Bridging WAN to Modem via laptop



  • Hey ya'll,

    This seems like it should be straightforward (like most of pfsense has been), but I've been hitting my head against this for a while. Help me see what I'm missing, please!

    I won't have complete control over all the networking hardware in my next housing situation, but still want to be able to use pfsense to isolate and monitor all of my own devices on an otherwise unused subnet. To this end, I have an old laptop wirelessly connected to the wifi in the house, while being bridged together with the ethernet port, which connects directly to the pfsense WAN port.

    I've ensured that the laptop has a static IP on the modem, which is being passed to pfsense. Here's what this setup is looking like right now:

    Internet –- Modem (192.168.0.1) --- Laptop (192.168.0.50) --- (192.168.0.50, WAN) pfsense (192.168.100.1, LAN)

    The firewall logs are even reporting some measure of success connecting IPs from the LAN with those on the internet, but I've been unable to ping the modem from a device on the LAN. However, I can hit pfsense and the laptop just fine.

    Like I said, let me know what's missing here, or if there's more information that would be helpful.

    If this looks familiar, it's because I've got another (unanswered) post going on reddit as well (https://www.reddit.com/r/PFSENSE/comments/85hpjb/bridged_laptop_for_wan_connection/)

    E:

    Hey, so it's working!

    To do my due diligence for those that may come behind, here's the TL;DR:

    I switched from using a bridged laptop, to instead using a wireless repeater. My Netgear 1200 (192.168.0.7, though this doesn't matter) is wirelessly attached to my CL modem (192.168.0.1). The 1200 is then wired straight into the WAN port on pfsense (192.168.0.50) and provided a static IP on the CL modem. pfsense then translates to a different LAN subnet (192.168.100.0, with pfsense on 192.168.100.1). The rest of the devices that are attached to the LAN either acquire their leases through DHCP (on 192.168.100.0) or are manually assigned.

    As it always seems to be, the firewall and NAT (i.e., permissions) were the issue. Once my VPN connections were successful, it was just a matter of massaging the firewall into shape to allow connections across the VPN and into the broader internet across the WAN. This part will vary by setup, so best of luck to however you've got your network configured.

    Thanks to everyone that nudged me in the right direction!



  • This sounds more like a Windows config issue than pFsense.

    Are you able to Internet from the laptop?

    Is entirely possible the "modem" is running on /2 mask and you must make laptop .2?

    Is this a dorm?  Some uni fixed assign you a number of IPs even though they maybe DHCP-delivered.

    Here is a blob about can't ICS while using WIFI? https://answers.microsoft.com/en-us/windows/forum/windows_10-networking-winpc/internet-connection-sharing-in-windows-10/f6dcac4b-5203-4c98-8cf2-dcac86d98fb9

    Your Windows ICS is not configured correctly or your site "modem" is imposing restrictions on you.



  • I am in a similar situation where my neighbor and I share the Internet…so, what I have done is used a WIFI repeater to connect to the cable modem (WIFI) and connect via Ethernet cable to my Pfsense machine WAN...then, Pfsense machine Ethernet LAN cable to my personal network.  Works great with the only issue, which is really not a critical one, are lots of Suricata and Snort ICMP and IGMP alerts from neighbor's nosey devices LOL. They're blocked though.

    It's actually an elaborate setup involving Pfsense, Mikrotik, and Apple Extreme.



  • At this point, I'm on board with Windows being the problem. However, I tried to use ICS as opposed to bridging the two connections, and have actually been set back.

    With the connections bridged, the laptop was able to connect via the wireless to the internet. I had access to the modem (though perhaps this is the wrong term?) and other devices connected to 192.168.0.0. What was tripping me up was trying to reach across the wired connection to pfsense and the LAN behind it (and from the LAN to the laptop).

    With ICS running, my ethernet adapter has been assigned an IP address on 192.168.137.1? Absolutely nothing on my network touches that subnet, so I'm not sure where that's coming from. From what little reading I've done on ICS, it looks like it's intended to push a wired connection to wireless devices, not the other way around. Perhaps Windows is setting up its own subnet for the wireless AP, and landed on 137? In any case, I've got no internet nor device access, and as a kicker, I can't bridge the two together like before. Evidently, ICS trumps bridging in Windows.

    To provide a little more detail about my hardware situation and why I'm pursuing this, I'm living in a city where house-sharing is a necessity to be able to afford rent. As a result, I can't assume that I'll be able to physically access the hardware in the house, let alone be given permission to access the PPP information to establish my own network on my own hardware. It doesn't seem like more leases here include a clause about admin rights! I'm abundantly aware that this is not what pfsense is designed for, and as far as use cases go, is fringe. But this is the situation I'm in right now, and if nothing else it gives me something to work on in the evenings. All that to say, no, I'm not in the dorms.



  • @NollipfSense:

    so, what I have done is used a WIFI repeater to connect to the cable modem (WIFI) and connect via Ethernet cable to my Pfsense machine WAN.

    You know what, I think I have one of those. Let's see what happens.

    –-

    E:

    Okay, so I grabbed my repeater (a Netgear AC1200, if that helps anyone). It's wirelessly connected to my modem, and then wired straight into the WAN port of pfsense. Still doesn't do jack.

    But here's the catch, it's sort of working. My OpenVPN connections are actually back up and running, and demonstrate a very small amount of traffic moving over the network. This is progress!

    Furthermore, I think I've narrowed it down to what seems to be my eternal nemesis, firewall rules. I've arrived at this conclusion because when directly connecting my laptop via ethernet to the repeater, I get internet access. So the wired connection is good going in to pfsense, but nothing is getting passed through to LAN clients on the other side.

    My last concern is that I'm not properly translating between subnets. This is my first time using any non-standard subnet range (192.168.100.0). When I had pfsense working previously, all my devices were on 192.168.0.0, and I didn't have to translate between the two. Do I have to add in any extra firewall rules to enable this?



  • @Aethrios:

    @NollipfSense:

    so, what I have done is used a WIFI repeater to connect to the cable modem (WIFI) and connect via Ethernet cable to my Pfsense machine WAN.

    You know what, I think I have one of those. Let's see what happens.

    –-

    E:

    Okay, so I grabbed my repeater (a Netgear AC1200, if that helps anyone). It's wirelessly connected to my modem, and then wired straight into the WAN port of pfsense. Still doesn't do jack.

    But here's the catch, it's sort of working. My OpenVPN connections are actually back up and running, and demonstrate a very small amount of traffic moving over the network. This is progress!

    Furthermore, I think I've narrowed it down to what seems to be my eternal nemesis, firewall rules. I've arrived at this conclusion because when directly connecting my laptop via ethernet to the repeater, I get internet access. So the wired connection is good going in to pfsense, but nothing is getting passed through to LAN clients on the other side.

    My last concern is that I'm not properly translating between subnets. This is my first time using any non-standard subnet range (192.168.100.0). When I had pfsense working previously, all my devices were on 192.168.0.0, and I didn't have to translate between the two. Do I have to add in any extra firewall rules to enable this?

    Now that you have it sort of working, remember to leave some karma. Also, I would recommend that you either do a fresh install of Pfsense or set it back to default (Diagnostics > Factory Defaults) because your LAN should have been 192.168.1.1.



  • I'm not sure if you had the chance to read about my situation, but I would prefer to use the higher subnet that I've already selected (192.168.100.0). As I have no additional firewall rules than those that are installed by default, what would resetting to factory defaults do for me? While I think I could rebuild all my settings, I would rather not have to reconstruct all my OpenVPN clients, their associated rules, etc.

    More generally though, does it seem like everything should be working at this point? Technically, if things check out, then I'm fine with tinkering for a little longer before pulling the trigger on a reset.



  • @Aethrios:

    I'm not sure if you had the chance to read about my situation, but I would prefer to use the higher subnet that I've already selected (192.168.100.0). As I have no additional firewall rules than those that are installed by default, what would resetting to factory defaults do for me? While I think I could rebuild all my settings, I would rather not have to reconstruct all my OpenVPN clients, their associated rules, etc.

    More generally though, does it seem like everything should be working at this point? Technically, if things check out, then I'm fine with tinkering for a little longer before pulling the trigger on a reset.

    Okay, thanks for making that clear…thought you were having problems getting your subnets, now to think of it, did you set LAN to 192.168.100.1 or 2. or 3, etc? I don't think it will work with LAN 192.168.100.0 as that's the network address.



  • @NollipfSense:

    Did you set LAN to 192.168.100.1 or 2. or 3, etc? I don't think it will work with LAN 192.168.100.0 as that's the network address.

    Yeah, I have 192.168.100.1 as the IP for pfsense on the LAN. I've been using 192.168.XXX.0 to refer to the entire subnet. My nomenclature isn't totally on point, but I'm working on it.



  • So, is it working now? If not, did you go to Services > DHCP server and enable the service on LAN?


Log in to reply