Share WAN connection



  • Hello,
    I am using pfsense for a few years already without any issues - great project 👍
    My setup is pretty staright forward: pfsense box with multiple NICs, one used for WAN (connected to cable modem, one static IP) and one for LAN.
    Now I am looking for a way to make my WAN connection available to another router that I would like to connect to one of the free NIC ports. In a way that appears to the router like it is connected to the cable modem directly without any routing in between. What is the best way to approach this? Is this even possible?


  • LAYER 8 Global Moderator

    Why would you want to do this? Put a switch between your cable modem your devices if you want multiple devices connected to the L2 coming off your cable modem.



  • Unless your ISP gives you more than one IP address (most cable ISP's do not for residential grade) you will not be able to make this work.

    Can you instead make another LAN for your second purpose?



  • @johnpoz said in Share WAN connection:

    Why would you want to do this? Put a switch between your cable modem your devices if you want multiple devices connected to the L2 coming off your cable modem.

    Simply to avoid installing another device while free NIC ports available. But:

    @chpalmer said in Share WAN connection:

    Unless your ISP gives you more than one IP address (most cable ISP's do not for residential grade) you will not be able to make this work.

    I could get more more static IPs here for my business account at the ISP but maybe not worth the extra money.

    @chpalmer said in Share WAN connection:

    Can you instead make another LAN for your second purpose?

    That is what I have tried first. Setup LAN2 and routing on my pfsense box and connected the WAN side of the router to LAN2 (192.168.1.x) and the LAN side of the router to my "old" LAN1 (192.168.0.x) with its DHCP server disabled since I got one running in the network already. The router can be accessed via LAN1 and is also able to connect to the internet to fetch updates, get time via ntp etc. But the problem is: my cable modem is a somehow by software crippled router and also holds the phone numbers and is configured by the provider. And from the router I am unable to connect to the SIP registrar that is running on this cable modem. I guess some port forwardings missing or it is due to the double NAT but I not get it working. Any ideas?


  • LAYER 8 Global Moderator

    I would suggest you ask your questions in your native language section to start with ;)

    So you want to use a another port as a switch? If so then why would you use a different network..

    To be honest I can not tell WTF you want to do... Seems like something to do with SIP?? Behind pfsense..


  • Netgate Administrator

    Mmm, diagram needed here I think.

    Steve



  • If you have only one IP address given by your network provider, from your modem connect a router and switch and connect to your pfsense but your internet connection speed will be divided. Other user connected to your pfsense and others are connected directly to your router.


  • LAYER 8 Global Moderator

    Who says is actually a "modem" it could also be a gateway also doing NAT..

    Users and companies do it all the time use the WRONG freaking term for their device.. So you have no idea of its functionality. If it actually is a cable modem with a "public" static IP... For all we know he setup a 192.168.1.100 as static on pfsense pointing his "modem" at 192.168.1.1

    Whatever if he needs more devices on that layer 2 between the ISP device and his router - is use a switch!!



  • @johnpoz To be precise is it an IPv4 eRouter Specs: https://apps.cablelabs.com/specification/ipv4-and-ipv6-erouter-specification/) that "provides a transparently routed transfer network. In this configuration Firewall, NAT, DHCP and WiFi are disabled on the router. Telephony related functions are available".
    Here is a little drawing with a second LAN like chpalmer suggested.
    alt text


  • LAYER 8 Global Moderator

    Huh is that suppose to be the same device that FB6490 with multiple connection to pfsense?

    What is the point of Zugang uber Lan router?

    And then you have another downstream router FB7390 also what looks to be the lan1 and lan2 which seems to be 192.168.0/??? 24?



  • FB6490 (UM) is the eRouter that I got from my ISP, connected to broadband cable.
    The second FB6490 is purchased by me and with stock firmware of the manufacturer (AVM) and configured to have the WAN side on RJ45 Port on the device instead of establishing the WAN connection over broadband cable. This mode is intended to be used if you have external cable modem. It does NAT, firewalling etc.
    FB7390 is not acting as a router since it is set to IP client mode: no routing, NAT or Firewall but telephony related functions are available.

    FB6490(UM) act as a SIP registrar. FB7390 in LAN1 can register to it, but FB6490 in LAN2 can't.

    Sorry to bother with this very awkward setup but I am limited to make it work in this way since my ISP is configuring the SIP numbers on FB6490(UM).
    Normally I would chose to simply enter the credentials of all the phone numbers in my own FB6490. But that is not possible.


  • LAYER 8 Global Moderator

    You do understand the pfsense can be a sip proxy right..
    https://www.netgate.com/docs/pfsense/packages/siproxd-package.html



  • @seb-r said in Share WAN connection:

    FB6490

    His cable company is his phone company from what Im getting..

    https://avm.de/produkte/fritzbox/fritzbox-6490-cable/

    You should still be able to put the modem in bridge mode and retain the modems telephone operation..



  • @johnpoz said in Share WAN connection:

    You do understand the pfsense can be a sip proxy right..

    Good point. I have installed siproxd, set outbound to WAN and inbound to LAN2. Everything else was left default. After reloading states FB6490 can register to the SIP registrar on FB6490(UM) BUT at the same time now FB7390 cannot register anymore to FB6490(UM). What does this mean?

    @chpalmer said in Share WAN connection:

    His cable company is his phone company from what Im getting..

    You got it right. And because the device is the property of the provider and also configured by the provider I am very limited.


Log in to reply