Static WAN to Bridged Router
-
I am quite new to PFsense and could not find the answer here.
I have PFsense router connected to bridged/DMZ Wifi router on WAN. See configuration of that router:
I am trying to set static ip on WAN to 192.168.168.2 which is DMZ ip. I can get working internet routing with DHCP setting:
Destination Gateway Flags Netif Expire default 192.168.168.1 UGS igb0 10.0.0.0/24 link#2 U igb1 10.0.0.138 link#2 UHS lo0 10.10.0.0/24 link#8 U igb1.3 10.10.0.138 link#8 UHS lo0 10.10.10.1 link#2 UHS lo0 10.10.10.1/32 link#2 U igb1 127.0.0.1 link#5 UH lo0 192.168.168.0/24 link#1 U igb0 192.168.168.2 link#1 UHS lo0 192.168.168.2/32 link#1 U igb0 192.168.168.140 link#1 UHS lo0
But I am unable to get that working with static IP and gateway to 192.168.168.1/32, see:
Destination Gateway Flags Netif Expire 10.0.0.0/24 link#2 U igb1 10.0.0.138 link#2 UHS lo0 10.10.0.0/24 link#8 U igb1.3 10.10.0.138 link#8 UHS lo0 10.10.10.1 link#2 UHS lo0 10.10.10.1/32 link#2 U igb1 127.0.0.1 link#5 UH lo0 192.168.168.2 link#1 UHS lo0 192.168.168.2/32 link#1 U igb0
What am I missing? Thanks for help.
-
This post is deleted! -
It can't work with a /32 WAN IP. That's a single address network. But the WAN gateway must be within the WAN network.
So if your WAN network is a /24 also set that mask on pfSense an enjoy.If you want to open up the WAN for incoming connection you have also to remove the check at "block private networks" in the WAN interface settings.
-
I would try a /30 in that configuration as you only need two hosts on the "WAN" network.
Better still would be to put the WiFi router into AP mode, turn off routing, and use the pfSense box as the firewall and DHCP server for your internal network(s). I have a friend using a pfSense box and a WRT-54G running DD-WRT in this fashion. The WiFi router acts as nothing more than an AP and a dumb switch. Depending upon the software, you may be able to map the router's WAN port onto the LAN switch and gain an extra port.
By setting things up as you discuss, your connections through the pfSense box will still be limited by the timeouts and tiny state table of the wifi router. You will also need to use awkward port forwards to run any services available to the outside, such as VPNs.
-
Thank you for both tips. I get strange behavior, as you can see there was missing "Default" route to GateWay in second routing table. When I tried to save static ip to wan I misstyped the IP and entered 192.168.168.1/24 (ip of gateway). When I fixed that to 192.168.168.2/24 then I finaly get correct "Default" route to 192.168.168.1. BUT when I wanted to try 192.168.168.2/30 I lost "Default" route again! Even when I save back /24. I was able to get the "Default" route only the same way - using 192.168.168.1 and then 192.168.168.2. Any idea of such strange behavior?
Anyway it is working now but I am worried about loosing default route during PF router reboot or anyhow. Ideas?
-
Both sides would need to be /30. 192.168.168.1/30 on one side, and 192.168.168.2/30 on the other. Each defines a network with a host range of two hosts 192.168.168.1-192.168.168.2, with a broadcast address of 192.168.168.3. If you have the wrong subnet mask on one side it throws off the broadcast address and things break.
http://www.subnet-calculator.com/
-
Ok, all clear, thank you!