When changing ISPs, what is best practice for configuring IPFire? Old ISP and new ISP are both DHCP, so I’m guessing I don’t need to run setup to reconfigure RED. Simply unplug cable modem from WAN, plug ONT into WAN, and probably reboot IPFire?
Old ISP is cable, new ISP is fiber. Any other suggestions to make the experience as smooth as possible?
That should be the case but it isn’t always what happens.
I had a cable connection with an ISP and moved to a new ISP with a fibre connection.
In this case I just unplugged the ethernet cable from the cable modem and connected it to the Fibre Code Converter unit provided by the new ISP. This just converts the light signals to electrical signals for an RJ45 connection.
That ISP was a good technically based company that was very helpful and were very appreciated by their customers so they were bought out early last year by an ISP that is very commercial with little technical knowledge.
They replaced the code converter with one of their own that required a vlan for the internet. So I set my red up to include the vlan ID and it wouldn’t work.
I had to place their modem/router between the code converter and my IPFire to get it to work.
I kept trying for 2 or 3 weeks, thinking I was doing something wrong with the vlan setup. Eventually I found that the problem was that the new ISP had a broken non RFC compliant dhcp server and it just stops when it sees the Rapid_Commit option, whereas the previous ISP had a proper RFC compliant dhcp server.
I then turned off the Rapid_Commit option in the red setup screen and then the connection worked without any issues, without their modem/router in between any more.
My advice would be to have all the information and materials available to do a full fresh install, just in case. So all mac addresses for each of the NIC’s, the IP’s used, note which socket on your IPFire is which colour, if you don’t already have them colour coded.
that it goes smoothly for you.
Thank you. I hope so too. It happens next week. Main reasons for the change were 1) fiber=lower latency; 2) this ISP has no bandwidth caps; 3) going from 250/25 to 1000/1000 will only cost an extra $20/month.
This ISP is local to my area. Small town values, service, etc. All reviews I’ve seen from end-users are very good. Leaving one of the largest ISPs in the US.
FYI, the install took a little longer than normal, and they did some minor damage to the outside of the house (which they will fix), but the transition went very smoothly. It took two reboots of IPFire, but then it picked up the new RED interface. Speeds are slightly above advertised and gateway ping went down from ~10ms to ~1ms.
Speed/latency with QoS disabled:
And with a little tweaking in QoS, I was able to eliminate all additional latency with only a minor reduction in throughput:
On thing I was not expecting: this ISP is brand new to my town. They literally just finished running fiber through our town and I was one of the first to sign up. I believe it is due to the newness of them to the area that the IP I was assigned is nearly silent. IP Blocklist logs went from >5000 per day to 0-5 hits per day. The firewallhits Graph is completely empty almost all the time. Weird. I like it, but it’s so foreign to me. I know it won’t stay this way, but I’ll enjoy it while I can.
Are they using CG-NAT or do you have a routable piblic IP?
I don’t know what CG-NAT is. I know there is an IP listed on IPFire’s Main Page that matches up when I search Google for “what is my IP”. So I believe I have a routable public IP.
Okay, I just googled it. I assume that is another way of asking if the ISP is giving me a static IP or I’m on a DHCP server of theirs. The answer is it is not a static IP.
Static is not mandatory at all, and dynamic does not mean it is CG-NAT. Dynamic IP’s typically come by DHCP or PPPoE, but so does a CG-NAT IP.
You can see CG-NAT if your IPF WAN IP is not the same as when you google for your IP. Typically a CG-NAT router IP will be in the 100.something range. I think the second octet may also be fixed.
Thank you. You were right, it is CG-NAT. IPF says it’s 100.98.x.x. Googling my IP gives a completely different result. So how does this play into how quiet my firewall traffic is?
Effectively your ISP is performing NAT in front of your router. This means no one can connect to you from the internet so you won’t get any traffic from there. This means you are immune from internet based attacks.
You are still vulnerable to attacks when you visit web sites or click on email links, but these are all where you initiate the connection.
100.64.0.0/10 is the private IP address range used for CG-NAT (Carrier Grade NAT).
https://en.wikipedia.org/wiki/Carrier-grade_NAT
One disadvantage of CG-NAT is that in most cases you will not be able to do any port forwarding unless your ISP is able to use one of the approaches discussed in the above wikipedia link.
As long as you don’t want to do any port forwarding then there is no problem.
