Configuring ADSL + PFsense
-
New to PFsense (and can't wait to get it fully operational!)
I have a UK ADSL connection with a block of static public IPs and a mATX based PFsense router ready to go. I need to configure my old router to handle the ADSL but leave all the routing/firewall/NAT functions to PFsense. I have a Draytek 2820 and an older Zyxel P660H-D1, both of which are ADSL routers capable of handling multiple public IPs and PPPoE; the Draytek can also handle bridging. I think they can pass public IPs through on PPPoA but not sure how that works on them. Both are underpowered for my workload and shouldn't be doing more than ADSL-Ethernet bridging, ADSL authentication, and forwarding packets unfiltered and un-NATted between the ISP and PFsense, so the ADSL router won't run out of sessions/CPU/memory. All other computers are connected normally via a switch on the LAN side of the PFsense box - nothing complicated.
My questions:
-
Guides suggest using the ADSL router in full bridging mode and PPPoE authentication on PFsense, which treats the router as a "dumb modem" with a PPPoE connection. Is that correct?
-
My ISP has an IP block not a single IP. Is this a problem?
-
I'm not sure if the ADSL router is then secure from probing/attacks from the ISP side and how to lock it down, or how to monitor its ADSL connection status and line data if there's a problem (which we often get here), since the admin interface probably becomes inaccessible.
Assistance appreciated!
-
-
Probably the main reason for setting the ADSL router to bridging mode (apart from any performance benefit) is that it avoids double NAT.
I can't answer your question about the IP address block - I only have a single IP.
With the modem in bridge mode, pfSense gets the IP address(es) so your ADSL modem should be untouchable from the ISP/Internet side. It would also be unreachable from your pfSense box. My old modem allows me to treat its ethernet and USB connections separately, so I can always attach a laptop to the modem for management.
Hope that helps.
-
This sounds like it might be applicable to your situation:
http://forum.pfsense.org/index.php/topic,5253.0.html