Connecting pfsense and home router together



  • Hi All,

    First, if this is in the wrong group, please forgive me.

    I'm semi new to pfsense. I have an old Dell box that I installed pfSense 2.2.3 on a while ago. It's just been sitting because I could never get it to work with my home router. I got the itch again to play with it but I am still encountering the same problem.

    Here is what I have and what I want to do:

    I have a TWC modem/router that is connected to a Netgear router (with WiFi) that supplies our home with internet, phone and cable. What I would like to do is have the TWC modem/router  plug into the pfSence box(WAN), then plug my Netgear router into the pfSense box(LAN). I would like to have the Netgear router continue to supply the DHCP addresses and WiFi to the home network.

    So, on the pfSense box, I'm guessing needs to be setup as DHCP so it can get it's IP from the TWC modem. I have the LAN interface on the pfSense box setup with an IP of 192.168.1.1/24. So, I should plug the TWC modem into the WAN interface on the pfSense box correct? Then I should plug the LAN interface on the pfSense box SOMEWHERE on the Netgear router(it's IP is 192.168.1.10/24), Should it go in the Netgear WAN port or one of the 4 access ports?

    My thinking is that everything behind the Netgear router should fuction as normal, without any changes. The only thing that would need to happen is the the Netgear router would use the pfSense router as it's gateway, correct? If so, how would I accomplish that?

    My explaination of my senerio is probably not the best but, hopefully I gave enough info so you can get the gist of what I'm trying to do. Please point out what I'm doing wrong and/or if there is a better way go do this.

    Thanks

    Mark



  • You mentioned that the TWC equipment you have is a modem\router. Is your netgear router setup to function as an AP or a router?



  • It's your basic Netgear router with 4 ports and WiFi. Right now it's connected to the box supplied from TWC and all my equipment in the home goes through the Netgear to get out to the internet. My confusion is how do I physically connect the Netgear to the pfSense box. Right now the TWC box is connected to the WAN port on the Netgear. If I put the pfSense box between the TWC unit and the Netgear router, how are they connected?

    BTW - Thanks for the quick response.



  • When you say "all my equipment in the home goes through the Netgear to get out to the internet" does that include the phone and the cable television you mentioned in your original post or just the internet?

    Also, do an ipconfig on your computer and get the default gateway address.

    When you setup pfsense, what address did you give the lan?



  • Yes, we have our phone, internet and tv bundled.

    I know the default GW as it's setup right now. It's the Netgear router, 192.168.1.10. I gave the LAN interface on the pfSense router an IP of 192.168.1.1. Right Now, I have taken the pfSense router out and just have the Netgear connected to TWC. I want to connect the pfSense router between the TWC and Netgear router.

    In my mind, I would need the pfSense router to be the GW for the Netgear router correct? How would I go about doing that unless I'm missing something.

    Mark



  • I think what you are going to want to do is connect your pfSense box to a LAN port on the TWC gear then configure your Netgear router to run in AP mode and connect it to the LAN port on your pfSense box.

    With this setup pfSense will be your DHCP server for everything connecting to your wifi or LAN ports on your netgear.

    Please note that you will be double NATed.  However in your current setup you are also double NATed so I don't think that will matter much.  You could look into configuring your TWC modem\router to run in bridge mode which would eliminate the double NAT, but I would get everything working as suggested above before tackling that.  Also, I am not sure if that will mess up your phone and cable so I would use caution if you decide to go that route.



  • I think I'm following what you mean.

    My wife works from home and I really don' want to screw the network up. Is it possible to connect like you suggested but have the Netgear still provide the DHCP and WiFi to the home Network and just use the pfSense router for firewall protection? That way, if there is a connection issue, I can just remove the pfSense box if there is an issue?

    Sorry for all the beginner type questions.

    Mark



  • It would not be optimal to set things up that way, but it will probably work.  You will be triple NATed at that point.

    If you are worried about things not working right for your wife, this is what I would do.

    Take a backup of you netgear configuration.  Then switch your netgear to AP mode leaving it plugged into your TWC modem/router.  At this point the TWC modem\router will be the only router in your network and will be performing all the functionality a typical router does (NAT, DHCP, DNS, ect…).  Leave it setup like that for a few hours\days and perform some random tests to see if your wife is having any problems working.  If you do have problems just restore the netgear config you took for a backup and you will be back to your original setup.  That should confirm that running your netgear in AP mode connected to a router will work as expected.  With this setup you will have one NAT which is the what most home users have.

    If everything is running as expected, you can add your pfSense box to your network by placing it between your TWC equipment and your netgear equipment (pfsense WAN to TWC LAN, pfsense LAN to Netgear LAN (or wan)).  If you have problems along the way you can just unplug the ethernet cables from pfsense and connect them like they were originally (TWC LAN to Netgear LAN(or WAN)).  With this setup you will have two NATs.  To get to one NAT which is optimal you will need to configure your TWC equipment to run in Bridge Mode.  You will need to research to see if that will affect your Television and Telephone.



  • I get what you're saying but, I want to make sure I'm understanding the concept correctly.

    If I put the Netgear in AP mode, will the ethernet ports still work? I know WiFi should.

    If thats the case, I should be able to put the pfSense between TWC and Netgear (make Netgear an AP) and still connect PC's the the Netgears ethernet ports and have still have WiFi connectivity, correct?

    WEB –>TWC --(DHCP)--> (WAN) pfSense(LAN) --(DHCP)--> (WAN)Netgear (AP mode)(LAN) ---- > internal network (wired/WiFi)

    Sorry my explination is so crappy.

    Mark




  • I believe everything you stated in your reply to be on target.

    Here are the instructions for placing your Netgear into AP mode.  Do a backup of your Netgears configuration before you change anything so you can roll back if necessary.

    http://kb.netgear.com/app/answers/detail/a_id/20927/~/how-do-i-change-my-netgear-router-to-ap-mode-after-i’ve-already-run-setup%3F

    Try connecting the netgear to just the TWC box for now to get everything working.  Then after everything seems pretty solid with the netgear in AP mode you can try putting the pfsense box between the TWC and Netgear.

    In the mean time you could plug your pfsense box into one of the other LAN ports on your TWC (TWC LAN - pfSense WAN) and plug an extra computer into the pfsense LAN port to start getting pfSense configured.



  • Thanks for the info. I tried last night and almost got put in the doghouse I screwed up the network so bad…  LOL

    Luckily I got it back to where it was. On my Netgear (614 v10) I didn't see anywhere to put it in AP mode. So I turned of DHCP, it already had a static IP but there was nowhere I saw to give it a GW so I could never get it to talk with pfSense.

    You have given me plenty of directions so I'll keep playing around with it when my wife is gone for a day.

    Thanks for all your help.

    Mark



  • I should have asked what model the Netgear was from the start.  I assumed it was an R7000 or something similar, since those tend to be the most popular.  Or at least a relatively recent model.

    I doubt that Netgear Router you own has AP mode.

    What is the model number of the TWC equipment you have?  Can you confirm that it is a Modem/Router combo, or could it just be a Modem?