Is this possible: Pfsense between wifi AP and ISP routr w/o bridge mode

roboto

I have this hardware and was wondering if this this is possible? Before I go further I'd like to know if it's even doable. Thanks.

Jarhead

@roboto
Why wouldn't it be? Is there a specific reason you're asking?
Yes, it would work but you would not get a public address on the pfSense WAN port.
For the vlans, you would just trunk the LAN to switch ports.

johnpoz

@roboto sure you can double nat, shoot even triple nat.. And normally not see any problems, only issue might be if you need something with a static port nat. Rare, some games maybe, some specific vpn type scenarios. Possible voip, etc. But general user not going to be a problem.

Only think you need to make sure whatever rfc1918 your getting on the pfsense wan doesn't overlap with a network your using behind pfsense.

JKnott

@roboto

If you have IPv6, it won't make it through to your LAN.

roboto

@jarhead appreciate your reply. I ask because I don’t know how to make it happen up front and am going to try to figure it out myself. Not a networking pro.

I didn’t want to spend a bunch of time only to discover “X never works with Y in that configuration” or some such.

roboto

@johnpoz Glad to hear it's possible. Pfsense is getting 192.168.1.2 from DHCP on the modem, hich does at least all;ow me to make that permanent.

I'm just getting started. Any tips on getting the wifi routed? How I think it'll work is: Two interfaces: WAN and something like "LANWifi." Add the firewall rules to allow WAN to pass traffic to everywhere, and LANWifi to do the same.

I also have PFsense DMZ'd on the ISP modem.

Should I try to turn off DHCP on the modem and let pfsense handle it? or am I overthinking it.

johnpoz

@roboto said in Is this possible: Pfsense between wifi AP and ISP routr w/o bridge mode:

Add the firewall rules to allow WAN to pass traffic to everywher

Huh?? that makes no sense at all.

roboto

@johnpoz must have a firewall rule to allow wan traffic to pass over to the LAN interface, which is how I understand it.

johnpoz

@roboto said in Is this possible: Pfsense between wifi AP and ISP routr w/o bridge mode:

which is how I understand it.

no, if you want to provide access to some service behind pfsense from the internet. Then you would need a port forward.

roboto

@johnpoz To be precise I want to allow all regular, normal traffic to the Lanwifi through the pfsense, so that I can use my mesh AP and not mess with the crap ISP modem/router

johnpoz

@roboto

All inbound traffic from the internet to pfsense is blocked by default. If your wifi client goes to say www.google.com the answer is allowed by the state. There is nothing to do with wan rules.

Now if you create a new network, say these vlans or wifi network you would have to create rules on the vlans/networks interface to allow outbound traffic to the internet.