Setting Up PFsense on ADSL

JoshB

Hi Forum,

This is my first post on here so I hope it all makes sense.

At the moment I have a BT Home Hub 2 Router. It really is awful, and that's why I want to use Pfsense instead.

Currently I have an ADSL connection, and I have my PFsense box with two Nics (WAN & LAN). After trying to set pfsense up myself in the following layout:

ADSL Line > Router (BT HOME HUB) > Ethernet to PFSENSE > PFsense Box

I keep getting an internal IP as the WAN address on Pfsense. Now I know this is because DHCP is enabled, however if I disable It, I think it does the same thing, Private IP as the WAN. Therefore no internet connection on any machines connected to the LAN port.

Now I found out about PPPOA bridging, and wondering what I need to do this? I'm fairly sure you cant do it on a BTHH2. Can I use just a simple Modem and setup pppoa bridging and then plug the ethernet from the modem into the PFsense, also (Sorry if this sounds silly) does Pfsense work as a router and firewall? If so, surely If i could just use a modem I could then go into my pfsense box and alls good and well?

Like This:

ADSL Connection > ADSL MODEM > Ethernet To Pfsense Box > Pfsense box Wan port > WAN has Public IP?

Many Thanks & I hope this all makes sense? Basically what I'm trying to get at, what is the easist way to go from an ADSL line to RJ45 and therfore giving my PFsense box a public IP?
JoshB

wallabybob

@JoshB:

At the moment I have a BT Home Hub 2 Router. It really is awful, and that's why I want to use Pfsense instead.

Currently I have an ADSL connection, and I have my PFsense box with two Nics (WAN & LAN). After trying to set pfsense up myself in the following layout:

ADSL Line > Router (BT HOME HUB) > Ethernet to PFSENSE > PFsense Box

I keep getting an internal IP as the WAN address on Pfsense. Now I know this is because DHCP is enabled, however if I disable It, I think it does the same thing, Private IP as the WAN. Therefore no internet connection on any machines connected to the LAN port.

There are many users with that sort of configuration who can access the internet from machines connected to the pfSense LAN port. I suggest you resolve this issue before attempting the somewhat more ambitious goal you outlined further on in your post.

@JoshB:

Now I found out about PPPOA bridging, and wondering what I need to do this? I'm fairly sure you cant do it on a BTHH2.

What evidence do you have?

@JoshB:

Can I use just a simple Modem and setup pppoa bridging and then plug the ethernet from the modem into the PFsense,

Yes

@JoshB:

also (Sorry if this sounds silly) does Pfsense work as a router and firewall?

Yes.

@JoshB:

If so, surely If i could just use a modem I could then go into my pfsense box and alls good and well?

Yes, but that glosses over a few significant details.

@JoshB:

Basically what I'm trying to get at, what is the easist way to go from an ADSL line to RJ45 and therfore giving my PFsense box a public IP?

It is possible to get boxes that are ADSL modems (not ADSL modem-routers) but, in my experience, they can be hard to find. Strictly speaking, you would probably have to find a BT approved box. Some ADSL modem-routers can be configured to act as modems (PPPoA bridges). Some might require a secret (not documented in the configuration material with the device) incantation.

Why do you want your pfSense box to have a public IP?

wallabybob

Please post the output of pfSense shell command```
/etc/rc.banner

/etc/rc.banner is run when a SSH session first logs in to pfSense. Here is an example from my system:
$ ssh -l root pfsense2
Password:
*** Welcome to pfSense 2.1-RC0-pfSense (i386) on pfsense2 ***

WAN (wan)      -> vr0        -> v4/DHCP4: 192.168.211.217/25
LAN (lan)      -> rl0        -> v4: 192.168.217.173/24
OPT1 (opt1)    -> ral0_wlan1 ->
OPT2 (opt2)    -> ral0_wlan0 ->
OPT3 (opt3)    -> ppp0      ->
WLAN (opt4)    -> run0_wlan0 -> v4: 192.168.51.211/25

JoshB

Hi wallabybob,

Thanks a lot for your answer, defiantly helped allot. As you can probably tell I am very new to Pfsense, hence why I have allot of questions.

On your reply to "If so, surely If i could just use a modem I could then go into my pfsense box and alls good and well? ", you said "Yes, but that glosses over a few significant details.". What details am I missing out? Were you talking about PPPoE usernames and passwords to connect?

Also, I'm surprised people have managed to run the PFSbox from just an Ethernet from a BTHH"?

Some More questions….

I was under the impression that the WAN port on the Pfsense box would need a Public IP? Am I wrong, If so, why wouldnt you want a Public IP as its acting as a router?

When I have set up the PFSbox before, it said that the WAN IP was something like: 192.168.1.2 (DHCP). What does the (DHCP) bit represent? I know what a DHCP server does, howerver in this case does it mean that its set to a DHCP mode from the ISP, or is does it mean that the PFSbox is running DHCP on the WAN connection?

Also, if I'm not running any other DHCP servers on the network, would it be wise to run the DHCP server on PFS on the LAN connection?

Many Thanks, Again, hope this all makes sense.

wallabybob

@JoshB:

As you can probably tell I am very new to Pfsense, hence why I have allot of questions.

Somewhat new to networking also I expect.

@JoshB:

On your reply to "If so, surely If i could just use a modem I could then go into my pfsense box and alls good and well? ", you said "Yes, but that glosses over a few significant details.". What details am I missing out? Were you talking about PPPoE usernames and passwords to connect?

Yes, but not only PPPoE usernames and passwords. A few years back I tried to setup PPPoE on my pfSense box talking with two different ADSL modem-routers which I tried to configure to act as modems only. After spending about half an hour on each I wasn't able to get either working. Neither device provided any troubleshooting aids for that configuration. Anecdotal evidence in these and other forums suggests ISPs consider this an unusual configuration and are reluctant (or unable) to offer technical support. I am not wanting to discourage you from attempting this, but suggesting you gain some more experience with a "more well trodden" path before attempting it so that if you need technical support you are more familiar with pfSense facilities and can speak the "networking language" with more precision.

@JoshB:

Also, I'm surprised people have managed to run the PFSbox from just an Ethernet from a BTHH"?

Why? Are you extrapolating from your own nsuccessful experience?

@JoshB:

I was under the impression that the WAN port on the Pfsense box would need a Public IP? Am I wrong,

Yes. See my pfSense data posted in an earlier reply. That pfSense box has a private IP address on its WAN interface.

@JoshB:

If so, why wouldnt you want a Public IP as its acting as a router?

It is not necessary in the vast majority of cases. Public IP addresses (IP V4) are now a scarce resource. Many subscribers need to pay extra for a fixed IP address or multiple IP addresses.

@JoshB:

When I have set up the PFSbox before, it said that the WAN IP was something like: 192.168.1.2 (DHCP). What does the (DHCP) bit represent? I know what a DHCP server does, howerver in this case does it mean that its set to a DHCP mode from the ISP, or is does it mean that the PFSbox is running DHCP on the WAN connection?

It means the WAN interface's IP address was configured by DHCP rather than by the administrator assigning a fixed IP address.  "running DHCP on the WAN connection" seems to me an ambiguous term: it could mean the interface was assign a fixed IP address and a DHCP server was listening for DHCP requests on the WAN interface OR it could mean the dhclient program was issuing DHCP requests for configuration on the WAN interface.

@JoshB:

Also, if I'm not running any other DHCP servers on the network, would it be wise to run the DHCP server on PFS on the LAN connection?

Yes. Lots of consumer networking equipment comes configured to request its network configuration by DHCP.

wallabybob

@JoshB:

When I have set up the PFSbox before, it said that the WAN IP was something like: 192.168.1.2 (DHCP).

Perhaps your problem with accessing the Internet from systems connected to the pfSense LAN interface was that your pfSense was incorrectly configured: the default LAN IP address is 192.168.1.1 so, unless you changed it, the LAN and WAN interfaces would be on the same IP subnet which is invalid. If this occurred you should change the LAN IP address and subnet mask  to something different from 192.168.1.0/24 say 192.168.10.0/24.

JoshB

Thanks again wallabybob,

One thing I struggle to understand is the method WAN & LAN work. So if I were to get an ethernet cable from my BT Home Hub, into my PFSBox, it should in theory gain an IP from the DHCP server, is this correct? If so, I would then need to change what subnet the LAN port is on, because learning from your post you cant have the LAN & WAN on the same subnet?

Would it be best to have DHCP disabled on the Home Hub to stop confusion, and allow PFS to control it? Or the other way around?

So once that is done, again, In theory that should overall give my PFSbox's WAN port a Private IP address, however all LAN connected devices to the PFSbox should be able to access the internet?

Why can't a WAN & LAN port be on the same subnet?

Many Thanks & again hope this all makes sense!

Josh.

stephenw10

I meant to come in on this earlier but you seem to be almost there anyway.
Yes you need to change the pfSense LAN subnet to something other than 192.168.1.X. If both WAN and LAN are in the same subnet then pfSense can't know where to send packets addressed to that subnet and routing breaks. Once you have changed the subnets you should have no problems connecting to the internet.

There are some advantages to having the pfSense WAN as your public IP. It makes port forwarding a lot easier for one thing. I don't think UPNP works across double NAT if you need that (though it's clearly evil so you shouldn't!  ;)).

Almost any box you can get to work in bridge mode will work fine with BT. There is no problem with usernames/passwords because BT, unlike all other ISPs I've seen, do not require one. All HomeHubs use the same username with no password, BT know who you are by what line you're connected to.

A modem that definitely works and is very easy to setup (it bridges by default) is the Draytek Vigor 120. I'm using one of those, though not with BT.

Steve

wallabybob

@JoshB:

So if I were to get an ethernet cable from my BT Home Hub, into my PFSBox, it should in theory gain an IP from the DHCP server, is this correct?

Yes, provide the pfSense WAN interface is of type DHCP.

@JoshB:

If so, I would then need to change what subnet the LAN port is on,

Correct.

@JoshB:

Would it be best to have DHCP disabled on the Home Hub to stop confusion, and allow PFS to control it?

Anything that gets the correct results is OK. My preference would be to do nothing to the ISP router until you have to - that makes it easier to replace if it breaks or ISP tech supports insists it run in the default configuration else they won't help you.

@JoshB:

So once that is done, again, In theory that should overall give my PFSbox's WAN port a Private IP address, however all LAN connected devices to the PFSbox should be able to access the internet?

Yes, in principle, if your LAN connected systems get their configuration information through DHCP (which is normal default).

@JoshB:

Why can't a WAN & LAN port be on the same subnet?

Steve has given  high level answer. You might find more detail in the Wikipedia article on IP Routing.

JoshB

Thanks so much for the help stephenw10 & wallabybob! Really did help answer a lot of my questions!

The good news is…. I managed to get it all working, only as a test run though.... I allowed the WAN IP to be set by my BTHH's DHCP to 192.168.1.102, and as you both suggested I run the LAN on a different subnet, I put the LAN on 10.0.0.1, and enabled DHCP on the LAN interface, maybe when I choose to run it full time I will set the WAN to class A and LAN to class C, not the other way around ;)

I did Ipconfig and it came back saying I got the IP 10.0.0.10 which is the start of the DHCP rule, so that shows that DHCP is working, which is great!

I'm waiting on a new modem to come though the post, I've read on this forum in posts that its one that will work with a ADSL2 line and support the BT PPPOA authentication aswell as PPPOA bridging!

So hopefully, when its all going as it should, I hope to have my WAN IP as my Public IP, and my LAN IP set to class C.

As stephenw10 suggested, having double NAT could be a pain. Especially because I do allot of port forwarding, so thats why I want the WAN to be set up for the Public IP, and therefore I dont have to run the awful BT Home Hub!  ;)

The only thing I'm left to now is to learn how to use all the great features that PFsense has to offer!

I know forums are made for questions and support, but I really do appreciate both of your help.

Many Thanks,
Josh.