How to make Public IP on pfSense WAN?



  • Hi all,

    I can't figure out how to assign Public IP on pfSense WAN.

    My modem is combo modem+router. If I don't change nothing on modem/router on pfSense WAN I get private IP 192.168.0.xx.

    If I switch modem/router to modem only and on pfSense WAN I choose PPPoE I get public IP but can't access internet.

    What I am doing wrong? How to make pfSense WAN to get public IP address?

    My modem/router: Nighthawk VDSL/ADSL Modem Router D7000

    ISP: BT

    Encapsulation: PPPoA (PPP over ATM)


  • LAYER 8 Global Moderator

    does your isp device support what is often called a half bridge so your isp devices still does your PPPoE login but it just assigned the public IP to the device connect to it.  This way pfsense is just set to dhcp on its wan.



  • There is no such option half bridge on my modem/router. I can choose only modem only or modem+router.


  • LAYER 8 Global Moderator

    I do not believe pfsense supports PPPoA?? Maybe someone can chime in here with more experience in that area.  But I do not believe it does.. It sure didn't use to - sometimes you can setup PPPoE and works.  But PPPoA is not exactly the same as PPPoE so mileage may vary doing.

    If your device does not support half bridging, then I would just go with simple double nat.  Let your isp device get your connection, let pfsense get a rfc1918 from your isp device.  Set your isp device so that pfsense wan IP is the dmz host, or forward the traffic you want pfsense to forward on, etc.



  • @johnpoz:

    I do not believe pfsense supports PPPoA?? Maybe someone can chime in here with more experience in that area.  But I do not believe it does.. It sure didn't use to - sometimes you can setup PPPoE and works.  But PPPoA is not exactly the same as PPPoE so mileage may vary doing.

    If your device does not support half bridging, then I would just go with simple double nat.  Let your isp device get your connection, let pfsense get a rfc1918 from your isp device.  Set your isp device so that pfsense wan IP is the dmz host, or forward the traffic you want pfsense to forward on, etc.

    On my main modem+router I have switched off wireless and disabled DHCP. Modem+Router IP is 192.168.1.1

    On pfSense WAN I have picked Static IP and assigned to 192.168.0.254

    On pfSense LAN picked Static 192.168.1.1/24

    Do I have double NAT in this situation? If yes do I need to apply any rules and port forwarding on modem+router and pfSense itself?

    Basically I want to route all traffic through pfSense.

    If I put my modem+router only to modem mode and on pfSense WAN setup PPPoE I get public IP but can't connect to Internet. Could it be that I have wrong Default Gateway setup?

    How many Gateways I need to setup? Should it be 192.168.0.1 or 192.168.1.1 or public ISP gateway?

    If I DMZ what settings I need to use?

    Thanks



  • This will not work the way you have it.

    If you can't get your IP to assign a static ip and set the modem in bridge mode then I would set the WAN to be DCHP.
    I would set the modem to be modem only but not familiar with your ISP.



  • Setup your modem to full bridge mode (modem only).. no login there at all…
    Encapsulation on the MODEM should be set according the provider rules...
    then connect a DEDICATED network cable between the modem and the wan port of pf and setup a PPPoE login on the pf according the Manuals
    your PF should get a public ip assigned...
    Setup the NAT to "Automatic outbound NAT rule generation." and it should work out of the box

    For all others: The Connection between the Modem and the PFSense is the only thing that matters and that is Ethernet (in 99% of all cases). So the Encapsulation on the PF has to be set to PPPoE.
    The Encapsulation on the other side of the DSL Modem does not matter at all and is managed by the modem itself... Most times MPoA is used... as a DSL Connection runs on ATM


  • LAYER 8 Global Moderator

    Modem+Router IP is 192.168.1.1

    On pfSense WAN I have picked Static IP and assigned to 192.168.0.254

    On pfSense LAN picked Static 192.168.1.1/24

    You got that backwards.. How is your wan going to talk to your modem when its not on the same network.. If your isp device network is 192.168.1/24 then that is the network pfsense wan is on.  As to your pfsense lan it can be any other rfc1918 network that does not overlap with your rfc1918 wan network.



  • I took a quick look at the Nighthawk VDSL D700 instructions, being unfamiliar with the device, and found that under the "Manage the WAN and LAN Network Settings" section they have a "IPTV" mode where you can designate that the #4 LAN port can be set in what appears to be a DMZ.  The item attached at that port 'shares' the internet IP that the modem gets.  I use ATT UVerse with their modem/router and have been putting my Zyxel, and now my pfSense VM in the DMZ and I got everything working including the OpenVPN.  Hopefully following those instructions can get your pfSense setup on an internet IP without having to change much else on your router.  Remember that you should have pfSense set with a LAN IP network range different from what the Nighthawk gives out on its other LAN ports, and everything attached to the pfSense router will be isolated from anything attached to the Nighthawk's other ports and wireless.  So if the goal is to have everything running through pfSense, the Nighthawk's wireless and its other LAN ports should not be used if you get working this way.  UVerse is not PPPOE so I don't have to think about logging in, but as the modem is still doing so, and passing the internet IP to the LAN port 4, you should be able to leave pfSense WAN in DHCP and attach it to port 4 on your Nighthawk.  Hope this helps.


Log in to reply