FIOS - Fake WAN DHCP Setup

Paint

All,

I recently have started migrating from a DDWRT setup to a pfSense gateway/router. I am using a new i7-4500U + Dual Intel 82574 Gigabit MiniPC: https://forum.pfsense.org/index.php?topic=113610.msg631641#msg631641

Currently, I use 3 routers in order to fake a DHCP WAN address to my ActionTec router from FIOS so that I can keep my remote DVR functionality and still have my own router (Netgear R8000) as the main gateway.

Since I am now switching to pfSense, I would like to save energy and remove the backend router. Can I replicate the backend router through pfSense?

Full setup details here:
http://www.dslreports.com/faq/16710

Thank you for your help!

gduff

Purchase a MOCA adapter from Amazon or Ebay. The attached drawing is a working setup that I have. Your pfsense computer becomes the only router that you need.  The Actiontec is not needed.

Paint

Thanks. I also found the following links after searching around yesterday:
http://www.dslreports.com/faq/16949

https://forum.pfsense.org/index.php?topic=74653.0

https://forum.pfsense.org/index.php?topic=39963.0

https://www.dslreports.com/forum/r30599062-Networking-FIOS-Quantum-with-Pfsense-MOCA-Bridge-setup

https://forum.pfsense.org/index.php?topic=94261.0

Paint

@gduff:

Purchase a MOCA adapter from Amazon or Ebay. The attached drawing is a working setup that I have. Your pfsense computer becomes the only router that you need.  The Actiontec is not needed.

I am looking to use the actiontec/quantum fios router so I can still use the remote dvr functionality.  Using a MOCA adapter would not allow this unfortunately.

q54e3w

does this help https://nguvu.org/pfsense/verizon/pfsense-verizon/

Paint

@irj972:

does this help https://nguvu.org/pfsense/verizon/pfsense-verizon/

sorry, I read that image wrong. This is exactly what I needed! Thank you so much!

Paint

@irj972:

does this help https://nguvu.org/pfsense/verizon/pfsense-verizon/

Actually, the above looks more like method 2 of the method below without the fake DHCP for WAN. However since there is no WAN address MASQUERADING to the Verizon router, since it is in bridge mode, Remote DVR and Caller ID functionality will not work. Set-top boxes do have internet though through COAX.

@NOYB:

Think you are in luck.  I have done this dual router (pfSense and FiOS provided router) before.  Here are a couple possible methods.  I have successfully used both of them.  It's a bit complex, but it can be done.  Both  methods outlined below require FiOS Ethernet service rather than MoCA (COAX).  By the way is this for Verizon FiOS or Frontier FiOS?

Method 1:  The most desirable (IMO)
Configure a switch as follows.
Port 8: PVID 99, Member VLAN 99, Un-Tagged; Member VLAN 98, Un-Tagged, connect to ISP WAN Ethernet
Port 7: PVID 98, Member VLAN 99, Un-Tagged, connect to FiOS router WAN port
Port 6: PVID 99, Member VLAN 99, Tagged, connect to pfSense WAN port
Ports 1-5: Default

(optionally 98 can instead be 99 also)

Method 2:
How Can I Run Multiple Parallel Routers
https://www.dslreports.com/faq/16949
https://www.dslreports.com/forum/r27210694-FiOS-Dual-Router-Separated-Computer-TV-Service-Networks

Use pfSense WAN DHCP Advanced configuration options to impersonate the FiOS router's DHCP.  Also clone the MAC address so pfSence has the same MAC address as the FiOS router.

I am looking to replicate more of Method 1 of the above outline by NOYB

q54e3w

you can work around those limitations with a couple of port forwards. Ive just tested it and can DVR remote record & TV display caller ID etc. Ill try and put some notes together before I leave for a trip next week for you.

Paint

@irj972:

you can work around those limitations with a couple of port forwards. Ive just tested it and can DVR remote record & TV display caller ID etc. Ill try and put some notes together before I leave for a trip next week for you.

I would really appreciate it. Thanks!

Paint

Okay! I have my pfSense box almost completely setup.

To confirm, I am trying to accomplish the following:

• FIOS Quantum (G1100) Router and pfSense router in a Parallel WAN setup

• FIOS Quantum (G1100) Router will not be in bridge mode (will get WAN from parallel WAN)

• pfSense Router using DHCP Impersonation of G1100 Router

VLAN Setup on Dell PowerConnect 2716:

VLAN 1: LAN
      VLAN 96: pfSense Router WAN (Router IP: 192.168.1.1, DHCP: 192.168.1.100-245)
      VLAN 97: FIOS MoCA Router WAN (Router IP: 192.168.0.1, DHCP: 192.168.0.100-245)
      VLAN 98: GPON ONT WAN (DHCPv4 from FIOS)

• Ports 3-15: PVID1, Untagged Member of VLAN 1

• Port 1: PVID 96, Tagged Member of VLAN 1 & Un-tagged Member of VLAN 98

• Port 2: PVID 97, Un-tagged Member of VLAN 98

• Port 16: PVID 98, Un-tagged Member of VLANs 96 & 97

WAN DHCP Impersonation on pfSense:

Protocol Timing:
timeout 60
retry 1
select-timeout 0
initial-interval 1

Lease Requirements and Requests:

Custom DHCP Send Options:
dhcp-class-identifier "FiOS-G1100:dslforum.org", dhcp-client-identifier "", host-name "FIOS_Quantum_Gateway", domain-name "home", option-125 00:00:0d:e9:1f:01:06:30:30:30:46:42:33:02:0c:34:38:35:44:33:36:34:36:33:30:44:35:03:07:4d:49:34:32:34:57:52

Custom DCHP Parameter Request List:
subnet-mask, broadcast-address, time-offset, routers, domain-name, domain-name-servers, time-servers, log-servers, default-ip-ttl, interface-mtu, vendor-encapsulated-options, dhcp-requested-address, dhcp-lease-time, dhcp-server-identifier, dhcp-parameter-request-list, dhcp-class-identifier, dhcp-client-identifier, www-server, option-125

Custom DHCP Parameter Required List:
subnet-mask, domain-name-servers, routers

Custom DHCP Option Modifiers:
default subnet-mask 255.255.255.0, prepend domain-name-servers 8.8.8.8, append domain-name-servers 8.8.4.4, supercede routers 192.168.1.1

Device Summary:
WAN (fake address for this post): 123.321.456.10

pfSense Router:
        IP: 192.168.1.1
        WAN: 123.321.456.10
        LAN DHCP: 192.168.1.100-245
LAN PC: 192.168.1.50 (from pfSense DHCP)

FIOS Quantum Gateway (G1100):
        IP: 192.168.0.1
        WAN: 123.321.456.10
        LAN DHCP 192.168.0.100-245
DVR(IP-STB-1): 192.168.0.100

Port Forwards (FIOS Quantum Gateway):

Questions:

What changes do I need to make to my pfSense router in regards to the Firewall, NAT/Port Fowards, etc?

In my previous setup, I had a backend router which had the required port forwards and provided my WAN DHCP address to the FIOS WAN port:

• FIOS ONT WAN (123.321.456.10)  -> WAN on DDWRT Router (192.168.1.1) -> DDWRT LAN to WAN port on Backend DDWRT Router (192.168.1.2 static IP WAN)

• DHCP Server on Backend Router serving FIOS ONT WAN IP(123.321.456.10) -> Backend Router LAN to G1100 Router WAN Port

Do I need to add any port forwards on my pfSense router for the FIOS Quantum Router?

Previously I had my DDWRT Router (192.168.1.1) forwarding the following ports to 192.168.1.2 (backend router) and the backend router continued those port fowards to 123.321.456.10 (G1100)

• Remote Router Control (Fios Customer Support): Port 4567

• Caller ID: Port 35000

• Remote DVR: Port 63145

• Remote DVR: Port 8082

• Remote DVR: Port 3500

• FIOS Media: Port 5050

  Thank you in advance for your help!

Paint

Okay! I got this working finally!

I am still playing around with the Protocol timing Settings, as sometimes my WAN does not renew properly.

Please see new post: https://forum.pfsense.org/index.php?topic=114389.0