Static WAN to Bridged Router

sikita

I am quite new to PFsense and could not find the answer here.

I have PFsense router connected to bridged/DMZ Wifi router on WAN. See configuration of that router:

I am trying to set static ip on WAN to 192.168.168.2 which is DMZ ip. I can get working internet routing with DHCP setting:

Destination        Gateway            Flags     Netif Expire
default            192.168.168.1      UGS        igb0
10.0.0.0/24        link#2             U          igb1
10.0.0.138         link#2             UHS         lo0
10.10.0.0/24       link#8             U        igb1.3
10.10.0.138        link#8             UHS         lo0
10.10.10.1         link#2             UHS         lo0
10.10.10.1/32      link#2             U          igb1
127.0.0.1          link#5             UH          lo0
192.168.168.0/24   link#1             U          igb0
192.168.168.2      link#1             UHS         lo0
192.168.168.2/32   link#1             U          igb0
192.168.168.140    link#1             UHS         lo0

But I am unable to get that working with static IP and gateway to 192.168.168.1/32, see:

Destination        Gateway            Flags     Netif Expire
10.0.0.0/24        link#2             U          igb1
10.0.0.138         link#2             UHS         lo0
10.10.0.0/24       link#8             U        igb1.3
10.10.0.138        link#8             UHS         lo0
10.10.10.1         link#2             UHS         lo0
10.10.10.1/32      link#2             U          igb1
127.0.0.1          link#5             UH          lo0
192.168.168.2      link#1             UHS         lo0
192.168.168.2/32   link#1             U          igb0

What am I missing? Thanks for help.

bfeitell

This post is deleted!

viragomann

It can't work with a /32 WAN IP. That's a single address network. But the WAN gateway must be within the WAN network.
So if your WAN network is a /24 also set that mask on pfSense an enjoy.

If you want to open up the WAN for incoming connection you have also to remove the check at "block private networks" in the WAN interface settings.

bfeitell

I would try a /30 in that configuration as you only need two hosts on the "WAN" network.

Better still would be to put the WiFi router into AP mode, turn off routing, and use the pfSense box as the firewall and DHCP server for your internal network(s). I have a friend using a pfSense box and a WRT-54G running DD-WRT in this fashion. The WiFi router acts as nothing more than an AP and a dumb switch. Depending upon the software, you may be able to map the router's WAN port onto the LAN switch and gain an extra port.

By setting things up as you discuss, your connections through the pfSense box will still be limited by the timeouts and tiny state table of the wifi router. You will also need to use awkward port forwards to run any services available to the outside, such as VPNs.

sikita

Thank you for both tips. I get strange behavior, as you can see there was missing "Default" route to GateWay in second routing table. When I tried to save static ip to wan I misstyped the IP and entered 192.168.168.1/24 (ip of gateway). When I fixed that to 192.168.168.2/24 then I finaly get correct "Default" route to 192.168.168.1. BUT when I wanted to try 192.168.168.2/30 I lost "Default" route again! Even when I save back /24. I was able to get the "Default" route only the same way - using 192.168.168.1 and then 192.168.168.2. Any idea of such strange behavior?

Anyway it is working now but I am worried about loosing default route during PF router reboot or anyhow. Ideas?

bfeitell

Both sides would need to be /30. 192.168.168.1/30 on one side, and 192.168.168.2/30 on the other. Each defines a network with a host range of two hosts 192.168.168.1-192.168.168.2, with a broadcast address of 192.168.168.3. If you have the wrong subnet mask on one side it throws off the broadcast address and things break.

http://www.subnet-calculator.com/

sikita

Ok, all clear, thank you!