Suggestion for double nat
-
hello to everyone!
I'm not sure if I'm right so I would like to have your suggestion about this my doubt:my configuration:
INTERNET (dynamic ip public)
modem-router 192.168.0.1(wan)
NAT ENABLEpfsense 192.168.0.2(wan)
NAT ENABLE.interface lan
192.168.1.1 (firewall)
dhcp 192.168.1.2-254So I have to keep nat for both or better I cancel nat on modem or pfsense?
Thanks for reply
roberto -
Normally you should avoid double NAT. My advise is to disable NAT on modem-Router, connect WAN port of modem to WAN port of pfSense.
Set up pfSense WAN in order to get public IP (it depends on your ISP connection, PPPoE, PPPoA?).So I should setup as follow:
pfSense WAN –-> DHCP or PPPoE or whatever is supported by your ISP and router.
pfSense LAN ---> 192.168.1.1 or other private IP
Modem ---> 192.168.0.1 or other private IP (different subnet of pfSense LAN).Basically you will use your modem as a pure modem letting pfSense act as firewall/router.
This is exactly as my network is.
-
"Modem LAN –-> 192.168.1.x or other private IP (same subnet of pfSense LAN)."
What.. This makes NO sense.. I agree with this
"Basically you will use your modem as a pure modem letting pfSense act as firewall/router."But then you go to say connect his modem/router device to LAN of pfsense?? "connect LAN port of modem to LAN port of pfSense. "
I would suggest you ignore anything stated in his post, not sure how anyone would make any sense of it..
Yes you should turn off nat on your device from your isp and just use it as "modem"
This should connect to WAN interface of pfsense.
isp device --- wan (pfsense) lan -- your network.
Pfsense should get a public IP on its wan interface. What device do you have from your isp, are you using that for wireless? Or do you have other wireless APs?
-
"Modem LAN –-> 192.168.1.x or other private IP (same subnet of pfSense LAN)."
What.. This makes NO sense.. I agree with this
"Basically you will use your modem as a pure modem letting pfSense act as firewall/router."But then you go to say connect his modem/router device to LAN of pfsense?? "connect LAN port of modem to LAN port of pfSense. "
I would suggest you ignore anything stated in his post, not sure how anyone would make any sense of it..
Yes you should turn off nat on your device from your isp and just use it as "modem"
This should connect to WAN interface of pfsense.
isp device --- wan (pfsense) lan -- your network.
Pfsense should get a public IP on its wan interface. What device do you have from your isp, are you using that for wireless? Or do you have other wireless APs?
I messed with copy and paste of a different setup with an AP in the middle, you right I amended my previous post.
Sorry for my confusion
-
Thanks a lot!
I will do how u suggest, so my new setup will be like this:modem-router will be modem
NAT DISABLEPFSENSE
NAT ENABLE
connect (PORT WAN) to modemPORT LAN
DHCP ENABLE
CONNECT TO SWITCHWIRELESS: I created vlan and interface on parent interface (LAN)
DHCP ENABLESWITCH:
2 VLAN
VLAN FOR WIRELESS
VLAN FOR LANACCESS POINT
NO DHCP
CONNECT TO SWITCH (WIRELESS VLAN)That's all.
bye bye
roberto -
That all looks good.
When you choose private subnets for LAN and WiFi nets, I suggest you move away from 192.168.0.0/24 and 192.168.1.0/24 - those are used by so many other cafes etc. One day you will want to have OpenVPN Road Warrior so you can VPN back to home while sipping coffee at your favourite cafe… It is a hassle if the Cafe and your home are using the same private IP address space. -
THANKS A LOT!!!!
really I'm very happy to have always answers from someone, so this is one reason more to install pfsense and to know any problems
u can ask in forum and someone is ready to help u.bye and again thanks.
roberto