Routing only pfsense configuration
-
Are there any guides to setting up pfsense to perform only routing (no firewalling) and using a different device for firewall? I have multiple vlans configured on pfsense and would like to have all of those routed through another device upstream.
Something like this:
LAN
^
Internet <–> Edge firewall <--> PFSense <--> VLANsI expect I will need to set the "WAN" on PFsense to be an address on the "LAN" for the upstream device and check the box under System > advanced > Firewall & NAT > "Disable all packet filtering" but wasn't sure if there was anything else that needed to be done.
-
You will also need to go to Firewall > NAT, Outbound tab and disable outbound NAT
Just remember with "disable all packet filtering" set you can't control access to the GUI, do QoS, scrub/reassemble/mss adjust packets, or anything else that requires pf active.
-
Thank you jimp!
Only other thing I want to confirm is with the below steps:
1. Set pfsense WAN to be a LAN IP on Edge firewall
2. Disable outbound nat
3. Disable all packet filtering
4. Set the default gateway to be the LAN IP of the Edge firewallAre there any other changes that would need to be made specific to the vlans? I'm assuming that the vlan routing (dhcp relay is in use) would stay intact and is separate from pf.
-
Actually with pf off you don't have to disable outbound NAT since it will be off naturally, but you may still want to do that in case you decide you want pf enabled later but still need routing without altering traffic.
The VLANs won't care on their own, just make sure the upstream router has routes pointing the VLAN subnets back at pfSense, and your edge will also need to do NAT for the VLAN subnets.
-
Yep makes sense.
From the DHCP perspective the gateway would remain the same (currently pfsense box) I would think since pfsense is the first hop.
-
I know its an old topic, but exactly my inquiry. Is there any way to manipulate FRR or even turn the PF-filtering back on once its off?
-
@mountainlion I disabled pf filter, now I cant get admin gui access.
From console, I was able to issue pfctl -e and the gui still didnt work.
I shutdown and started, still no go.Any ideas how to re-enable the gui after issuing the "disable pf-filter"?
