What am i doing wrong ?

pigy

@heper

The reason why i cant dump the ISP router it has PPOE configured, I couldn't get PFsense to work as first router ( tried ppoe but it just didnt work ).

Second reason is the phone lines are connected the the ISP router
Third reason is there is a built in SIM card to the ISP router

// basically you want for example 192.168.1.0/24 on wan | 192.168.2.0/24 on lan
So /24 on WAN/LAN is the same subnet correct ?

Thank you for your advise much appreciated

stephenw10

@pigy said in What am i doing wrong ?:

So /24 on WAN/LAN is the same subnet correct ?

That's the same subnet size but not the same subnet. You cannot have both as 192.168.1.X as you have now.

I would recommend using something more obscure to avoid the possibility of conflicts should you ever setup a VPN in the future. Say for example LAN set to 172.20.1.1/24, but you could use any private subnet there.
https://en.wikipedia.org/wiki/Private_network

Steve

pigy

How do i allow access to the printer/server for people using the ISP router ?

Printer/server is connected to switch which is behind PFsense

stephenw10

You can setup a port forward to it, if you know what ports are required.
https://docs.netgate.com/pfsense/en/latest/book/nat/port-forwards.html#adding-port-forwards

But really you would be better off moving the PPPoE connection onto pfSense and using the ISP router as a wifi access point IMO.

Steve

pigy

@stephenw10
I actually did try to move the PPoE connection on to the pfsense but it failed. Also at that point i didnt think much about the VOIP.. which is connected to the ISP router.

( isp provides static IP )
Im not exactly sure why the PPoE connection failed, is there a way to find out ? Also contacting the ISP and figuring this out has been difficult because the person on the other end is not well versed with this..

How do i find out the ports for the printer if the documentation of the printer does not state ?

stephenw10

Ah, yes if the ISP is providing VoIP from their router it probably needs to stay there.

Printer ports are usually pretty standard. It could get complex pretty quickly though. You should think about re-arranging the network so that is not necessary. Can the printer go on the WAN side? Why are there clients on the WAN side?

Steve

pigy

@stephenw10

Can the printer go on the WAN side?
Do you mean move the printer from the switch to the ISP router ?

Why are there clients on the WAN side?
The ISP router is also a wireless router, some clients connect to wireless because they use a laptop.
And because of this they can't access the printer.

Moving the printer to the ISP router is one thing, but the other issue is the server... If i put the server on the ISP router it is no longer behind Pfsense. Im not sure what to do here. Will port forwarding work in this scenario ?

johnpoz

You can do it this way, is it optimal setup - not really.

Step 1, make sure your networks are different. 192.168.1/24 and say pfsense lan 192.168.2/24

Now if you want stuff to access stuff behind pfsense from the isp network 192.168.1/24 you would do port forwards and those devices would access pfsense wan IP 192.168.1.X and be forwarded in to whatever.. Common printer port is 9100.. But need to understand what printing protocol(s) your using... Airprint for example is not going to work in such a setup. And sounds like maybe you have a printer server running?

A better solution might be to just turn off wireless on this isp device, and bridge it if possible - and then put everything behind pfsense (get an AP if you want wireless)... And then isolate stuff via different vlans you want to isolate from each other..

No matter what you do, step one in making sure your not using the same networks on wan and lan of pfsense is required. If your issue is accessing the printer.. Putting it on the wan side network of pfsense would prob be easier, since default lan rules are any any on pfsense, so no port forwarding.. And devices on your pfsense wan network would be able to access your printer as well.. Airprint for example would then work for all devices on your wifi network.

How best to setup what your trying to do without full redesign would require more information. What printer, what printing protocols, are you using printer server - that you really want behind pfsense, etc. etc.

rtoledo2002

@pigy All the posts so far are spot on , BUT if this is going over your head allow me to suggest a simple way. get a second wireless router they are cheap on Amazon and ebay set it up BEHIND the pfsense and turn OFF the wireless on you ISP's router. turn on the wireless on the SECOND router you bought . It might also help to figure out how to BRIDGE the ISP router you now have as your edge device, by doing this the pfsense becomes your edge device .

I get a bit paranoid about ISP's use of TR-069 (CPE WMP) (Verizon FIOS as a example); for management of their Actiontec router and STBs via port TCP/4567." and you can't disable that.

BTW look up WIFI 6 like for example the RAX20 by Netgear . look for 802.11ax Dual Band WiFi 6 and WPA 3.

take my advice with a grain of salt as I'm not a network expert , just play one at home and work ;)

yaminb

Yep, I second @rtoledo2002 advice as another non network expert.

Keep it simple.

1. Turn off wireless on your ISP gateway. I have a cable modem from my ISP with wireless and do the same thing.
2. Buy a wireless access point. Many wireless routers can be put into AP mode as well.
3. Plug the wireless AP into the Pf sense Lan. In my case, I plug it straight into the lan side switch of my sg-3100.

Everything works nice.