PFsense connected with a Cable Modem/Router



  • Hi Guys I am new to the pfsense game and I am having a HELL of a time trying to get this wonderful software going due to the fact that my ISP has given me one of those awful Modem/Router 2in1 boxes. In my previous setup I had to set the Modem/Router in Bridged mode to make it work with my asus router. I have done the same thing with the pfsense setup but when I login to pfsense it shows my WAN ip as 192.168.1.111. When I try and then access any websites I get dns error. I do not know what to do or what I am doing wrong. Please assist.



  • First, I would call the ISP and have them put the modem into bridge mode to verify the unit is actually in bridge mode.  Once that is done:

    • Remove power from both the modem and PFsense

    • Reseat the patch cable going from the modem to PFsense on both ends

    • Power on the modem, then wait until you see the online/WAN/Internet light go solid green

    • Once the WAN light is solid green on the modem, power on PFsense

    • Upon successful boot, PFsense should have an external IP.  If not, the modem is not in bridge mode and you will need to escalate to your ISP.

    If possible, have the tech stay on the line with you as you're doing the work, so they can troubleshoot right away instead of you sitting in the queue again.



  • My comcast modem does the same thing if it loses connection to the ISP. You may lose the connection as well since you got the DNS error.



  • So I did as you suggested. I powered down both boxes and re-seated cable I powered down modem and kept powered down for a good 10 mins. I then powered it up and waiting some 10 mins after that before powering up pfsense. I booted up Pfsense I then connected a cable from the second lan port on my physical pfsense box to the unmanaged switch where I hopped on my desktop which is plugged into said switch. I was pleasantly surprised to seemingly have internet access and able to get on websites etc. I logged into pfsense to check it out figuring I would see proper IP . Instead what I saw was WAN - N/A where as before I was getting WAN - 192.168.1.111 I dont know what is going on or what I can do here…



  • There are several things you can check, but I would close and reopen your browser and/or open a new tab, then access the GUI again.  You can even try clearing your cache.

    You can also check the console or do an "ifconfig" from the shell.



  • Make sure that you don't have Block Private Networks enabled (or a pfBlocker/Suricata/Snort) rule that trips when it sees a 192.168.x.x packet.  I've been trying to get up to speed on setting up pfSense and for now have to run behind a similar NAT… box has been up for about 3 weeks no sweat, so unless the modem is going down, you should be fine.


  • LAYER 8 Netgate

    What does Status > Interfaces say for WAN?



  • @guardian:

    Make sure that you don't have Block Private Networks enabled (or a pfBlocker/Suricata/Snort) rule that trips when it sees a 192.168.x.x packet.  I've been trying to get up to speed on setting up pfSense and for now have to run behind a similar NAT… box has been up for about 3 weeks no sweat, so unless the modem is going down, you should be fine.

    Where Do I find said settings?



  • @bradtn:

    @guardian:

    Make sure that you don't have Block Private Networks enabled (or a pfBlocker/Suricata/Snort) rule that trips when it sees a 192.168.x.x packet.  I've been trying to get up to speed on setting up pfSense and for now have to run behind a similar NAT… box has been up for about 3 weeks no sweat, so unless the modem is going down, you should be fine.

    Where Do I find said settings?

    Look under    Interfaces / WAN or    Interfaces / LAN - at the bottom under Reserved Networks (If you are using the new 2.3.1 or 2.3.2 interface)

    are you using any of  these: pfBlocker/Suricata/Snort?  If so, then you need to check the rules/blocklists - Firewall log should give you a hint if you are seeing stuff blocked.



  • @guardian:

    @bradtn:

    @guardian:

    Make sure that you don't have Block Private Networks enabled (or a pfBlocker/Suricata/Snort) rule that trips when it sees a 192.168.x.x packet.  I've been trying to get up to speed on setting up pfSense and for now have to run behind a similar NAT… box has been up for about 3 weeks no sweat, so unless the modem is going down, you should be fine.

    Where Do I find said settings?

    Look under    Interfaces / WAN or    Interfaces / LAN - at the bottom under Reserved Networks (If you are using the new 2.3.1 or 2.3.2 interface)

    are you using any of  these: pfBlocker/Suricata/Snort?  If so, then you need to check the rules/blocklists - Firewall log should give you a hint if you are seeing stuff blocked.

    Its a fresh install so I do not believe so?


  • LAYER 8 Netgate

    You bring down Status, then Interfaces, then copy and paste what it has for WAN.



  • @bradtn:

    @guardian:

    @bradtn:

    @guardian:

    Make sure that you don't have Block Private Networks enabled (or a pfBlocker/Suricata/Snort) rule that trips when it sees a 192.168.x.x packet.  I've been trying to get up to speed on setting up pfSense and for now have to run behind a similar NAT… box has been up for about 3 weeks no sweat, so unless the modem is going down, you should be fine.

    Where Do I find said settings?

    Look under    Interfaces / WAN or    Interfaces / LAN - at the bottom under Reserved Networks (If you are using the new 2.3.1 or 2.3.2 interface)

    are you using any of  these: pfBlocker/Suricata/Snort?  If so, then you need to check the rules/blocklists - Firewall log should give you a hint if you are seeing stuff blocked.

    Its a fresh install so I do not believe so?

    If I recall correctly they are CHECKED BY DEFAULT


Log in to reply