Are these settings for pfSense behind an ISP router correct?
-
Greetings :)
My pfSense setup used to work fine but I recently had to switch to a different ISP and my new one does not allow their modems to be set into Bridge Mode.
As such, I am trying to reconfigure my pfSense appliance to work behind my ISP's router.Here's my current layout:
My issue is currently the following:
- pfSense itself can access the Internet just fine
- pfSense's DHCP server properly allocates fixed IPs to all my devices
- but none of my devices can access the Internet.
I tried the following Ping tests within pfSense and they all seem to work.
DEFAULT -> 8.8.8.8 OK
WAN -> 8.8.8.8 OK
LAN -> 8.8.8.8 OK
Localhost -> 8.8.8.8 OKDEFAULT -> google.com OK
WAN -> google.com OK
LAN -> google.com OK
Localhost -> google.com OKI'm pretty sure I missed some gateway/DNS setting that prevents my devices from accessing the Internet.
The only things I have NOT yet tried are the two settings in RED in my chart above:
-
Creating a routing table entry on my ISP's router: Destination [192.168.100.1], Subnet Mask [255.255.255.0], Gateway [192.168.1.2]
-
Activating the DMZ (although not sure how that would impact my issue)
Below are my key pfSense settings highlighted in yellow.
If any of the great experts here could have a quick look and tell me what I missed I would greatly appreciate it! :)
Many thanks in advance for any help and pointers
-
Can the LAN hosts ping 8.8.8.8? If so can they ping www.google.com ?
-
Hi Derelict
Ping 8.8.8.8 works OK
But www.google.com NOT (cannot resolve www.google.com: Unknown host) -
Then you need to fix your DNS.
Can pfSense resolve names using 109.0.66.10 and 109.0.66.20 ??
Why forwarding mode? Why not just let the resolver do its thing?
-
Hi again :)
Thanks for the quick response.
Unticking the forwarding mode actually seems to have fixed it. Not sure where I picked up that I had to tick this setting, but it seems to do the trick.
Many thanks for that!!!!While we're at it, would you know if I should tick the "Block Private Network" box in "Interfaces: WAN"?
My understanding from the contextual help is that because I'm behind another router that I need to un-tick this? Is that corrector should I leave it ticked?Many thanks again for your help!