WAN fail to get IP form DHCPserver

patrick2le

Hello,

Could you help me out ?

I would like to setup my home network following:

(Cable modem) –->(WAN)D-link routerA(LAN)(192.168.0.1)---->(WAN)PFsense(LAN)(192.168.1.1)----->(LAN)D-Link routerB---->PC
                                            |----->PC

on routerA I assign MAC of WAN pfsense to 192.168.0.199
on pfsense WAN interface is set as dhcp, every thing is default, But I can not get IP 192.168.0.199 on WAN of pfsense.

Any help PLZ
Pat

wallabybob

@patrick2le:

I can not get IP 192.168.0.199 on WAN of pfsense.

What have you done? If pfSense WAN interface has an IP address by DHCP it won't request a new assignment for a while (depending on DHCP lease times). So you might need to reboot pfSense (drastic) or disconnect the WAN interface or … to get pfSense WAN inrequest a new DHCP lease.

Klaws

AFAIR, the firewall blocks WAN traffic in the 192.168.* subnet by default.

Try unchecking "Block private networks" under Interfaces - WAN.

patrick2le

@wallabybob:

@patrick2le:

I can not get IP 192.168.0.199 on WAN of pfsense.

What have you done? If pfSense WAN interface has an IP address by DHCP it won't request a new assignment for a while (depending on DHCP lease times). So you might need to reboot pfSense (drastic) or disconnect the WAN interface or … to get pfSense WAN inrequest a new DHCP lease.

pfsense Wan never got an IP by HDCP, I didn't see ligth on nic of WAN pfsense is on, I am sure network card work fine.
on consol of pfsen I see "rl02(WAN) –->none(DHCP)". I try to ping gatway of routerA, but it not working.

if I uncheck "Block private networks", is everything behind routerB secure ?

johnpoz

Your going to be double natting - your going to have to uncheck that if you want pfsense wan to be private.  Its there by default because normally pfsense is directly connected to the public internet.  And there should NOT be any private IPs on a public internet connection, etc.

Why don't you just connect pfsense directly to your cable modem and use it how its designed vs behind a double nat?

Klaws

@patrick2le:

if I uncheck "Block private networks", is everything behind routerB secure ?

Yes. The firewall in pfSense takes care of that.

Of course, things are more secure if you cannot access the internet at all ;)

As johnpoz, I do not yet see the need for double (or triple) NAT. At leasz RouterB doesn't appear to make sense at all. RouterA appears to serve some kind of DMZ ("outer firewall") for one PC. If your pfSense hardware can support an additional NIC, you can set up a DMZ LAN on pfSense as well. Fewer D-Link routers (or, preferably, none at all) reeduces complexity and the chance for a hardware defect or malfunction.

patrick2le

thank, it works ok now, but litter slow when connect to some web site, some thing wrong with tcp ?

Klaws

I'd expect that if you connect to a website for the first time. Further connections (within 5 minutes) to the same website should be faster. If this is the behaviour you observe, then the three DNS forwarders (in the three routers in sequence) might cause the delay.