Setup pfSense Behind isp adsl router
-
Just stating i setup untangle as transparent bridge in the wizard and it work fine
If you set Untangle as a bridge you loose firewall capabilities. Is this the same scenario are you willing to obtain from pfsense?
-
Just stating i setup untangle as transparent bridge in the wizard and it work fine
If you set Untangle as a bridge you loose firewall capabilities. Is this the same scenario are you willing to obtain from pfsense?
Ahhh i didnt know that… well to be honest, i mostly want pfSense to be acting as a VPN tunnel gateway (allow me to be contasntly connected to my private VPN provider) and if a there was a firewall extra then yipee. Main useage i want is the VPN - My adsl router if setup correctly, could be just as good as a firewall.
Thanks,
-
OK, connect your pfSense WAN interface to your ISP router. The pfSense WAN interface should get an IP address in the 192.168.0.0/25 subnet.
Small correction: 192.168.0.0/24
and yes, on the LAN side you connect to 192.168.1.1
The basic setup of LAN 192.168.1.1/24 and WAN DHCP (with the upstream WAN DHCP server being NOT in 192.168.1.0/24) works out of the box. Actually you don't even need to use the wizard, you should get a working firewall with internet access from the LAN side immediately it boots.
Having the pfSense as firewall protects you from other users/devices between the ADSL and pfSense, so that is useful, if you care about it.
The OpenVPN client going out, as you plan, should also work fine. -
OK, connect your pfSense WAN interface to your ISP router. The pfSense WAN interface should get an IP address in the 192.168.0.0/25 subnet.
Small correction: 192.168.0.0/24
and yes, on the LAN side you connect to 192.168.1.1
The basic setup of LAN 192.168.1.1/24 and WAN DHCP (with the upstream WAN DHCP server being NOT in 192.168.1.0/24) works out of the box. Actually you don't even need to use the wizard, you should get a working firewall with internet access from the LAN side immediately it boots.
Having the pfSense as firewall protects you from other users/devices between the ADSL and pfSense, so that is useful, if you care about it.
The OpenVPN client going out, as you plan, should also work fine.Ok,
Thanks for all the information, i will give it another go tonight once i am home from work. really appreciate itCheers,
-
If you set Untangle as a bridge you loose firewall capabilities.
I'm not sure that's true. :-
It may be true that if you choose bridge mode you get no firewall rules by default or only 'pass all' rules but there is still an internal and external interface and traffic between them is filtered. I'd be surprised if it wasn't possible to add firewall rules if you wanted them.
That said I only ran Untangle once experimentally years ago so I could be talking rubbish! ;)Steve
-
I had this thought, but, at the same time, I'm not too good with routing etc!
Will test it and get back to you!
Thanks,
-
When I look at your diagram at the very top, the first thing that comes to mind is that you should only use your DSL modem/router as a modem to get your public IP. Not a router.
You can use a system with 3 NIC cards, WAN, LAN1 and LAN2. Call LAN1 your protected LAN. Simple firewall rules can do this.
You can also use a single NIC system + VLAN switch to do same thing.
Its better to accomplish all your routing / firewalling on pfsense
-
grievsa93,
Did you ever get this to work? I'm trying to do the same thing. I have attached a rough sketch.
![rOUGHT sKETCH pFSENSE.JPG](/public/imported_attachments/1/rOUGHT sKETCH pFSENSE.JPG)
![rOUGHT sKETCH pFSENSE.JPG_thumb](/public/imported_attachments/1/rOUGHT sKETCH pFSENSE.JPG_thumb) -
Your diagram appears to show a different configuration.
What exactly are you trying to do?
Steve
-
Trying to setup pFense firewall behind ARRIS NVG599. The ARRIS NVG599 already provides one network, I would like to set up a separate network for a lab and still have access to the outside world.
Blake
-
Ah, OK so the two networks will be isolated in VMWare?
That should be possible. You will be double NATing though pfSense I imagine unless you have multiple public IPs from your provider.
What is not working?
Steve