Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Correct GW for bridged pfSense box

    Scheduled Pinned Locked Moved Firewalling
    4 Posts 2 Posters 498 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      krak3n
      last edited by

      I am having trouble determining the correct GW for a bridged pfSense box.

      Goal: Place pfSense on my home network in order to add a layer of protection and hopefully get an idea of what my internet traffic looks like.

      Current setup:

      ISP provided router (bridged mode) --> Mikrotik router

      The Mikrotik is a wireless access point running an additional virtual access point each with it's own subnet, lets say 192.168.88.xx and 192.168.99.xx respectively assigned via DHCP based on the which AP the device is connected to. One of the subnets is tunneled to a VPN provider so that I can easily connect wireless devices to a VPN, even without a native client installed on the device.

      Proposed setup:

      My internet research shows that in order to install PfSense on my network and to avoid having a double NAT situation, I would need to use PfSense as a bridged or transparent firewall and continue to have all routing done by the Mikrotik router/AP so my network would look like:

      ISP provided router (bridged mode) --> PfSense box (bridged mode) --> Mikrotik router

      correct? In this mode, what do I configure the PfSense box gatweay to be? Should it be the Mikrotik (192.168.88.1) or the Gateway associated with the public IP address I get from the ISP?

      Thanks in advance....

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        @krak3n said in Correct GW for bridged pfSense box:

        get an idea of what my internet traffic looks like.

        And your Mikrotik is not showing you what traffic is to and from the internet?

        Pfsense would replace the Mikrotik - not sure what you think putting pfsense as a bridge between internet and nat router is going to get you?

        All the traffic your see is just going to be from your public IP to internet - you will have no idea which client behind your current router is doing the traffic, etc.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

        1 Reply Last reply Reply Quote 0
        • K
          krak3n
          last edited by

          Well put, that is why I put my goals in the post, do get input on other/better ways to do things.

          • And your Mikrotik is not showing you what traffic is to and from the internet?

          Not with the granularity that I was looking for, but it could be that I haven't fully utilized its feature set.

          • Pfsense would replace the Mikrotik - not sure what you think putting pfsense as a bridge between internet and nat router is going to get you?

          So the Mikrotik offers quite a few features (maybe only found on higher end routers) but with the increased feature set, likely comes increased attack surface. I "trust" Pfsense more than Mikrotik. With that being said, I have a wireless setup that I like with the Mikrotik which is why I was trying to keep it.

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            Why can you not just leverage the Mik as AP? Then use pfsense as your edge firewall/router and for routing all your internal segments. This will give you insight and control over your internal network and to and from the internet. Just leverage the Mik as wireless.

            What specific model do you have?

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.7.2, 24.11

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.