PfSense behind ISP router
-
Hi all!
So, my basic setup is the following:
My intention is to have the ISP router only establish my DSL connection, while the pfSense does everything else (WiFi AP, firewalling, VPN, etc.). I had this setup before using PPPoE passthrough on the ISP router. However, I was forced to use a new ISP router model, which does not support this anymore. Thus, I now let the ISP router establish the DSL connection. How do I "share" the Internet connection to my internal networks via the pfSense?
Thank you! -
This is exactly how I used to work, and work now today.
Before, I had a "simple' ADSL modem using a pppoe connection. The device was in 'bridge' mode. pfSense obtained a WAN IP on the WAN interface. Live was good and easy back then.Today, for speed reasons, I had to take the ISP's box (whicj proposes TV, phone, Wifi, and whatever - I all shut that down).
First : my pfSense was running with the default LAN setup, thus 192.168.1.0/24 - IP pfSense being 192.168.1.1.
The new box the ISP gave me was using the same IP range on his LAN (as they all do) => I changed it to 192.168.10.0/24, having the box using 192.168.10.1 and 192.168.10.2 to 254 as the DHCP pool on the ISP box.I hookup up pfSense to the box, logged into pfSense and changed the PPPOE to DHCP (client).
Made sure that on the WAN interface tab, "Block private networks and loopback addresses" was NOT checked (read and you will understand why).
Done.
pfSense obtained an IP (192.168.10.11 - gateway 192.168.10.1). I used the GUI of the box to 'lock' this IP using the MAC address of the WAN of pfSense so it would obtain always the same IP from now (DHCP static lease).
Nice to know : I cant visit the GUI of the box using it's IP : 192.168.10.1 from any PC connected on LAN on pfSense.Because I'm using VPN on pfSense, I NAT'ted in the box (from my ISP) port 1194 (vpn) to the (fixed) IP of pfSense, port 1194. Works !
-
Thanks! But what about the following:
My pfSense Wifi is 192.168.1.0/24
pfSense and ISP router are on 192.168.0.0/24If I connect to the pfSense WiFi, pfSense would have to route to 192.168.0.0/24, right? How to go about that?
-
Thanks! But what about the following:
My pfSense Wifi is 192.168.1.0/24
pfSense and ISP router are on 192.168.0.0/24If I connect to the pfSense WiFi, pfSense would have to route to 192.168.0.0/24, right? How to go about that?
What do you mean ? The pfSense LAN interface is a wifi card ? That ok, it's just a "NIC with a radio". pfSense has 192.168.1.1, right ? LAN is 192.168.1.0/24
Your ISP router has a LAN, 192.168.0.0/24, let say it's LAN address is 192.168.0.1.
pfSense will obtain a "WAN" IP in the range 192.168.0.0/24 (not 192.168.0.1 neither 192.168.0.255 but something in between - as per DHCP server settings in your ISP router)So, about your ISP router : mine has 192.168.10.0/24, yours is 192.168.0.0/24.
-
Example:
Client gets IP 192.168.1.10
pfSense WiFi NIC: 192.168.1.1
pfSense WAN NIC: 192.168.0.2
ISP router: 192.168.0.1There needs to be a route from 192.168.1.0/24 via 192.168.0.0/24 to the Internet somehow.
-
Example:
Client gets IP 192.168.1.10
pfSense WiFi NIC: 192.168.1.1
pfSense WAN NIC: 192.168.0.2
ISP router: 192.168.0.1There needs to be a route from 192.168.1.0/24 via 192.168.0.0/24 to the Internet somehow.
Of course.
But this is a "don't touch anything, this will work right out of the box as soon as the WAN interface is up and connected".edit : your routing table will look like this :
Internet: Destination Gateway Flags Netif Expire default 192.168.0.1 UGS rl0 localhost link#7 UH lo0 192.168.1.0 link#3 U fxp0 pfsense link#3 UHS lo0 192.168.0.0 link#1 U rl0 192.168.0.2 link#1 UHS lo0(except for the hardware interface names like fxp00 and rl0).
-
Awesome. Thanks a lot!