pfSense as Firewall only?
-
Hi,
I would like to have pfsense working as a Firewall only. How can I accomplish that? I must disable NAT and we are ok?
I want my Network to work as this :
Thanks!
-
Something like this https://www.youtube.com/watch?v=1EXgyvwJZ6k ? (was the first link Google popped up for me)
-
Why do you have an Asus router and pfSense?
-
@JKnott I dont have a dedicated VDSL modem. So Asus works as the modem/router. Besides that, I want to have it work as an AP for the wireless Guests. As the post title says, I want to use pfsense as a Firewall only.
-
You are aware that the Wireless "Asus" guests won't use the pfSense firewall ?
-
@Gertjan Υes I do. The Asus router has its own firewall. So for this purpose I think its ok.
-
Do yourself a favour and get a modem, especially if your switch supports vlans, you could have your guest and normal wifi off the unifi ap.
If you're in the UK there are loads of dirt cheap ones on the bay.
-
@NogBadTheBad I live in Greece. I paid a lot of money for this Asus Modem/Router sooo... I want to have it working till it dies.
-
@uxm said in pfSense as Firewall only?:
@NogBadTheBad I live in Greece. I paid a lot of money for this Asus Modem/Router sooo... I want to have it working till it dies.
pfSense is way better, just putting that out there
Can you not put it into modem mode ?
-
@NogBadTheBad Im sure about that. I think I will go to pfsense slowly slowly. :) You feel me. Its psychological.
So.. for pfsense to work as a firewall only, what I have to do? The youtube video above is ok for me to follow its guide?
Thanks guys.
-
@uxm said in pfSense as Firewall only?:
@JKnott I dont have a dedicated VDSL modem. So Asus works as the modem/router. Besides that, I want to have it work as an AP for the wireless Guests. As the post title says, I want to use pfsense as a Firewall only.
You also have another access point, which could be configured with a 2nd SSID and VLAN for the guests. That's the proper way to do that.
-
-
-
One question guys. For pfsense to work only as a firewall, do i have to disable NAT? I think yes, right?
-
Yes disable outbound NAT.
Disable NAT
To completely disable NAT to have a routing-only firewall, do the following:
Navigate to Firewall > NAT on the Outbound tab
Select Disable Outbound NAT rule generation (No Outbound NAT rules)
Click Save
Apply changes
NAT may be performed on some interfaces and not others by configuring Outbound NAT rules accordingly.Details may be found in the pfSense Book.
https://docs.netgate.com/pfsense/en/latest/book/
Andy
1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22
-
This post is deleted! -
Thank you very much for your response @NogBadTheBad . One thing. I disabled NAT as you said and then I cant browse the internet (from any PC in the network). Is this the right behavior?
-
Have you added routes on your Asus router pointing to pfSense for the subnets on your pfSense router ?
Andy
1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22
-
@NogBadTheBad uh... no.
I have to add the subnet routes to my Asus router. Got that. I will add them and come back.Thank you a bunch.
-
Ok I added a route to my Asus router, for 192.168.2.0/24 (my router's IP network is 172.16.117.0/24) and disabled NAT on my pfsense Firewall.
Now I want to use Remote Desktop to one of my Servers (my Domain Controller actually) on port 4000. How am I gonna do that? I created a Firewall rule on my pfsense firewall for 4000 to allow traffic from outside. But I cant remote desktop to my server.. I created also a rule on the server's firewall to allow traffic on port 4000 and used regedit to change the listening port.
My question is : Do I have to create a port forward on my Asus router also, everytime I want to allow traffic to one of my pfsense port? Please help me understand that a little bit. I get confused with this scenario (Internet > Asus Router with Firewall enabled > pfsense Firewall with NAT disabled > Internal Network)
tHanks!
