Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Installing pfsense without ISP router on Bridge-Mode

    Scheduled Pinned Locked Moved Routing and Multi WAN
    12 Posts 6 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      viragomann @johnytb
      last edited by

      @johnytb said in Installing pfsense without ISP router on Bridge-Mode:

      Will I be able to work with the PFSENSE without bridge mode on the main router?

      Yes, if you can leave with double NAT, there is nothing special. And double NAT is almost not a problem.

      pfSense will act as any other device connected to the router, using the router as upstream gateway. The router will only see the WAN IP of pfSense then.
      Any upstream traffic from the LAN devices behind pfSense will get the WAN IP.

      J 1 Reply Last reply Reply Quote 0
      • chpalmerC
        chpalmer @johnytb
        last edited by chpalmer

        @johnytb Just make sure that your LAN address of the two devices are not the same subnet.

        pfSense default LAN subnet is 192.168.1.0/24 therefore the WAN address cannot be within that subnet.

        Triggering snowflakes one by one..
        Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

        1 Reply Last reply Reply Quote 0
        • J
          johnytb @viragomann
          last edited by

          @viragomann
          How do i make sure or know that im leaving with double NAT ?
          And is it better to set the pfsense as a DMZ in my isp router instead of just recieving traffic from isp router ?

          N 1 Reply Last reply Reply Quote 0
          • N
            netblues @johnytb
            last edited by

            @johnytb You dont have options regarding double nat (and you will barely notice it too), especially if you have to ask.

            You don't need dmz either.

            J 1 Reply Last reply Reply Quote 0
            • J
              johnytb @netblues
              last edited by

              @netblues
              So you're saying that using pfsense for just an extra firewall layer, and without DMZ or bridge mode on the home router, it will work just fine?

              N G 2 Replies Last reply Reply Quote 0
              • N
                netblues @johnytb
                last edited by

                @johnytb Yes it will.
                It will be protecting you from elderly people who are known intruders too.

                1 Reply Last reply Reply Quote 0
                • G
                  Gblenn @johnytb
                  last edited by

                  @johnytb said in Installing pfsense without ISP router on Bridge-Mode:

                  So you're saying that using pfsense for just an extra firewall layer, and without DMZ or bridge mode on the home router, it will work just fine?

                  However, if you want to host some service accessible from the internet, or play some online games, you probably want to place your pfsense in DMZ.

                  N 1 Reply Last reply Reply Quote 0
                  • N
                    netblues @Gblenn
                    last edited by

                    @Gblenn Not without access to the main router and changing things, so... no, it won't fly

                    G 1 Reply Last reply Reply Quote 0
                    • G
                      Gblenn @netblues
                      last edited by

                      @netblues said in Installing pfsense without ISP router on Bridge-Mode:

                      Not without access to the main router and changing things, so... no, it won't fly

                      Well, if you are not permitted to make even such a small change, I guess you are stuck.

                      N 1 Reply Last reply Reply Quote 0
                      • N
                        netblues @Gblenn
                        last edited by

                        @Gblenn Hosting services isn't exactly for beginners, and as for gaming, the op would probably be better off without pf, especially if the elders utilize upnp, as is usually the default.

                        1 Reply Last reply Reply Quote 0
                        • E
                          elvisimprsntr
                          last edited by

                          If the OP needs remote access or host services, they should be using a VPN like Tailscale, which will traverse any level of NAT, including CGNAT

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.