2 subnets on same wan
-
Let's say the ISp is using 70.10.10.0/24 then pfsense wan c interface will get an IP in that range.
Obviously if for whatever reason you decide to run this "modem" in bridge mode instead of router, there is very little you can do.
Still equipment in the middle will get IP from DHCP server thus you should be able to access it (assuming you know the IP).
What is still unclear (although I do progress with the understanding) is how modem could have an IP like 192.168.100.1 and relay an IP like 70.10.10.0/24 to pfSense behind it ???Assuming this is really what happens, is there anything preventing you to create an additional IP like 192.168.100.100 attached to WAN c interface ?
-
The modem is in pass through mode so the pfsense wan interface will get its ip, gateway and dns from the ISP on the far side of the modem.
The scenario is as follows
Internet<->modem<->switch<->wireless link A ~~~~~~~~ wireless link B<->pfsense wan c
I agree with chris about whats handing out what here. These two statements above dont seem right. Can you give the same senario only with IP addresses? Also include the lan subnet on the pfsense box and both external internal ips on the wireless devices if they have them. Dont have to be real but at least same subnets. I think you just need a route or two in place
modem<–-------->| |---(UPS)
(ext ip?|int ip?) |switch|---(PDU)
| |--------->wireless link A ~~~~~~~ wireless link B<----->pfsense wan|lan
(ext ip?|int ip?) (ext ip?|int ip?) (ext ip?|int ip?) -
Not sure how I can make it any clearer but lets eliminate some of the kit so we have and say that the external ISP IP Supplied is 78.8.8.1. Internal management wan for kit is 192.168.100.0/32
Modem –----------->Remote Wireless Transmiter------>Local Wireless receiver-------->Pfsense Wan Side (1 0f 3 wans)------>PFSense Lan Side (Multiple Lans)
Int 192.168.100.1 192.168.100.10 192.168.100.11 192.168.100.100
Ext ------------------------------------------------------------------------------------------->78.8.8.1Note
we only have one external IP assigned and this is assigned to the Pfsense as rest is simply L2
ISP Supplied modem has a hard coded IP address of 192.168.100.1
We need to be able to manage the modem/and wireless boxes.
Yes I could run an additional router but this is a very busy link and realy dont want to do that unless I have to.Fairly sure I can do this by setting up the subnet 192.168.100.0/24 as a virtual Ip range (ProxyARP?) on the wan but not sure what rules I then have to set up.
-
Not sure how I can make it any clearer but lets eliminate some of the kit so we have and say that the external ISP IP Supplied is 78.8.8.1. Internal management wan for kit is 192.168.100.0/32
Modem –----------->Remote Wireless Transmiter------>Local Wireless receiver-------->Pfsense Wan Side (1 0f 3 wans)------>PFSense Lan Side (Multiple Lans)
Int 192.168.100.1 192.168.100.10 192.168.100.11 192.168.100.100
Ext ------------------------------------------------------------------------------------------->78.8.8.1Note
we only have one external IP assigned and this is assigned to the Pfsense as rest is simply L2
ISP Supplied modem has a hard coded IP address of 192.168.100.1
We need to be able to manage the modem/and wireless boxes.
Yes I could run an additional router but this is a very busy link and realy dont want to do that unless I have to.Fairly sure I can do this by setting up the subnet 192.168.100.0/24 as a virtual Ip range (ProxyARP?) on the wan but not sure what rules I then have to set up.
With such strange design, what is totally unclear to me is how devices between internet and pfSense are going to react, from network viewpoint.
Yes it works if, but this is a quite big "if", such devices are able to be, simultaneously, gateway and router or end-point device.
look at your "modem". Your main statement, constraint (I don't really understand this but let's say this is a true requirement) is:- this device is transparent. it works in bridge mode so that pfSense inherits from public IP
- this device must be managed through dedicated network.
And this even not that simple because you add in the middle another layer with similar constraints: "I need a wirelesses link made off devices in bridge mode but with their own IP from another subnet".
I don't understand neither your doubts about rules. Your external but still private network is clearly identified. What is preventing you to allow access to this network at pfSense level?
-
I am really not sure why everyone is having such difficulty in understanding this. It must be possible as I have done similar things but for some reason can't replicate here.
If we reduce it to its simplest I am trying to do this
https://doc.pfsense.org/index.php/Accessing_modem_from_inside_firewall
But With a modem that is in bridge mode rather than Ppoe. -
This is clear enough but then I don't understand what prevents you to set it up and see what happens and what is, potentially, not working for you.
To me, the only way would be to configure virtual IP on the WAN side.
-
"anyway the modem is hard coded to 192.168.100.1"
If we reduce it to its simplest I am trying to do this
https://doc.pfsense.org/index.php/Accessing_modem_from_inside_firewall
But With a modem that is in bridge mode rather than Ppoe.Yeah that is a common modem IP.. I have no issues accessing that from behind pfsense.. And didn't have to do anything..
And pfsense has public on its wan…
-
Sure but there is an extra difficulty with this design because of wifi link in the middle which also requires management, if I understand well ;)
-
Modem –----------->Remote Wireless Transmiter------>Local Wireless receiver-------->Pfsense Wan Side (1 0f 3 wans)------>PFSense Lan Side (Multiple Lans)
Int 192.168.100.1 192.168.100.10 192.168.100.11 192.168.100.100I don't see how this would be an issue accessing 100.1 if pfsense is on the same network.. Nothing special should have to be done here.. From the above he posted pfsense has an IP in that network..
But looks like they put in the wireless stuff as a bridge, normal 192.168.100.1 address is IP of cable modems and sure they will hand out IPs in in the 100.x network when they don't have a wan connection.. What is this modem?? make and model?? Is it doing nat, is it actually a gateway, or is it a cable modem??
-
Sure but there is an extra difficulty with this design because of wifi link in the middle which also requires management, if I understand well ;)
No the real problem is that this is a multi wan/multi lan setup.
if we simplyfy this and say that I want to create a new wan (wan3) in addition to the two existing and just want to access a modem in bridge mode with an internal management IP address of 192.168.100.1 on Wan3 then what I tried was
1. Create a new wan in DHCP mode - wan3
2. Create a new Virtual Ip type other on wan3 with address range 192.168.100.0/24
3. create a nat outbound rule on wan3
source=*
destination=network/192.168.100.0/24
translation=192.168.100.0()
4. add rule on management lan to route 197.168.100.0 to firewall rather than wan1this would appear to be bourn out by this post but it doesnt work for me.
https://forum.pfsense.org/index.php?topic=26818.0