Using a VDSL Router for WAN - Please Help with My First SOHO Setup!

  • INTRO…
    Hi all. New to pfSense and the forum, but i am a very experienced IT contractor. However, my network knowledge sometimes lets me down as i have never had any formal training in that discipline. Hence why I want to setup a pfSense box to learn and due to its myriad of different config options (and VPN and pretty graphs....).

    pfSense is running great on a small form factor PC which is total overkill:

    • Intel Core i3 @ 2.60GHz, 8 GB RAM, 64GB SSD

    • LAN Intel 82579LM Gigabit (Onboard Ethernet)

    • WAN AASIX AX88179 Gigabit (USB 3.0 Ethernet)

    *** Please see attached network diagram ***
    My modem (TP-Link TD-W9980) is a wireless/model/router which is EXCELLENT and never drops the connection (stays up for months) so I want to continue to use this obviously, and it also shows the VDSL sync stats which are useful.

    HOWEVER! The complications lie in my DHCP/DNS setup. Due to the nature of my work and some of the services I run on my LAN, I must use my Windows Domain Controller as my DHCP/DNS server. So I must configure the network appropriately and that is where I have struggled.

    So after connecting the pfSense box into the network as shown in the diagram, there is no internet access to any client devices. This must be a simple DNS issue, but I need help with this in order to set the correct options on the Windows Server DHCP scope options and possibly the DNS options.

    Firstly, the internal LAN runs on, so I have pfSense on on its LAN adapter and on its WAN adapter. Upstream from that is the modem/router which is on

    What DNS settings should I apply in pfSense? Do I need to enable/configure either DNS Forwarder or DNS Resolver? I would expect DNS queries on the LAN need to go to my WinServer DNS, but then forwarded to the pfSense box if not resolved? So I assume I need to create a forwarder on the WinServer DNS of

    Should I enable DHCP relay on pfSense? is there any point?

    One final question, will I be able to access the modem/router over http? Obviously it must be on a different subnet to the LAN but can pfSense do anything special around this?

    Any help here really appreciated!

    Thanks for reading.
    ![Home Network Topo.jpg](/public/imported_attachments/1/Home Network Topo.jpg)
    ![Home Network Topo.jpg_thumb](/public/imported_attachments/1/Home Network Topo.jpg_thumb)

  • Here's my comments:

    1. You are going to be doing double NAT. Once through pfsense, and again through your DSL router. While this work for many applications, it will break some. You'd be far better off to put your DSL router into bridge mode, if possible, so that it is basically operating at layer 2.

    2. Using your DC for DHCP and DNS is not a problem. Just configure DNS on your DC to forward unresolved DNS requests to some DNS server that has access to public DNS. You could point it to your pfsense box, or straight to something like google DNS (

    3. You can access your DSL router's admin page at (provided you haven't put it in bridge mode) by going into pfsense and disabling the WAN check for bogus networks since pfsense, by default, would block access to a private 192.168 IP address on its WAN side.

    4. No DHCP relay needed.

Log in to reply