Route all traffic through pfSense WAN to external Router with internet access
-
We have a working pfSense configuration, where the WAN interface is in bridge mode (PPPoE) with an external modem. We are changing ISP due to a line upgrade, and we are provided with a new MODEM, which cannot be set up in bridge mode.
We want to use the provided MODEM to gain Internet access and route all our LAN traffic through our pfSense box to the MODEM and finally to the INTERNET.EXISTING CONFIGURATION:
[ pfSense firewall ]
INTERNET <–-- [MODEM-]–--[-WAN LAN(192.168.254.1)]<–-->[SWITCH]<–-->{Internal Lan (192.168.254.0/24)}
|___________|
Bridge Mode#root: netstat -nr
Routing tablesInternet:
Destination Gateway Flags Netif Expire
default A.B.C.xxx UGS pppoe1
A.B.C.xxx link#10 UH pppoe1
A.B.C.D link#10 UHS lo0
127.0.0.1 link#5 UH lo0
192.168.254.0/24 link#9 U lan0
192.168.254.1 link#9 UHS lo0
A.B.C.ns1 A.B.C.xxx UGHS pppoe1
A.B.C.ns2 A.B.C.xxx UGHS pppoe1where:
A.B.C.xxx is the gateway IP of the WAN interface, assigned after every PPPoE connection
A.B.C.D is my external assigned static IP , assigned after every PPPoE connection
A.B.C.ns1 and A.B.C.ns2 the DNS servers of my ISP, assigned after every pppoE connectionAll the clients in the internal lan (192.168.254.0/24) are assigned DHCP addresses with default gateway the LAN IP (192.168.254.1)
POTENTIAL CONFIGURATION:
What we would like to do, is keep all the pfSense "LAN part" unchanged, and change only the WAN interface, in order for the LAN clients to access the internet and the LAN services be accessed from the internet.Is the following configuration possible?
INTERNET <–-[ MODEM/ROUTER ] [ pfSense fw ]
[ (10.0.0.1) LAN1 ]<–->[ WAN (10.0.0.254) ]
[ LAN (192.168.254.1) ]<–-->[SWITCH]<–-->{Internal Lan (192.168.254.0/24)}where:
for the WAN interface under pfSense:
General Settings:
IPv4 Configuration Type: Static IPv4
Static IPv4 Configuration: 10.0.0.254/24
IPv4 Upstream gateway: NONE
Reserved Networks/Block private networks and loopback addresses: NO
Block bogon networks: NOfor the LAN interface under pfSense:
General Settings:
IPv4 Configuration Type: Static IPv4
Static IPv4 Configuration: 192.168.254.1/24
IPv4 Upstream gateway: NONE
Reserved Networks/Block private networks and loopback addresses: NO
Block bogon networks: NOfor the routing under pfSense:
System/Routing/Gateways/ADD:
Interface: WAN
Gateway: 10.0.0.1
Default Gateway: YESSystem/Routing/Static Routes/ADD
Destination Network: 192.168.254.0/24
Gateway: WANSystem/Routing/Static Routes/ADD
Destination Network: 10.0.0.0/24
Gateway: WANfor the routing under my ISP's MODEM/ROUTER:
#route add -net 10.0.0.0/24 192.168.254.1Is such a configuration possible? Are the above correct?
Thank you in advance for your time.
-
The set-up is possible though, but the routes make zero sense.
where:
for the WAN interface under pfSense:
General Settings:
IPv4 Configuration Type: Static IPv4
Static IPv4 Configuration: 10.0.0.254/24
IPv4 Upstream gateway: NONE
Reserved Networks/Block private networks and loopback addresses: NO
Block bogon networks: NOEnter the ISP routers internal IP 10.0.0.1 as upstream gateway here.
for the routing under pfSense:
System/Routing/Gateways/ADD:
Interface: WAN
Gateway: 10.0.0.1
Default Gateway: YESThe gateway is set automatically if you enter the IP in the WAN interface settings, as above.
System/Routing/Static Routes/ADD
Destination Network: 192.168.254.0/24
Gateway: WANSystem/Routing/Static Routes/ADD
Destination Network: 10.0.0.0/24
Gateway: WANWhy want you add routes for networks which are connected to pfSense directly? That's absurd.
for the routing under my ISP's MODEM/ROUTER:
#route add -net 10.0.0.0/24 192.168.254.1The same here.
On the IPS router forward the whole traffic to the pfSense WAN IP.