How to connect a Asus router to pfsense
I have a network with mulitiple vlans, using pfsense 2.4.3.
I would like to use an extern Asus RT-N66U router on one of my vlan that handle all the firewall and network. Then the owner of that vlan can connect to this Asus router and manage his network like he want to.
I want all the traffic to through pfsense directly to the Asus router like a tunnel from Wan to Asus.
How can I set this up?
So I assume, you want to use a specific WAN address to be forwarded to that network.
If so, set up a 1:1 NAT with that public IP and the internal IP of the router and add a firewall rule to WAN which allow anything to the router IP.
So any access to that specific WAN IP is forwarded to the ASUS router and upstream packets get that WAN IP when leaving pfSense on WAN.
Hi, thanx for your reply
This is pretty much what I had in mind, but I don't think I have two WAN ip adresses available. My pfSense is connected directly to my fiber-cat6 converter, and I pay extra for a static IP.
My ISP told me that my fiberport was set up to static IP and therefore I may not get another WAN ip adress. But the guy wasn't quite sure.
The best would be if my Asus router used the same WAN ip adress as the rest of my Vlans. Is that possible?
With a single WAN IP it's not possible to use the same services on multiple internal servers. For instance if want to provide web services you can only forward the ports 80 and 443 to one single internal server.
So if the customer provide network services you can forward the ports by Firewall > NAT > Port froward, but you cannot use these ports on the other networks.
For outgoing connection this will be no problem. There are also no special settings necessary for that.
Yes I understand what you mean.
As long as I skip any services to that router, can I set up a any-any firewall roule and then the Asus is in a DMZ zone?
Yes, in conjunction with a NAT portforwarding rule, any incoming connection will be forwarded to the ASUS router.
First give the Lan IP address to the same subnet as the pfSense,
Turn off DHCP from the router,
Connect cable From the LAN side of the wireless router to the pfsense interface.
do not use the internet on the wireless router.