How to configure pfSense with ISP router (no bridge mode)

JKnott · Oct 22, 2017, 5:31 PM

It's really hard to tell where you are in this. What happens when you connect your laptop to the ISPs router? What address and subnet mask do you get?

I thought you said you reset to factory default. Was this pfSense or the router?

dominicm · Oct 22, 2017, 5:45 PM

@JKnott:

It's really hard to tell where you are in this. What happens when you connect your laptop to the ISPs router? What address and subnet mask do you get?

I thought you said you reset to factory default. Was this pfSense or the router?

The laptop is connected via wifi to the ISP router. Laptop IP is 192.168.0.13 Subnet is 255.255.255.0

Factory reset was on the pfSense box. I did also reboot it after interfaces were assigned, no change.

JKnott · Oct 22, 2017, 5:49 PM

OK, so now you know to avoid 192.168.0.0 /24 for your local LAN. However, when you get pfSense going again, you should check the WAN address to verify.

After rebooting pfSense, connect your notebook to the LAN side and see what address you get. The default gateway will tell you what the pfSense address is. Try connecting to it with a browser.

dominicm · Oct 22, 2017, 6:00 PM

@JKnott:

OK, so now you know to avoid 192.168.0.0 /24 for your local LAN. However, when you get pfSense going again, you should check the WAN address to verify.

After rebooting pfSense, connect your notebook to the LAN side and see what address you get. The default gateway will tell you what the pfSense address is. Try connecting to it with a browser.

By 192.168.0.0 /24 do you mean this one specific address ( 192.168.0.0 /24) or is it a range with 0 being 0 to 255?

When you say connect the notebook to the lan port do you mean directly or via switch? If directly don't you need a crossover cable? I assume WAN port makes no difference in this scenario at all right?

JKnott · Oct 22, 2017, 6:12 PM

An address such as 192.168.0.0 /24 specifies the network address and how large it is. So, any device connected to the network will have an address between 192.168.0.1 and 192.168.0.254. 192.168.0.0 /28 would allow for 192.168.0.1 - 192.168.0.14. The lowest and highest addresses are not available for devices.

As for connecting, I meant directly, to keep things simple. Also, crossover cables are not needed with gigabit equipment. You only need a crossover with 10 or 100 Mb connections. Even then, some 100 Mb equipment is capable of auto crossover.

So, connect your computer directly to the LAN side of the pfSense system and see what happens.

dominicm · Oct 23, 2017, 9:43 AM

Ok I connected just 1 cable at a time to windows laptop with wifi off and tried both ports just in case port labels are reversed here are the results:

WAN - 192.168.1.100 - 255.255.255.0
LAN - 169.254.12.210 - 255.255.0.0

WAN port was the one that could reach WEB GUI on 192.168.1.1. After connecting The other port to ISP ROUTER I got internet on the laptop too so it seems port labels do not match interface names.

That being said after I swapped th cables and connected the real LAN port to the switch I lost access to the interface again even though I have it on the laptop when connected directly.

I used the default values and changed nothing in the interfaces setup. The default value for WAN was DHCP. LAN interface defaulted to static ipv4 192.168.1.1. Attempting to change that leads to the same error as before so it's not my config that's the issue as it was the default values. It also seems correct as otherwise the webGUI ip would change if it was dhcp no? Laptop connected automatically too with no manual config. Iam at a loss what's going on here…

johnpoz · Oct 23, 2017, 9:51 AM

OH MY GAWD…

LAN - 169.254

That is a APIPA address.. why would you set that? Did you try and dhcp lan as dhcp again?

Plug it in and it works... Its not freaking rocket since here... Connect your laptop to the lan port.. It will get dhcp.. from pfsense. When your setting up pfsense change the IP of lan to say 192.168.2/24... Now your device connected to lan will get a dhcp address of 192.168.2.x -- hit the gui and finish the setup... If this takes you more than a few minutes then your doing it wrong... It really is plug it in and it works.. If not then your doing something wrong.. Trying to setup 1 interface at a time is not good idea unless you know what your doing - clearly that is not the case here. ;)

Since pfsense will setup rules on wan interface to allow access into gui, then when you ad another interface for lan those rules will be removed, etc. etc..

Here is an idea... Change your current routers lan network to be something other than the pfsense default. So now changing the network of pfsense lan does never has to happen and it can use 192.168.1/24 which is its default.

Grimson · Oct 23, 2017, 10:14 AM

@dominicm:

The default value for WAN was DHCP. LAN interface defaulted to static ipv4 192.168.1.1.

That is correct. If you want your LAN in a different network just change the static IP of the LAN interface from 192.168.1.1 to for example 192.168.2.1 and that's it.

@dominicm:

Attempting to change that leads to the same error as before so it's not my config that's the issue as it was the default values. It also seems correct as otherwise the webGUI ip would change if it was dhcp no? Laptop connected automatically too with no manual config. Iam at a loss what's going on here…

You do not change the LAN interface to DHCP, that means the LAN interface would require a dedicated DHCP server (not pfSense) in your network to get it's IP. If you want your LAN clients to use DHCP you have to activate/configure the DHCP server on pfSense, you can find it in the WebUI at Services -> DHCP Server.

JKnott · Oct 23, 2017, 11:03 AM

@johnpoz:

OH MY GAWD…

LAN - 169.254

That is a APIPA address.. why would you set that? Did you try and dhcp lan as dhcp again?

169.254.0.0 /16 is the link local range. It's what computers assign themselves when there's no DHCP server.

I think he's getting to the point where he may have to reinstall pfSense and start from scratch, as we have no idea what he's done. Or at least run the Wizard again, if he can get that far.

johnpoz · Oct 23, 2017, 11:59 AM

I know what is is.. ;) As I stated its APIPA address. My guess is he set his lan as dhcp without a dhcp server available.

JKnott · Oct 23, 2017, 1:16 PM

@johnpoz:

I know what is is.. ;) As I stated its APIPA address. My guess is he set his lan as dhcp without a dhcp server available.

I figured you knew, but the OP didn't. Still, I think he should start from scratch, as we have no idea what he's done.

johnpoz · Oct 23, 2017, 3:17 PM

Agreed..

If changing the pfsense lan IP seems to be a challenge for him… I would suggest he first change his current routers network to something else 192.168.2/24 for example. Get that working for him..

Then plug in pfsense so he doesn't have to change its local network and should just work right out of the box with only a couple of clicks.

dominicm · Oct 24, 2017, 9:29 AM

Guy, like I already said I did a factory reset and used almost all default options except for a few (seemingly) inconsequential options like timezone etc…

I also said that there was an issue with port labels on the device and interface numbering not matching which meant I was using the wrong ports (LAN and WAN reversed) at first but now I swapped them to the correct position but still had some issues.

I dont find it a challenge to change LAN address or many other options, but blindly changing options when you dont know how they work is a bad idea. I was confused with some of the options worked like DHCP on LAN. I didnt see seperate DHCP option, that makes sense to me now. Thanks @Grimson for the DHCP explanation.

Te reason it did work with laptop connected irectl but not over network was bit silly, laptop was connecting to wifi from ISP router before firewall an desktop I tried had static ip (192.168.0.50) when pfsense used 192.168.1.1, so no wonder it didnt work.

Will try changing the ISP router ip next so my static ip's dont have to change when used with pfsense.