Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    should I use transparent bridging or DMZ on DSL gateway in front of pfsense?

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 3 Posters 927 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • pzangaP
      pzanga
      last edited by

      I am going to be setting up pfsense on my home network using a Netgate SG-2100 (ordered and awaiting shipping) as a firewall/router and want to get a jump on some set up questions, of which this will be the first of several (possibly many). I've searched the forums and didn't see anything specifically addressing this question.
      I have Frontier bonded DSL, using an Arris NVG443b gateway, and wondering if I should configure it as a transparent bridge and have the sg2100 handle the PPoE, or set up a DMZ for the pfsense box. The pfsense box at my work is set up in the DMZ behind a comcast gateway and seems to work fine - not sure why it was configured this way as this was done by an outside IT consultant before I started here.
      So, is one method better/prefered? Are there pros and cons to each? Let me know if you need more info/details.
      Thanks

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        You should use it in bridge mode with pfSense handling PPPoE in most situations. That eliminates issues you might otherwise have with the 'modem', such as exhausting it's state table which it still uses in DMZ mode.
        The only time you might not is if your WAN bandwidth is towards the top end of what the SG-2100 can do in which case the additional PPPoE loading will likely reduce throughput and you can offload that to the modem instead.

        Steve

        pzangaP 1 Reply Last reply Reply Quote 0
        • pzangaP
          pzanga @stephenw10
          last edited by

          @stephenw10
          Thanks for the help Steve. From what I could find, and from my evolving networking knowledge, I figured bridge mode was preferable.
          While on the subject, let me just ask if it would make a difference if I were using a cable connection (comcast/xfinity) vs. the DSL? I'm thinking about the setup at my work. I need to check with our 3rd party IT guy and see if there is a particular reason he set up our pfsense in the DMZ. If not, then I may discuss with him possibly reconfiguring that.

          Thanks again.

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            Cable connections are usually DHCP so no PPPoE overhead to worry about. Preferable in that respect.
            But really both services can vary a lot so it depends what you get and for how much at that location.

            Steve

            1 Reply Last reply Reply Quote 0
            • H
              HickRidge
              last edited by

              @pzanga were you ever able to get PPPOE setup in PFSense behind the Arris NVG443G with Frontier? I have been trying for days to get this working with no luck! I even tried a call to support where i was told to basically give up cause they do not support it. I dont want to give up as i still think this is possible i just think im missing something. Any guidance on your setup would be a huge help.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.