Router/Modem & pfSense Box Complication



  • So I have a setup that has a DSL modem that acts as a router currently on a network, some of the clients are connected straight into that, and connecting them to the pfSense router is not physically practical.

    Meanwhile I have a small handful of physical boxes and devices that connect physically to the pfSense router, which connects to the modem. And some virtualized systems that also use the pfSense router as their main gateway/router.

    Currently they're setup on two network segments, ideally I'd prefer to have them on one, and have pfSense basically forward things to a degree so that I could see all systems semi-transparently, without static routes. The reason being is that while the pfSense has a static route to the modem, the modem has no facility to have static routes so it cannot.

    The intention is to stick the pfSense router in the modems DMZ, and allow pfSense to route the bulk of content that needs to more dynamically bypass the modem, as well as facilitate that hosts that are behind it for DHCP/DNS, relying on it's firewall to protect them laregly.

    I'm not sure if there's some combination of DHCP relay and various other settings that can accomplish this, but would love to know if anyone can help me out. Thanks!



  • The simplest solution would be to stop using the modem as a router, add a switch by the modem, wire the modem to the wan port of pfsense and wire back a lan port to the switch.

    Another alternative depending on the flexibility of the DHCP server of the modem is to tell it to give the pfsense box as the gateway and DNS for clients. They will all go through that, of course this assumes the pfsense box is wired as lan to the modem and it's DHCP is off.



  • @duren:

    The simplest solution would be to stop using the modem as a router, add a switch by the modem, wire the modem to the wan port of pfsense and wire back a lan port to the switch.

    Another alternative depending on the flexibility of the DHCP server of the modem is to tell it to give the pfsense box as the gateway and DNS for clients. They will all go through that, of course this assumes the pfsense box is wired as lan to the modem and it's DHCP is off.

    Given the physical constraints, the second option sounds much more promising. This would of course mean that the WAN and LAN are directly on the same physical system, and that the hosts should all treat pfSense as their primary gateway, yes? I can turn DHCP off entirely on the Modem, so this may work. I'll have to poke at it and see how it behaves. I'm unsure if pfSense will allow me to use the same network segment on multiple interfaces (WAN, LAN, etc.). If so this should be fine, and would allow all the clients to resolve to each other as if they were all physically in the same segment, including the virtual systems.