Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to configure when in between Fios Gateway and DECO Router

    Routing and Multi WAN
    2
    3
    369
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tom__w
      last edited by

      I need to setup a firewall but my DECO router does not support filtering by IP. I believe the only solution is to put a PfSense box between my Fios gateway and the DECO router.

      How do I need to configure my PfSense to work in this configuration?

      This is a home application where I have a QNAP which is being written to (by my office) for DR purposes. I need to filter all incoming port 22 traffic, except from those connections initiated by my office's fixed IPs. I can do that bit .. I'm just not sure on setting up the WAN / LAN side IP configurations.

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @tom__w
        last edited by

        @tom__w
        Just put pfSense in between both devices.

        On the Fios you have to forward the desired traffic to the WAN IP of pfSense.
        You can configure the pfSense WAN interface as DHCP client, assuming the Fios has a DHCP server running.
        In case the Fios does masquerading on forwarded traffic by default, you have to disable this.

        On the pfSense LAN configure another subnet and enable the DHCP server.
        The DECO might pull an IP from a DHCP server, I assume.

        So there is nothing special. However, you nat the traffic two times then. This could be an issue if you habe devices connected to the DECO, which need UPnP. As a workaround you could bridge pfSense instead.

        T 1 Reply Last reply Reply Quote 0
        • T
          tom__w @viragomann
          last edited by

          @viragomann I was told to just put my DECO in AP (bridge) mode since the PfSense will be doing all the routing and firewall work. Assign IPs from PfSense (and reservations / port forwarding / etc.) from there and be done. I'd prefer to not have double NAT.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.