Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Noob question

    General pfSense Questions
    2
    2
    250
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O
      Ozkhan1 last edited by

      Greetings- I am noob to pfs, heard a lot about it so I am giving it a shot right now with my home network.
      I wanted to get expert opinion on the most recommended setup config, so I am hoping some of you guys will share your thoughts.

      1. Should I disable DHCP and Nat on the ISP modem, so pfs can take over those duties?
      2. Do I leave them on the isp, and create a new subnet on pfs?
      3. If 2 is recommended, I may have some devices connected directly to the isp modem, what's the best way to get the two segments to talk to each other? (I know this might not be a pfsense question but I was hoping for some pointers)

      Thanks in advance

      1 Reply Last reply Reply Quote 0
      • johnpoz
        johnpoz LAYER 8 Global Moderator last edited by

        Your isp "modem" should be put into bridge modem if possible.  ie pfsense should get a public IP on its wan.. This way your not double natting.

        If you can not do this, then its fine to double nat.. But you have to make sure you forward all traffic you might want to forward on pfsense via your isp "modem/gateway" first or put pfsense into dmz host of your isp device.  This can be done via static on pfsense wan or via dhcp reservation on your isp device.. doesn't really matter.

        If your going to be using pfsense there really should be nothing else connected to your isp device other ports or wifi..  All devices should be behind pfsense..  But if your going to double nat and want stuff on what amounts to pfsense wan, or internet transit network..  Keep in mind that your going to have to port forward forward if you need to access anything behind pfsense from stuff in front of pfsense on your isp device.

        It is just simpler, cleaner and overall better idea when moving to pfsense to not double nat with your isp device.  And if you must because the device does not allow anything else.  Then put all your stuff behind pfsense.. Get yourself a new AP, or use some other wifi router as just AP for wifi.. Get yourself a switch - hopefully smart/managed for future use of vlans even if not using them to start with.

        You need to make sure if going to double nat that your not using the same network on pfsense wan as lan side networks.. ie if wan is 192.168.0.x then make your lan 192.168.1.x or some other network other than 192.168.0

        1 Reply Last reply Reply Quote 0
        • First post
          Last post

        Products

        • Platform Overview
        • TNSR
        • pfSense
        • Appliances

        Services

        • Training
        • Professional Services

        Support

        • Subscription Plans
        • Contact Support
        • Product Lifecycle
        • Documentation

        News

        • Media Coverage
        • Press
        • Events

        Resources

        • Blog
        • FAQ
        • Find a Partner
        • Resource Library
        • Security Information

        Company

        • About Us
        • Careers
        • Partners
        • Contact Us
        • Legal
        Our Mission

        We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

        Subscribe to our Newsletter

        Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

        © 2021 Rubicon Communications, LLC | Privacy Policy