Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Leased Line - Wires Only - Routing

    Routing and Multi WAN
    2
    4
    867
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      smaxwell2
      last edited by

      Hi All :)

      I have a site where they have ordered a "Wires Only" leased line, meaning the ISP does not supply a managed router.

      I am thinking of using a pfSense Router as the router.

      They have advised the following:

      WAN Connection Details
      WAN IP Address : 85.x.x.209
      Gateway : 85.x.x.208
      VLAN 4094

      LAN IP Details
      Network Address : 106.x.x.16
      Broadcast Address : 106.x.x.31
      Subnet Mask : 255.255.255.240
      Router IP Address (Default Gateway) : 106.x.x.17
      Available IP Range : 106.x.x.18 to 106.x.x.30

      How would I configure this on a dedicated pfSense Box, so I could then connect the devices to the LAN of the pfSense, programmed with Static IPs within the "Available IP Range" with no Firewall rules.

      Sure this is simple, can anyone point me in the right direction here ?

      Thanks โ˜บ

      1 Reply Last reply Reply Quote 0
      • JeGrJ
        JeGr LAYER 8 Moderator
        last edited by JeGr

        so I could then connect the devices to the LAN of the pfSense, programmed with Static IPs within the "Available IP Range" with no Firewall rules.

        So just to check: you want to plug the LAN port into a switch, connect other HW boxes to it with e.g. 106.x.x.23 configured and it should just work? Without any firewalling, just simple pass through of all packages from WAN<->LAN?

        Don't forget to upvote ๐Ÿ‘ those who kindly offered their time and brainpower to help you!

        If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

        S 1 Reply Last reply Reply Quote 1
        • S
          smaxwell2 @JeGr
          last edited by

          @JeGr Yes - exactly this :)

          1 Reply Last reply Reply Quote 0
          • JeGrJ
            JeGr LAYER 8 Moderator
            last edited by

            Easy.

            • Setup VLAN 4094 on the interface, you'll plug in WAN.
            • Switch/configure WAN to <physical interface>:4094
            • configure static IP as per your connection details
            • set up LAN as per your LAN details with pfSense getting .17
            • enter NAT settings, go to Tab outbound
            • switch to manual mode
            • remove all NAT entries besides the 127.0.0.x ones so you have NO NAT rules besides the localhost ones.
            • enter Firewall rules
            • create a WAN rule "block from any to firewall address port any" rule so no access to your firewall from the outside internet is possible
            • create a WAN "pass any to LAN net" rule to allow anything else
            • check LAN that "pass any to any" (default) is still there.
            • if you want to manage pfSense via a special third interface you should use that as "lan" and setup the third interface as "DMZ" or "SRV" and create a block firewall address and pass anything else rule there.

            -> Now you have no NATting from LAN to WAN and pass traffic from WAN->LAN and LAN->WAN without blocking anything. So you're routing only. I'd advise to go the extra mile and add a third interface and use a dedicated interface to manage your pfSense so to not allow traffic to the webUI from WAN or you "server network".

            Don't forget to upvote ๐Ÿ‘ those who kindly offered their time and brainpower to help you!

            If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.