Hello.

Yes you are correct. I would want stealth mode. In modem mode i get stealth but in router mode i get closed.

I am just concerned that in router mode the LAN , WAN , OPT1 are all in RFC1918 addresses and it seems that it might be routing between them

Craig

@viragomann:

@TPCoMatt:

Do I add a 'static route' in pfSense?  If so, so I need to create a 'Gateway' at 2.2.2.247, so the static route has a gateway to go through?

Yes.

Basically you need two routes for accessing the internet: the upstream route and the downstream route.
For the upstream route you have to set the ISP gateway as default gateway on the external firewall and select it in the WAN interface settings. On the secondary firewall you have to the same with the external FW's LAN address.
For the downstream you need a static route on the external firewall. First set 2.2.2.247 as gateway (not default!) and then add a static route for 3.3.3.0/24 and select 2.2.2.247 for the GW to be used.

Thanks!  That worked perfectly!!

Were are you running wireshark?

I would try a packet capture on the pfsense interfaces and compare what is arriving to what it leaving,

also trying looking over the pfsense logs, if it is doing anything to the packets and erroring it should so up here
status > system > routing

They will be configuring their router in transparent mode, so your Pfsense WAN port will be facing the internet,

you will need to configure Virtual IP's (VIP) for the 2 routed Ip addresses "51.52.103.153 and  51.52.103.154"
and the important part, make sure any existing inbound nat rules are created using these Ip addresses

VIP's are under firewall > Aliases
NAT is under Firewall NAT

Yes, that is what you need.

Note that if you are trying to segment those cameras, it is up to the Win7 router to filter what the cameras can and cannot access on the pfSense LAN segment. pfSense is not involved in communications between 10.0.1.0/24 and 10.0.0.0/24.

You will have a pretty hosed asymmetric routing problem there that might help keep reply traffic from making it back though.

I would, personally, use another interface on the firewall for that. If you need the windows PC on that segment, put it there.

Hi, All I see is a bunch of thing like this, they all look the same.
20:56:08.579383 ARP, Request who-has 192.69.162.161 tell 192.69.162.78, length 28

Sorry but that is up to your ISP to solve. They have to respond to ARP so the firewall knows what MAC address the gateway IP address can be found at on the WAN subnet.

You might need to hire someone locally to get you running - especially someone who knows what it is that ISP needs.

That did resolve the connection solution.

Thank you.

Have you tried to set pfSense WAN in DHCP mode?

Hi Derelict,

just wanted to let you know that I implemented your solution and it worked right away.

Thank you very much!

Andreas

Super. Thanks for your help.

Hello,

I have managed to resolve the issue myself.

For those, who stumble upen similar situraion, I only had to define a LAN rule to sent all traffic with the destination 94.0.0.0/8 through the VPN gateway.

Kind regard,
vrugaitis

Yes.

Scheduling a maintenance window and doing it right the first time is often the best way to go.

Sometimes the dog needs to wag the tail, not the other way around.

I have no idea who your ISP is, but this FAQ might help:  http://www.dslreports.com/faq/16077

It talks about FIOS and their TV package.  In order to get all of the services to work with your TV, those devices need to be on the FIOS LAN.  How you get a second router or network working in this kind of environment is addressed in the above FAQ.  It might not apply 100% to your particular situation, but it does have some very well thought out approaches to solve the issue that may be helpful to you.

Difficult to say. Is the LAG LACP?

Are any of the interfaces on pfSense or the switch logging any errors? Anything interesting in the system log? The log on the switch?

There is certainly nothing known regarding intel NICs and LACP/LAG + VLANs.

Exactly the question I asked myself last night.  Not sure why the video wanted to go from auto to manual that I watched, but I'll know next time!

Kevin

Yes, the Windows Firewall blocks access from other network segments by default.

Hi -

If you're still having issues with openbgpd, give the most recent Quagga plugin a try - I wrote in manual support (meaning you have to generate a cisco-like text config or use the "vtysh" front-end for Quagga from the command line). We did away with openbgpd and are now using Quagga for all BGP needs with pfSense.

-Tim