Modem -> pfSense FW -> DD-WRT Router config not working



  • Greetings! First post, that's always fun. :D

    I've got a new home firewall setup that has got me a little stumped. I am a long-time IT veteran, however mostly field operations/server maintenance, data center operations, mid-level tech support, supervising staff. Very little networking thus far, though that is going to change in the near future.

    Hardware:
    Motorola Surfboard SB-6141 modem (owned - connected to Comcast): IP 192.168.100.1
    Buffalo WRZ-300HP WiFi router running DD-WRT (EDIT: had the original 2013 build on it, the only one listed on DD-WRT's pages forever… looks like there's a newer release though!): IP 192.168.1.1
    AMD APU.2C4 board running pfSense 2.3.4 on a 32GB, 6GB/s mSATA drive

    Physically and logically I am hooking up my network this way:
    Modem -> FW -> RTR -> LAN (one desktop, several laptops, tablet, phones, etc.)

    Ethernet port on modem -> WAN port on FW
    LAN port on FW -> router

    This is a fresh install of pfSense, I got it installed via USB and serial connection recently. I've tried a few things, but so far have reached the same result so today I flashed it back nearly to factory settings to start over. I have assigned the FW ports as follows:

    WAN: static, 192.168.100.2/24
    LAN: static, 192.168.1.2/24
    OPT: (not assigned yet)

    This seemed to accomplish the goal of keeping the LAN side and WAN side isolated. I suspect it's a route needed, however I'm not sure what exactly.

    1. When I cable everything up as-intended, from a PC on the LAN I can only ping out as far as the router (gateway/192.168.1.1). I can NOT ping the FW at 192.168.1.2.
    2. From the FW console menu, I am able to ping both the LAN 192.168.1.1 and WAN 192.168.100.1 successfully.

    So the FW sees its respective gateways but I need to add a route somewhere, I suspect.  :)

    With the FW disconnected, bypassing it, I am able to of course connect to the Internet and can ping through to my modem's LAN IP of 192.168.100.1 and access its web GUI.

    I have not changed any firewall settings, so default LAN (outgoing) of Allow for all protocols is still enabled, as is the deny-all for WAN (incoming).

    Hoping for a little help with a place to start! For comparison, I have a pfSense SG-2440 unit at my wife's office (we own a small business). I set that up last Fall, and recently purchased one of Netgate's new support plans for it. That configuration is a little different:

    Connection: Verizon Business DSL (nothing else available)

    Hardware:
    Actiontec GT784WNV combined WiFi router/modem: IP 192.168.0.1
    pfSense SG-2440 FW: IP 192.168.1.1
    Ubiquiti Networks Enterprise AP

    That setup works, and using a pretty standard config. However with that one, the modem AND router (as they're one unit) sit OUTSIDE the FW, I use the new AP for LAN connectivity to keep our stuff safer.

    Thanks in advance! Nice place you've got here. I'm an old forum hound of about 20 years, always nice to find a good new place to hang out.  ;D
    =S2=


Log in to reply