Wan nat
-
Hello there, i am a new one.
I have configured pfSense to connect to my ISP using PPPOE.
But between pfSense and my ISP i have a modem/router (previously configured to connect to isp) and this (the modem/router) must be the root of all my problems. The problem is that my port forwards don't work (I try them from outside of my network).What should i disable at the modem/router so as to function only as a switch.
I guess that i have to do some settings.
Is disabling the NAT of my router enough ? in what mode should i configure Encapsulation (bridge mode only?). -
Yes, ideally you want bridge mode. Alternatively you would have to set up the port forwards (from it to the pfSense host) too.
Of course, you could post details of the modem/router to see if others have had experience of it and could provide pointers ;)
-
Well i am using a linksys WAG200g pstn modem/router.
So you suggest
1)turning off NAT of the modem/router
2)switching encapsulation to Bridge Mode Onlyand if that does not work. I should
1)enable NAT of the modem/router
2)encapsulation to Bridge Mode Only
3)open port forwards both to pfSense and modem/routerAm i correct ?
-
I suggest putting it into Bridge Mode only - the manual should tell you if any other steps are required (in other words, don't make random changes).
-
It doesn't work. the ports i set at the pfSense doesn't work.
Any other ideas ?
-
Once you put the modem into Bridge Mode the WAN IP on the pfSense host should have changed - did it?
-
After trying different configurations the following worked for me.
router:
bridge mode, nat enabled, disable all port forwards.
(lan ip 192.168.1.254)pfsense:
PPPOE, configure the ports you want to forward.
(lan ip 192.168.1.100)
(wan ip from ISP)client computer:
(lan ip 192.168.1.1)
(gateway 192.168.1.100) pfSense ip
(DNS1 192.168.1.100) pfSense ip
(DNS2 192.168.1.254) Router ip -
If the router is connected only to the WAN port on the pfSense host then you can't use the same subnet on it as you do for the LAN.
-
That shouldn't matter if the modem was put into bridged mode correctly unless he needs to access the modem's webgui through the pfsense box.
All that he needs to do on the WAG200 is to enable bridged mode and disable DHCP server.
-
However, all clients now have an IP they can't reach as one of their DNS servers…
-
@Cry:
However, all clients now have an IP they can't reach as one of their DNS servers…
My mistake, I didn't see him set the WAG200 as a 2nd dns server (the function would not work on the WAG200 in bridged mode anyway).
However, his pfsense box is the primary DNS IP. So I don't quite see it as an issue unless the pfsense box goes down or if he disables the DNS forwarder service for some unknown reason.
In any case, bad choice and the backup dns ip should be removed or changed to say, an opendns server IP.
