Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Noob question

    General pfSense Questions
    2
    2
    452
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O
      Ozkhan1
      last edited by

      Greetings- I am noob to pfs, heard a lot about it so I am giving it a shot right now with my home network.
      I wanted to get expert opinion on the most recommended setup config, so I am hoping some of you guys will share your thoughts.

      1. Should I disable DHCP and Nat on the ISP modem, so pfs can take over those duties?
      2. Do I leave them on the isp, and create a new subnet on pfs?
      3. If 2 is recommended, I may have some devices connected directly to the isp modem, what's the best way to get the two segments to talk to each other? (I know this might not be a pfsense question but I was hoping for some pointers)

      Thanks in advance

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        Your isp "modem" should be put into bridge modem if possible.  ie pfsense should get a public IP on its wan.. This way your not double natting.

        If you can not do this, then its fine to double nat.. But you have to make sure you forward all traffic you might want to forward on pfsense via your isp "modem/gateway" first or put pfsense into dmz host of your isp device.  This can be done via static on pfsense wan or via dhcp reservation on your isp device.. doesn't really matter.

        If your going to be using pfsense there really should be nothing else connected to your isp device other ports or wifi..  All devices should be behind pfsense..  But if your going to double nat and want stuff on what amounts to pfsense wan, or internet transit network..  Keep in mind that your going to have to port forward forward if you need to access anything behind pfsense from stuff in front of pfsense on your isp device.

        It is just simpler, cleaner and overall better idea when moving to pfsense to not double nat with your isp device.  And if you must because the device does not allow anything else.  Then put all your stuff behind pfsense.. Get yourself a new AP, or use some other wifi router as just AP for wifi.. Get yourself a switch - hopefully smart/managed for future use of vlans even if not using them to start with.

        You need to make sure if going to double nat that your not using the same network on pfsense wan as lan side networks.. ie if wan is 192.168.0.x then make your lan 192.168.1.x or some other network other than 192.168.0

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.