Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Consensus on pfS. with Sky broadband, replace Sky router or attach via DMZ?

    Scheduled Pinned Locked Moved General pfSense Questions
    8 Posts 2 Posters 4.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F Offline
      frangible
      last edited by

      I have UK Sky Broadband at home. I want to get some experience with using pfSense.

      The Sky router (model SR102) does not have a bridge mode and Sky make using another modem quite tricky. Is there a consensus on which is better -
      1.  Extract the user name/password and get alternative hardware to use as a bridge or
      2.  Attach a pfSense box via the DMZ of the Sky provided ADSL modem/router?
      3.  Something I haven't thought of.

      What are the pros and cons of each? Thanks.

      1 Reply Last reply Reply Quote 0
      • ? This user is from outside of this forum
        Guest
        last edited by

        Get an openreach modem off fleebay. you no longer need to extract username and password, you could use mypfsense@skydsl|abxdef123 as the option61 string and it would work. Then connect up pfsense and away you go. There are quite a few of us running pfSense on Sky. Goto http://www.skyuser.co.uk/forum/ and enter pfSense as a search param, you'll find plenty of info.

        Using the existing Sky router is no use as it does not support bridge mode therefore you'll end up with a double NAT, thus making life a lot harder.

        Here's a link to a page that will show you how to setup pfSense with Sky, using an Openreach modem.

        http://www.skyuser.co.uk/forum/ipv6/58986-sky-ipv6-settings-non-sky-routers-12.html

        1 Reply Last reply Reply Quote 0
        • F Offline
          frangible
          last edited by

          @marjohn56:

          Get an openreach modem off fleebay.

          Isn't that a FTTC gizmo? I'm on steam ADSL. As it happens I've got an old Draytek Vigor 120 and a TP-Link TD-8817 which has a bridge mode. I'm not sure if either can do MAC spoofing. Is that still required for ADSL?. Thanks.

          1 Reply Last reply Reply Quote 0
          • ? This user is from outside of this forum
            Guest
            last edited by

            The modem doesn't do the spoofing, the router does. Trying to think back to my ADSL days…

            I used to run a Billion 7800 and that worked fine, any modem/router you have that can do bridge mode should work, then  you set up the correct settings in pfSense. Have a look on the SkyUser forum I mentioned in my previous message, you should find out all you need there, people have been using alternatives to the Sky supplied routers long before FTTC.

            1 Reply Last reply Reply Quote 0
            • F Offline
              frangible
              last edited by

              @marjohn56:

              you'll end up with a double NAT,

              Does the 'double NAT' problem occur when using the DMZ route as well, I thought the DMZ was on the outside (internet side) of the firewall/Network Address Translation? This page suggests using DMZ as a solution to double NAT.  http://www.practicallynetworked.com/networking/fixing_double_nat.htm
              Confused now…

              1 Reply Last reply Reply Quote 0
              • ? This user is from outside of this forum
                Guest
                last edited by

                DMZ will cause double NAT.

                Internet -> Sky Router/Modem ->( DMZ  192.168.1.1 )-> Second Router ( 192.168.2.1 ) = Double Nat

                Internet ->Modem ( Bridged Mode - WAN IP) -> Second Router ( 192.168.1.1 ) = No Double NAT

                Does that make sense?

                All a DMZ does is pass everything through to a specific address, it still NAT's it.

                That link is not working, for me at least.

                1 Reply Last reply Reply Quote 0
                • F Offline
                  frangible
                  last edited by

                  Hmmm, there's a lot of misinformation out there suggesting DMZ is the solution to double NAT. The site I reference above is the first in a search on DuckDuckGo for 'double nat' , and has the following as one solution to the double NAT issue:

                  "If you have a lot of ports to forward, doing them individually can get a bit cumbersome, so a simpler method is to configure the first NAT device to make your router's IP address the DMZ. This will hustle all incoming traffic through the first layer of NAT no questions asked, but when it hits your router it will be filtered or forwarded as appropriate.

                  This comes up on a Netgear forum:

                  "The second and easiest way around a double NAT situation like this would NORMALLY be DMZ. Putting our WNDR4500 WAN IP as our house owners DMZ IP is supposed to simply toss all port translations not having a port forward or UPNP link directly to our WNDR4500 router resolving in us not needing to manually port forward anything and all should be all good and dandy."

                  So it's all a bit confusing for the lazy and hopeless like m'self.

                  1 Reply Last reply Reply Quote 0
                  • ? This user is from outside of this forum
                    Guest
                    last edited by

                    I think it's the way it's written, it's misleading to say the least.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.