Does pfSense go first right after my cable modem?



  • I'm trying to learn how to setup and configure pfSense.

    I was looking at a particular guide and it referred to setting the WAN IP address as follows:

    192.168.0.14/24 gw 192.168.0.1

    And the LAN IP address as follows:

    192.168.0.15/Default will be 192.168.1.1

    I'm curious because if this is the first device after my cable modem then it will have to receive the DHCP address from the cable modem in the same way my current router does.

    My understanding is that pfSense is to become my router and from there I need to go to a switch.

    Is my thinking wrong?

    Thanks in advance.


  • LAYER 8 Netgate

    Depends.

    Generally you will want to plug cour cable modem into WAN and tell the DHCP client on WAN to never accept a DHCP address from 192.168.100.1. That means you will only ever get a public address on the WAN.

    But all that depends on the ISP. What do they tell you to do to get a public IP address on the WAN port of your router?



  • @Derelict:

    Depends.

    But all that depends on the ISP. What do they tell you to do to get a public IP address on the WAN port of your router?

    Currently, the modem first goes to the WAN port on my router then to my switch.

    The router is giving the following information:

    Internet Connection (IPv4)
    Connection Type: Automatic Configuration - DHCP
    Internet Address: 97.92.2xx.xxx
    Subnet Mask: 255.255.224.0
    Default Gateway: 97.92.1xx.xxx
    DNS1: 71.10.216.1
    DNS2: 71.10.216.2
    DNS3:
    MTU: Auto
    DHCP Lease Time: 480 Minutes

    Since the "routing" functions should be being replaced by pfSense I would think I would need to let it get a DHCP from the cable modem. The 192.168.100.1, as far as I know, is what I browse to when my connection is flaky. It gives me an overview of the modem itself so I can see how well it has been maintaining the signal.

    That DHCP address from the cable provider could change from time to time so I'm not sure how that would affect the configuration.


  • Netgate Administrator

    Seems like you have the right idea. Your 'modem' is already passing the public IP to the current router so it will do the same with pfSense there.

    The idea with blocking 192.168.100.1 as a dhcp source is to prevent the modem giving you a private IP if it looses its cable connection for nay reason. They do that to allow you easy access to it in that situation but it can prevent pfSense receiving a real IP when the connection comes back up.

    You can still access the modem anyway.
    https://doc.pfsense.org/index.php/Accessing_modem_from_inside_firewall

    Steve


Log in to reply