Help with new installation
-
Hello
The modems are on the same subnet as my pfsense 255.255.255.0
Since all my home network is on the same subnet the its easier to change the modems subnet only
Is that what I need to do
-
And another thing do I need to put each modem of the four modems on a different subnet
-
Option 1 - put all your modems into bridge mode, so they pass through their connection and public IP to pfSense. Then setup each connection to the ISP on each pfSense interface.
Option 2 - keep the modems in routing mode. Give each of them a different IP subnet on their LAN side (which the pfSense WAN side connects to). And make pfSense LAN(s) also in different subnets.If you are not offering any services accessible from the public internet, then option 2 has no real issue.
If you want to offer a web site, access for remote VPN clients…. then with option 2 you need to also port forward on each modem/router device in to the corresponding pfSense WAN - so that incoming connections are actually received by pfSense (which can then deal with them itself, or again port forward them to internal web server or...). -
Exactly. If you're load-balancing the 4 connections you might have an issue bridging the modems anyway. pfSense needs to see a different gateway IP on each WAN for that to work. Are you using the same ISP for all 4 connections?
Steve
-
Hello,
Thanks for the help Steve, your guess what right it is the subnet mask problem, and I can not put my modems in bridge mode and let the pfsense do the PPPOE connection :( as well I do load balance the 4 connections to get on torrents around 160 Mbps :)
So here is what I did
I changed the IP for each modem
Modem 1
192.168.1.2
255.25.255.128Modem 2
192.168.1.3
255.255.255.192Modem 3
192.168.1.4
255.255.255.224Modem 4
192.168.1.5
255.255.255.240and this seems to solved the problem and things are working fine now
but now I faced another problem and that is when I assign a static IP address from the DHCP leases for example I want to give my torrent downloading PC an internal static IP (192.168.1.100) so I can do port forwarding to it and private trackers are able to connect to me and when I do that I can not access pfsense anymore or brows the internet anymore :(
Any ideas what this might be happening
-
The IP for each modem needs to be in a different subnet, the ones you made are all overlapping.
I would use "/24" 255.255.255.0 subnet for each, because it is simple. e.g.:Modem 1 192.68.11.1/24 <-> pfSense WAN1 192.168.11.2/24
Modem 2 192.68.12.1/24 <-> pfSense WAN1 192.168.12.2/24
Modem 3 192.68.13.1/24 <-> pfSense WAN1 192.168.13.2/24
Modem 4 192.68.14.1/24 <-> pfSense WAN1 192.168.14.2/24pfSense LAN 192.168.21.1/24 (or whatever subnet and mask size you need) with some DHCP pool like 192.168.21.129-254 or whatever.
-
Exactly, in fact I was just going to suggest those ranges before I saw Phil's post. ::)
Not sure how it worked for you before. I'd have to think carefully about those subnets. Why can't you bridge the modems? What ISP are you using?Steve
-
the modems are from Orange they are ZTE Livebox 3
they come pre-configured from Orange in Jordan
-
can I have the pfsense LAN assigned to 192.168.1.1 and DHCP pool to 192.168.1.200-254 as the network is already setup with these ranges and I have around 15 access points already setup with these ranges and I do not want to go and reassign them all over again :)
-
the modems are from Orange they are ZTE Livebox 3
they come pre-configured from Orange in Jordan
Fair enough I have no suggestions there then. ;)
You can leave the pfSense LAN configured as the 192.168.1.X subnet since it won't conflict with those suggested by Phil for the modems.
Steve
-
three last questions
1- when I give a machine on the network a static IP address from outside the pool (from the DHCP status page I assign a computer a static IP) this device will not be able to reach the internet see the network
2- what is the easiest way to do a port forwarding (take into consideration I have 4 wans)
3- how to enable firewall on the pfsense
-
1 - you should be able to give LAN devices a static IP like 192.168.1.2 up to 199, set its gateway and DNS to 192.168.1.1 (pfSense LAN IP) and it will have internet. The default LAN to any rule will allow all LAN addresses out.
2 - you need to port forward on each modem - since pfSense itself is a firewall, I usually just take the "port forward all" option on front-end devices. Often they cal it "DMZ" when actually it is just an internal private IP address to forward all traffic to. This way you do that on all 4 front-end devices 1 time only (no need to go back opening extra ports in future0. From a security point oof view it is nno different to bridging the front-end device through to pfSense. In both case all incoming connects (friendly or otherwise) arrive at pfSense.
Then use pfSense as you normally would to port forward into your server/s.
You will then want public DNS name/s that point to your public IP/s and have them point to a suitable list of your public IPs if you want outside users to be round-robin connected to your various public links…3 - the firewall is already enabled. By default clients on LAN can start outgoing connections to internet resources, and all incoming connection attempts are blocked. Put pass rules on wan1-4 to allow what you want.
