Behind a Router/NAT with a Bridge (Only option)



  • I live in a house where it's split (figure down the middle). On their side, they have the Comcast Netgear Modem which I have full access to. Since I haven't ran a hard wire from their side to mine, I had to use a bridge to get signal to my side. I've installed pfSense (current) and it's working (more or less) but there are some things I can't get past. Here is the layout:

    Comcast Netgear Internal DHCP 192.168.0.1

    Ubiquiti NanoBeam M5 (in Bridge Mode) took IP 192.168.0.24

    Switch to my pfSense/XBOX/Laptop(s)

    pfSense takes the IP (whether static or DHCP) of 192.168.0.24 and LAN I set to 192.168.2.50 (DHCP 192.168.2.101-149/24

    Added NoIp DynamicDNS in pfSense and it will only register/update on the LAN and not WAN.

    I'm thinking that since I'm basically double NAT, I'm not able to get the external IP to the pfSense with the setup and even the DDNS won't see the outside external IP.

    Does anyone have any suggestions?

    TIA



  • I'm thinking that since I'm basically double NAT, I'm not able to get the external IP to the pfSense with the setup and even the DDNS won't see the outside external IP.

    Yep.

    You have to port forward from the modem/router combo to your pfSense WAN address.    Try running the NoIP update software on a machine behind your pfSense box.



  • Thanks for the reply. Am I to assume I more or less have to forward every port I need the modem/router to see, as the external IP, to the pfSense?

    As for the DDNS Client, I will put it on a laptop I use on the network.

    I'm missing something here though,  as I asked above, to get the actual WAN IP to the pfSense so it registers the external. This is making things difficult and I can't configure my Open VPN like this.

    Also, my collision count is through the roof, so I suspect the double NAT is to blame.

    Thanks for any help.



  • Yes you would need to port forward anything you wanted to your router.

    In order to see a public IP on your pfSense box you would have to..

    1. Put the modem in pure bridge mode and then somehow talk your ISP into multiple addresses and get the other side their own router..  (your isp wont do this)

    or

    2. Get a commercial account and use the ISP gateway modem which will then allow you to use a Static public IP address.

    or

    3. Get your own account. Your own modem and thus you have full control.

    Actually if I were in your shoes Id pick up a box with at least three interfaces and put their modem in bridge mode. Then set up a LAN subnet for them and another for you.



  • I've entertained all 3 scenarios prior to the addition of the pfSense. I'm wondering if I tossed a cheap AP on their side for wireless (looks like a Roku and 2 iPhones) and bridged it on their side. It would make my life easier, that's for certain.

    They don't use and wired connections so I'd be okay there.

    Thanks for the replies, I appreciate it.



  • Now that I think about it, bridging the modem would lose my NanoBeam bridge over 5ghz. This is how I currently get my network so that's a bust.



  • @rast4man:

    Now that I think about it, bridging the modem would lose my NanoBeam bridge over 5ghz. This is how I currently get my network so that's a bust.

    Using their modems built in Wifi?



  • @chpalmer:

    @rast4man:

    Now that I think about it, bridging the modem would lose my NanoBeam bridge over 5ghz. This is how I currently get my network so that's a bust.

    Using their modems built in Wifi?

    Yes. Since I rely on the NanoBeam for the bridge, if I put the modem in bridge, I'd have to put an AP on their side and recreate the bridge. I don't have the ability to hard wire their modem to my equipment. Essentially, this is a huge PITA.


Log in to reply