Leased Line - Wires Only - Routing
smaxwell2 last edited by
Hi All :)
I have a site where they have ordered a "Wires Only" leased line, meaning the ISP does not supply a managed router.
I am thinking of using a pfSense Router as the router.
They have advised the following:
WAN Connection Details
WAN IP Address : 85.x.x.209
Gateway : 85.x.x.208
LAN IP Details
Network Address : 106.x.x.16
Broadcast Address : 106.x.x.31
Subnet Mask : 255.255.255.240
Router IP Address (Default Gateway) : 106.x.x.17
Available IP Range : 106.x.x.18 to 106.x.x.30
How would I configure this on a dedicated pfSense Box, so I could then connect the devices to the LAN of the pfSense, programmed with Static IPs within the "Available IP Range" with no Firewall rules.
Sure this is simple, can anyone point me in the right direction here ?
so I could then connect the devices to the LAN of the pfSense, programmed with Static IPs within the "Available IP Range" with no Firewall rules.
So just to check: you want to plug the LAN port into a switch, connect other HW boxes to it with e.g. 106.x.x.23 configured and it should just work? Without any firewalling, just simple pass through of all packages from WAN<->LAN?
smaxwell2 last edited by
@JeGr Yes - exactly this :)
- Setup VLAN 4094 on the interface, you'll plug in WAN.
- Switch/configure WAN to <physical interface>:4094
- configure static IP as per your connection details
- set up LAN as per your LAN details with pfSense getting .17
- enter NAT settings, go to Tab outbound
- switch to manual mode
- remove all NAT entries besides the 127.0.0.x ones so you have NO NAT rules besides the localhost ones.
- enter Firewall rules
- create a WAN rule "block from any to firewall address port any" rule so no access to your firewall from the outside internet is possible
- create a WAN "pass any to LAN net" rule to allow anything else
- check LAN that "pass any to any" (default) is still there.
- if you want to manage pfSense via a special third interface you should use that as "lan" and setup the third interface as "DMZ" or "SRV" and create a block firewall address and pass anything else rule there.
-> Now you have no NATting from LAN to WAN and pass traffic from WAN->LAN and LAN->WAN without blocking anything. So you're routing only. I'd advise to go the extra mile and add a third interface and use a dedicated interface to manage your pfSense so to not allow traffic to the webUI from WAN or you "server network".