Help me with a simple pfSense config

stephenw10

If you really can't change any of those IPs then they would pretty much have to be on the same interface. Or, potentially you could bridge the three modem/router interfaces and have 3 gateways on them.

If you have to have the other devices also in that subnet then they would also need to be bridged.

You could then put the PCs on a completely different subnet (not 192.168.0.0/16 since that overlaps) and policy route that traffic.

But that's a horrible setup! You really want to change how those devices are numbered.

johnpoz

@stephenw10 said in Help me with a simple pfSense config:

If you really can't change any of those IPs

I just find that a non possibility on the wan routers to be honest, even the cheapest of cheap soho wifi routers allow you to change the lan IP. To be honest I bet the admin password on them is just whatever the default is.. Those clearly are not default IPs, so worse case scenario call the ISP.

Gblenn

@johnpoz said in Help me with a simple pfSense config:

I just find that a non possibility on the wan routers to be honest, even the cheapest of cheap soho wifi routers allow you to change the lan IP. To be honest I bet the admin password on them is just whatever the default is..

Precisely, probably written on the bottom of the device even.

@GPane, what make and model routers are they?

eagle61

@Gblenn said in Help me with a simple pfSense config:

Precisely, probably written on the bottom of the device even.

And even if the Passwords are changed and he can't remember them, a factory reset and a new automatic WAN configuration based on TR-069 might be an option (if Router and ISP supports TR-069). After that he can config the LAN-IP of the routers to what ever IP's he prefer.

GPane

I can't access to the modem routers, they are provided by ISP. In theory i can ask to change the IPs, but i'll create a disservice to the company...

The Phone have as gateway the 192.168.10.1 since the phone connectivity is provided by that router (every router is an ISP)

stephenw10

@GPane said in Help me with a simple pfSense config:

but i'll create a disservice to the company...

In the short term you might have some outages. But in the long term it will be far superior.

Currently you have 3 routers all sharing the same internal subnet connected to an unmanaged switch. And clients on LAN are just statically configured to use one of them?
That's a crazy setup.

Gblenn

@GPane said in Help me with a simple pfSense config:

The Phone have as gateway the 192.168.10.1 since the phone connectivity is provided by that router (every router is an ISP)

What do you mean exactly? The gateway that a device uses (any device including a Phone) is either set manually in the device, or by DHCP. Which is it?

And do you have any port forwarding done in that router 192.168.10.1, for the phone service?

johnpoz

@stephenw10 not sure I would call it a "setup".. Guess one of those first routers with .1 or .254 on it was first, and then they ran out of bandwidth so they added more and told the isp hey put 192.168.10.x on the lan side please. And then did that a third time, etc.

Schedule some time with the business, prob after hours or on the weekend for you to make the change over, etc.

You will have much better network for it, and now you would be able to leverage using all 3 connections, and if one goes down then those devices that currently using X of the wan routers would still have internet via pfsense routing their traffic over Y or Z wan connections, etc.

Taking it to the next level would be segmenting your current 192.168.10 into appropriate vlans or networks to allow control of traffic between different devices..

You could start to get fancy with QoS for your phones if they are having call quality issues, etc..

The possibilities are almost endless how much better you can run/monitor/control your network when its properly setup.

eagle61

@GPane said in Help me with a simple pfSense config:

I can't access to the modem routers, they are provided by ISP. In theory i can ask to change the IPs, but i'll create a disservice to the company...

This won't really help you. But from my view it's really strange. I don't know where you are located, but in my country we have what is called Endgerätefreiheit. It means we can connect whatever devices we want to the Internet line of the ISP as end devices. Such as ONT (fiber), modem or router (DSL, TV-Cable). An ISP is not allowed to prevent this and must provide us all the information we need to connect and config our own devices to work properly on it's line, no maller its a fiber, DSL or Cable.

johnpoz

@eagle61 I think its strange no matter who you are or what region of the world your in ;)

There is no possible way those can not be changed.. If they don't know how to do it, or have no access to the router - I would check if the username/password is just default for the make and model for sure.

Then call the isp for help, those clearly not default.. So even if the isp set them up initially, not like they can not change them.. Its not like they said ok we can set this IP exactly once.. Once you set it your locked to that IP forever! ;)

But no there is going to be no way you can just slide pfsense into your original setup without some down time.. And you sure are not going to be able to route with the same networks on 2 legs of a router..

Lets say you could route even.. If some client on your 192.168.10 network wants to talk to 192.168.10.1 as its gateway.. How would that work.. He says oh need to send this to my gateway 192.168.10.1 - let me arp for that.. ooops no answer, = no access to anything off my network.

So you would have to change the gateway on the client to point to pfsense 192.168.10.x address on the lan side.. So you would have to touch every device on your 10 anyway.. And then still policy route if you wanted specific devices to use a specific gateway.. But you can not do that anyway..

So bite the bullet, schedule some down time with the business and set this up correctly.