4. Noob question

Noob question

  • O

    Greetings- I am noob to pfs, heard a lot about it so I am giving it a shot right now with my home network.
    I wanted to get expert opinion on the most recommended setup config, so I am hoping some of you guys will share your thoughts.

    1. Should I disable DHCP and Nat on the ISP modem, so pfs can take over those duties?
    2. Do I leave them on the isp, and create a new subnet on pfs?
    3. If 2 is recommended, I may have some devices connected directly to the isp modem, what's the best way to get the two segments to talk to each other? (I know this might not be a pfsense question but I was hoping for some pointers)

    Thanks in advance

    0
  • LAYER 8 Global Moderator

    Your isp "modem" should be put into bridge modem if possible.  ie pfsense should get a public IP on its wan.. This way your not double natting.

    If you can not do this, then its fine to double nat.. But you have to make sure you forward all traffic you might want to forward on pfsense via your isp "modem/gateway" first or put pfsense into dmz host of your isp device.  This can be done via static on pfsense wan or via dhcp reservation on your isp device.. doesn't really matter.

    If your going to be using pfsense there really should be nothing else connected to your isp device other ports or wifi..  All devices should be behind pfsense..  But if your going to double nat and want stuff on what amounts to pfsense wan, or internet transit network..  Keep in mind that your going to have to port forward forward if you need to access anything behind pfsense from stuff in front of pfsense on your isp device.

    It is just simpler, cleaner and overall better idea when moving to pfsense to not double nat with your isp device.  And if you must because the device does not allow anything else.  Then put all your stuff behind pfsense.. Get yourself a new AP, or use some other wifi router as just AP for wifi.. Get yourself a switch - hopefully smart/managed for future use of vlans even if not using them to start with.

    You need to make sure if going to double nat that your not using the same network on pfsense wan as lan side networks.. ie if wan is 192.168.0.x then make your lan 192.168.1.x or some other network other than 192.168.0

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy