Router behind pfSense (SOLVED)



  • Good day,

    I would like to ask your expert opinion or suggestions on how to install pfSense behind a router. I have been trying to configure out all the settings but it seem no luck at all or it can't be done.

    It is possible that my setup is like this?

    Modem -> Main Router -> pfSense -> Access Point Router

    I can't move my main router behind pfSense cause it will be complicated to my other program.
    My question is, is this possible setup? Or it can't be done.

    I'd tried my pfSense WAN static ip of 192.168.1.10 and submask 255.255.255.0 gateway 192.168.1.1 and connect the WAN calbe to main router on Lan port.

    My pfSense LAN is 10.10.1.10 submask 255.255.0.0 gateway 10.10.1.1

    Modem= ISP
    Main Router = 192.168.1.1

    pfSense WAN= 192.168.1.10 static
    Subnet= 255.255.255.0
    Gateway= 192.168.1.1

    pfSense LAN= 10.10.1.10 static
    Subnet= 255.255.0.0
    Gateway= 10.10.1.1
    DHCP= enable

    Router Access Point=10.10.1.5 static
    Subnet= 255.255.0.0
    Gateway=10.10.1.10
    DHCP= disable

    But I cant get any internet connection when I tried to connect on AP.
    I tried to hookup wired from my loptop to AP port, still no internet, but i can communicate pfSense webpage and the main router webpage.

    What seems to be the problem on this? Thank you for you help.


  • LAYER 8 Global Moderator

    Little bit of a side question, why would you use a /16 for your lan?  You going to have 65k clients all on the same layer 2?

    pfSense LAN= 10.10.1.10 static
    Subnet= 255.255.0.0
    Gateway= 10.10.1.1

    Why would your pfsense lan have a gateway??  Who is 10.10.1.1 ??  Or is that a typo and you set it to itself?

    There should never be a gateway set on your lan interface.. Pfsense sure and the hell doesn't ask you to do that, and it even warns you that no shouldn't have one, etc.

    Modem you sure that is not a gateway?  What does your main router have for its wan?  Freaking triple nat setup.. Why do you think replacing your "main" router with pfsense would be a problem?  And its not a AP "router" if your using some old wifi router as AP by connecting its lan IP to your network and turning off its dhcp server you would call that just a AP..



  • Hi John

    Thank you for your reply

    I was able to change mag pfSense IP to

    pfSense IP=192.168.2.1
    Submask=255.255.255.0
    gateway=none

    and my AP

    AP=192.168.2.5



  • @Blackhat:

    Hi John

    Thank you for your reply

    I was able to change mag pfSense IP to

    pfSense WAN IP=192.168.1.10
    Submask=255.255.255.0
    Gateway=192.168.1.1

    pfSense LAN IP=192.168.2.1
    Submask=255.255.255.0
    gateway=none

    and my AP

    AP=192.168.2.5
    Submask=255.255.255.0
    Gateway=192.168.2.1

    but still have no luck.

    I can't make my pfSense as a Main Router because it is associated with external program. I just tried to use pfSense to have another network. (experiment)

    So may set up for now is

    Modem (BridgeMode) -> Main Router-> pfSense-> AP

    I juts connect my pfSense to one of the land port of Main Router.

    I don't know what happen, it just pass through yesterday but when I connect it again today, it just dont work again.
    Any advise configuration on pfSense will help.

    Thank a lot for the reply.


  • LAYER 8 Global Moderator

    So you have this now?

    internet publicIP - mainrouter lan 192.168.1.1/24 –- 192.168.1.10/24 wan pfsense lan 192.168.2.1 --- 192.168.2/24 --- 192.168.2.5/24 AP -- wifi --- 192.168.2.100 ??

    So your devices behind pfsense all get IPs from pfsense dhcp and are 192.168.2/24 with gateway pointing to pfsense 192.168.2.1 as gw and what for dns?? psfense?

    You sure your AP is not natting??  And is just pure AP mode..  It is some old wifi router you have in AP mode.. So its dhcp is OFF, its connect to your 192.168.2/24 network via one of its Lan ports..  While your AP having a gateway would allow you to manage it from off the 192.168.2/24 network that you pointed this suggest to me that its still natting??  And your wifi clients or on some other network pointing to what for gateway and getting dhcp from where?

    Can your wifi devices or wired devices on pfsense 192.168.2/24 network access pfsense web gui at 192.168.2.1?  When they traceroute to 8.8.8.8 what do they get back?



  • Hi John,

    Sorry for the very late reply…. I guess I just solve my problem about this topic! I made it thru pfSense behind the main router... and I say It can be done... Im actually using it right now... My setting is right all the way I just forget that my Captive portal is enable. so I have to login basically to gain access thru internet.

    For now I just made may Webpage Captive portal basically thats my target... Self learning web page pointing to other local page and redirect another page to username & password for admin user.  That so cool....

    Using Captive Portal Plus also made my day using a thermal printer to print a 1 voucher for 1 user in just a few clicks.
    and can set validity for each user. A way too cool...

    So this topic is (SOLVED)!!!! Thanks



  • Check this out



Log in to reply