Pfsense in front of udm pro
-
Hi l live where I need to use 4G GSM for my Internet access and so have issues with using NAT/port forwarding. This is due to the GSM provider using carrier NAT so I do not get a public ip address. I now have a working test pfsense box with a vpn tunnel setup that gives me a public ip address this acts as the default gateway so all internal clients use this to connect to the Internet. This allows for any external access using port forwarding where required. What is the easiest way of now placing the pfsense box in front of the udm pro. Can I just connect the pfsense to the udm pro's WAN port usin DHCP on the pfsense LAN ort as I would normally to a Adsl router?
Thanks
Roy
-
@rfinch23 You could do that.
Of course this will also be double nat, (as it would also be the case with an adsl router not in bridge mode)
Not exactly a problem until it becomes one. -
@netblues thank you for your reply, yes I realise this will require double NAT but sadly I am presently using a vigor 130 in pass through but the connection is at best only 4mbs and drops out at least four or more times within a 24 hour period, The GSM 4G is showing 40-50mbs down and around 30-40 mbs up, so is a bit of a no brainier hopefully. I did try this without the tunnel as I use 3 mobile who it is rumoured to still use public ip addresses but for some reason it was causing havoc with my Samsung SmartThings hub as the devices were not syncing correctly?
Roy
-
@rfinch23 I doubt the issue is with the ip connectivity of 3mobile.
Its easy to check if you are behind cgnat or public ip.
Perhaps with routing you could eliminate dobule nat.If boils down to disablin nat on udm and routing networks behind utp wan ip with static routes on pf.
I have no idea if udp pro can be used in routed mode though. -
@rfinch23 said in Pfsense in front of udm pro:
This allows for any external access using port forwarding where required.
So this is a vpn on some vps or something you setup somewhere - most vpn services do not provide for port forwarding.
