Problems accessing LAN Interface from WAN Interface. Internet connection via DHCP or PPPoE ? And what are the advantages of each method ?

g_trooper

Hi all,

I recently bought an SG-3100 which came preinstalled with pfsense 2.4.4 p3. The only router I had on my VDSL Line before pfsense is a FritzBox 7590. The FritzBox is an amazing router with immense capabilities and crazy stability for the price. The main reason I bought SG-3100 is because I want to expand my network and create more subnets mainly for security reasons (IoT Devices, etc.) and probably VLANS or openVPN in the future. Initially I connected the WAN port of my pfsense to a LAN port on my FritzBox. The FritzBox lies on 192.168.3.0/24 network. My pfsense got a LAN IP of 192.168.3.2 (My DHCP server on the fritz is 192.168.3.20 To 192.168.3.200). I fixed the IP address of pfsense via DHCP binding by MAC address so everytime my pfsense reboots or the power goes down it gets the same IP 192.168.3.2 . The method I chose for internet connection is WAN DHCP so pfsense uses IP address 192.168.3.2 as GATEWAY. I created 192.168.2.0/24 subnet inside pfsense. I could not connect,ping etc between 2 subnets. I went to pfsense-firewall-outbound NAT and changed the mode to hybrid. Also I added a rule to NOT DO NAT from 192.168.3.0/24 To 192.168.2.0/24. I also went to Firewall-Rules-WAN and allowed traffic from 192.168.3.0/24 to 192.168.2.0/24. After these steps I have full communication between 192.168.2.0/24 and 192.168.3.0/24 from a PC connected via Ethernet on pfsense on 192.168.2.0/24 network to any PC connected to the Fritzbox on 192.168.3.0/24 network. BUT my main problem is that NO PC can connect or ping or whatever from 192.168.3.0/24 TO MY 192.168.2.0/24 network. As a result I cant even configure my pfsense(when I am on the fritzbox side) which is on 192.168.2.0/24 subnet. I dont want to put fritzbox into bridge mode and use pfsense as the only router because I lose the amazing telephony features that fritzbox provides and many other features that only fritzbox provides. What I want to do is bridge the 2 subnets so that I can connect from 192.168.3.0/24 to 192.168.2.0/24 and ALSO from 192.168.2.0/24 to 192.168.3.0/24. The other problem I am facing right now is that when I connect to a PC via Screen Sharing which resides on 192.168.3.0/24 network FROM a PC which resides on the 192.168.2.0/24 network, the IP that the PC reports that is connected and controls the screen is 192.168.3.2 which is the gateway of pfsense. I dont want this behaviour. I want it to show the IP of 192.168.2.2 (Which is the IP of the PC I am controlling the screen on the other subnet). Is configuring internet via a second PPPoE Call to my provider via pfsense and then create a STATIC ROUTE between the Fritzbox 192.168.3.0/24 AND the pfsense LAN 192.168.2.0/24 the solution here ? Please feel free to correct me where I am wrong and if u can provide what you think is the best setup for my needs. Thank You, In advance.

JKnott

@g_trooper

????

You use DHCP or PPPoE according to what your ISP provides. It's not your choice. If you're on a cable modem, as I am, you use DHCP. If on xDSL, then PPPoe is normally used.

g_trooper

My ISP uses PPPoE so the Fritz is connected via PPPoE. Is it better to connect pfsense to my fritz via PPPoE by making a new call to my ISP also ? I understand that by doing that it will create a second public IP. Because with only 1 public IP I get the problems I mentioned above. Is there an easy way to bridge 2 public IP's ? One from fritz and one from pfsense ? Also can this solution cause any network lag between lan clients connecting from one subnet to the other ? Thanks

Rico

With your big text block I don't even get how your stuff is connected.
Better make a small drawing.

Some pretty much default pfSense WAN/LAN/DMZ setup looks like

      WAN / Internet
            :
            : DialUp-/PPPoE-/Cable-/whatever-Provider
            :
      .-----+-----.
      |  Gateway  |  (or Router, CableModem, whatever)
      '-----+-----'
            |
        WAN | IP or Protocol
            |
      .-----+-----.  priv. DMZ  .------------.
      |  pfSense  +-------------+ DMZ-Server |
      '-----+-----' 172.16.16.1 '------------'
            |
        LAN | 10.0.0.1/24
            |
      .-----+------.
      | LAN-Switch |
      '-----+------'
            |
    ...-----+------... (Clients/Servers)

Feel free to use this diagram and show us what you have done there.

-Rico

g_trooper

This post is deleted!

g_trooper

@Rico Basically the main question is: Can I bridge WAN with LAN ? I am aware that the simplest setup would be to just put fritzbox to bridge mode and then configure all my network needs to pfsense which is way simpler. I already tried to move every device on my network onto pfsense and I bridged LAN 1 and LAN 2 via pfsense interface and after configuring firewall I could connect BOTH from 192.168.2.0/24 To 192.168.3.0/24 AND from 192.168.3.0/24 To 192.168.2.0/24 without issues. The thing is that if I do that I cant use any of the fritzbox features. I do not know how I can bridge fritzbox with pfsense and communicate between 2 subnets. It is clear now ? Thanks in advance Rico !

JKnott

@JKnott

Is Fritz even capable of providing PPPoE? As I mentioned, that's for DSL connections. Also, logically, PPPoE is just PPP over Ethernet, rather than a serial port, as we used to use back in the dark ages, with dial up modems.

g_trooper

@JKnott Of course it is ! One of the greatest advantages of this router is that it includes a 35db modem. So I am using this to create a PPPoE connection and thats how I am connecting to internet. With Fritz you do not EVEN need your ISP's router. All can be done from there.

JKnott

@g_trooper

In trying to understand what you wrote, I somehow got the impression you were talking about a PPPoE connection between pfSense and Fritz.

As someone else mentioned, a diagram would have helped, rather than trying to sort through that big block of text you posted.

g_trooper

@JKnott I did not create a diagram because I thought that what I was trying to achieve is simple… I thought that because I already know how to solve every problem I have IF I configure everything on pfsense. But the real issue here is that I wanna be able to use some amazing fritzbox features. A friend of mine proposed that I could just create a static route between fritzbox (192.168.3.0/24) and pfsense (192.168.2.0/24) but I am well aware of assymetrical routing… Can someone explain to me what is a real life problem that you could face when using assymetrical routing ?