WAN Connection and Modem Config
I really hope I can get a steer from somebody on this forum on this, I'm a comparative noob to pfsense but have read up a good but on configuration but I'm still stumped.
Recently upgraded to fibre broadband and got a new F2000 eFibre Modem. Initially, logs showing a shocking number of logins from locations I shouldn't be getting logins from! - It was time for pfsense!
I have the software installed on an old HP compaq and LAN working fine (DHCP etc). When I connect the WAN interface to the Modem (in PPPoE mode - it does all the DHCP etc still) I just get a standard internal LAN (current) IP address opposite my WAN name - I know this needs to be changed somehow but I'm not 100% sure how. Online videos and forum suggest DHCP LAN but I think Bridge mode.
My plan is to switch the F2000 to Bridged mode, disable Wi-Fi (I use other wifi APs anyway that can point to pfsense from my new pfsense LAN), turn off DHCP and fill in the PPPoE settings on pfsense and hand over these functions to it entirely. Then the F2000 does nothing but send traffic to and receive from the internet and on to pfsense.
The only physical connection (ethernet) will then be a single WAN cable between bridge and pfsense WAN. All my LAN traffic to clients will then be from the new pfsense LAN via my internal infrastructure.
Am I on the right track? I sure would appreciate any help for forum can offer a noob so I can bring these un-authorised logins to an end.
Appreciate any help folks.
In general it sounds like the right path to take.
If you can get a proper IP address for your WAN interface , that's 85% of the battle in a bridged setup.
Setting up individual WAP's as needed is definitely the suggested option for WiFi.
A quick Google search on "F2000 efibre bridge" turns up a number of examples to try.
Bridging looks like a standard option for that router and that's a good sign.
The only potential issue I see is the need to setup a VLAN for your connection, but that shouldn't be a show stopper.
Keep at it, post your issues and good description of what works and what doesn't and we'll help where we can.
Thanks for your reply and I appreciate the offer to help and nudge me the right direction!
I'll be specific as possible if I hit a block..
I hadn't seen the need to create a VLAN in my setup though. On the LAN side, I plan on migrating all clients onto the new pfsense DHCP address. As for WAN side - I saw a Youtube video where the guy appeared to two WAN addresses - one was his Gateway and he then assigned that in WAN Config. Sorry for the dumb Q but is the VLAN on LAN or WAN?
I'm be back working this tonight.
I mentioned the VLAN possibility because it appeared in some of the Google'd articles on setting the F2000 into bridge mode.
Unfortunately I don't have one of those devices so I can't be more specific.
From what I was reading it looked like a VLAN was required on the WAN side.
I suspect you'll need to do a little experimenting unless someone with firsthand experience on that device can jump in.
I did some extra digging and the F2000 is a re-branded Huawei HG659b modem. If any other readers have experience setting pfsense up with one of these, I would like to hear how it went..
Please show us screenshots of Status and/or Configuration of the modem's WAN port while the modem is the working condition as configured by ISP.
This is the identical settings of the WAN config settings within this procedure for switching the Eir F2000 unit to Bridge mode.
For me it looks like WAN-port/VLAN10 is bridged with untagged LAN port, so the regular PC should be able to establish PPPoE session with the ISP while plugged to the modem LAN port.
I would also try to check with Wireshark on what is really coming from the modem, just to make sure VLAN tags are [not] there.
I've been working this with the F2000 set to Bridge mode (using the procedure I posted earlier) rebooted as instructed.
Network cable from WAN (blue port) on F2000 to WAN port on pfSense box.
I then set up the WAN config page in pfSense to use PPPoE and entered the settings for my ISP. Now I should have just F2000 bridged to Internet and my access LAN on a 10.1x.x address.
I restarted the pfSense box hoping to now pick up a public IP address and have essentially
WAN (wan) -> pppoe0 ->
LAN (lan) -> em0 ->v4 10.1.2.10/24
I have attached screenshots of WAN config from pfSense [nothing to see I'm afraid] and the config showing where I entered configuration settings.The WAN card traffic LED on my pfSense box is not packeting at all.
Does anyone have some ideas on what I am doing wrong?
Forget about pfSense for a while, test from your PC first.
You were quite right. Perseverance paid off and having upgraded to the newest revision, the GUI is actually better too! Appreciate your advice.
Can I ask further advice regarding the best method to allow my client PCs to reach Microsoft links to get their updates and my AV of course! I sis see some references to the use of regular expressions in the White list of the Squid Proxy and have no trouble using REs once I know Im in the right area!.
Once again, appreciate the pointer.