Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Are these settings for pfSense behind an ISP router correct?

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    5 Posts 2 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      Chti
      last edited by

      Greetings :)

      My pfSense setup used to work fine but I recently had to switch to a different ISP and my new one does not allow their modems to be set into Bridge Mode.
      As such, I am trying to reconfigure my pfSense appliance to work behind my ISP's router.

      Here's my current layout:

      My issue is currently the following:

      • pfSense itself can access the Internet just fine
      • pfSense's DHCP server properly allocates fixed IPs to all my devices
      • but none of my devices can access the Internet.

      I tried the following Ping tests within pfSense and they all seem to work.

      DEFAULT -> 8.8.8.8 OK
      WAN -> 8.8.8.8 OK
      LAN -> 8.8.8.8 OK
      Localhost -> 8.8.8.8 OK

      DEFAULT -> google.com OK
      WAN -> google.com OK
      LAN -> google.com OK
      Localhost -> google.com OK

      I'm pretty sure I missed some gateway/DNS setting that prevents my devices from accessing the Internet.

      The only things I have NOT yet tried are the two settings in RED in my chart above:

      • Creating a routing table entry on my ISP's router: Destination [192.168.100.1], Subnet Mask [255.255.255.0], Gateway [192.168.1.2]

      • Activating the DMZ (although not sure how that would impact my issue)

      Below are my key pfSense settings highlighted in yellow.









      If any of the great experts here could have a quick look and tell me what I missed I would greatly appreciate it! :)

      Many thanks in advance for any help and pointers

      Happy SG-4860 owner

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        Can the LAN hosts ping 8.8.8.8? If so can they ping www.google.com ?

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • C
          Chti
          last edited by

          Hi Derelict

          Ping 8.8.8.8 works OK
          But www.google.com NOT (cannot resolve www.google.com: Unknown host)

          Happy SG-4860 owner

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            Then you need to fix your DNS.

            Can pfSense resolve names using 109.0.66.10 and 109.0.66.20 ??

            Why forwarding mode? Why not just let the resolver do its thing?

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • C
              Chti
              last edited by

              Hi again :)
              Thanks for the quick response.
              Unticking the forwarding mode actually seems to have fixed it. Not sure where I picked up that I had to tick this setting, but it seems to do the trick.
              Many thanks for that!!!!

              While we're at it, would you know if I should tick the "Block Private Network" box in "Interfaces: WAN"?
              My understanding from the contextual help is that because I'm behind another router that I need to un-tick this? Is that corrector should I leave it ticked?

              Many thanks again for your help!

              Happy SG-4860 owner

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.