------------------------------------
>>>> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>
>>>
>>>
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>
>>>
>>> --
>>> Donald "Mac" McCarthy
>>> Director, Field Operations
>>> Open Source Context
>>> +1.602.584.4445
>>> mac@oscontext.com
>>> https://oscontext.com
>>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
>
>
> --
> A mouse trap, placed on top of your alarm clock, will prevent you from
> rolling over and going back to sleep after you hit the snooze button.
>
> Stephen
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss