Complete newbie - set up guidance please

TymH

Hi,

Before I get lambasted, I've read the initial set up guide and whilst it generally makes sense, I can't get my head around this in our situation.

Been using DreyTek router with built in firewall connected to my ISP's modem for years . WiFi coverage not the best so recently changed to Netgear Orbi. Great Wifi but no configurable firewall. So, I asked locally and was advised to go down the pfsense route, which looks very interesting. However, the default IP address for the LAN side of pfsense is 192.168.1.1, which is currently the LAN IP of my router.

I have static IP with my ISP which can be anonymised here as w.x.y.34. My router's WAN port is w.x.y.35 (255.255.255.248), and the LAN is 192.168.1.1 (255.255.255.0)

Obviously I need to put pfsense in between the modem and the router, but not sure how to configure the LAN IP addresses.

The pfsense NIC that I use to connect to the modem will obviously need to be the same as my current router - w.x.y.35/255.255.255.248, but what do I use on the LAN side? All my network clients have 192.168.1.1 as the gateway IP as that's my router, so do I just pick an available IP address and assign that to the LAN on pfsense?

Sorry if these are basic questions, but I'm completely new to all this!

Tym

dma_pf

@TymH Welcome to the forums!

What you would typically want to do with the Netgear is turn off the DHCP server in the device and put it into Bridge mode. Then plug it into your switch. That will then make pfsense as the DHCP server, and then you can go into the DHCP settings in pfsense and issue a static ip address to your Netgear.

TymH

@dma_pf Many thanks. I've not got the hardware yet - still looking at the "how to" of it all :-)

Does this then mean the pfsense box would be the gateway on 192.168.1.1?

viragomann

@tymh said in Complete newbie - set up guidance please:

Obviously I need to put pfsense in between the modem and the router

So you actually have a modem + router?

Maybe you can replace the router with pfSense and have the public IP on pfSense.

Gertjan

@tymh said in Complete newbie - set up guidance please:

Obviously I need to put pfsense in between the modem and the router, but

Obvious would be :

....I need to put pfsense in place of the current router, but ....

You have to set up the pfSense WAN interface with static IP info, the same as your current router.

You'll will discover that you don't want a modem <=> router <=> router <=> [LAN] setup.
It can be done of course.
Set the WAN to "dhcp" (this is the default) - and change the LAN network to 192.168.10.1/24 and adapt the DHCP LAN server settings accordingly. Done.

@tymh said in Complete newbie - set up guidance please:

Netgear Orbi. Great Wifi but no configurable firewall.

An AP is an AP. It doesn't need to do fire walling (NAT, DHCP, DNS etc etc.).
If you think you have to give your Wifi password to devices (owners) that you do not trust, remove the AP from LAN and use it on another pfSense interface.

@tymh said in Complete newbie - set up guidance please:

DreyTek router

or any other router, like pfSense : they do all the same thing.
Granted : pfSense offers a boatload of possibilities, but that doesn't mean you have to use them.
pfSense : after initial power on, assigning the WAN and LAN, a password (do not enter DNS servers, pleeeeeaase !!), chose a password. Your done.
I don't know nothing about "DreyTek" but I presume : "If you've seen one router, you've seen them all".

stephenw10

Yes, that^
The easiest way to get started is using double NAT (2 routers). To do that just choose a different subnet for the pfSense LAN like 192.168.10.1.24 as @Gertjan suggested.

It's better to avoid double NAT by using the wifi as a pure access point but be aware some of those wifi mesh devices cannot operate like that whilst operating as a mesh. I'm unsure if Orbi is one of those.

Steve

viragomann

@stephenw10
Changing the LAN subnet with a bunch of devices with static IPs will take some work time.
Would be easier to change the existing routers LAN IP and take over the old IP to pfSense.

Gertjan

@viragomann
Yep : Replace DreyTek by pfSense == both use a 192.168.1.1/24 as their LAN so no changes needed on the LAN side for pfSense.

johnpoz

@viragomann said in Complete newbie - set up guidance please:

bunch of devices with static IPs will take some work time.

Which is why you don't do that ;) Why were your devices static before. If you want a device to have specific IP, then you set that in your dhcp server to always give that device that IP via a reservation.

TymH

@gertjan said in Complete newbie - set up guidance please:

@viragomann
Yep : Replace DreyTek by pfSense == both use a 192.168.1.1/24 as their LAN so no changes needed on the LAN side for pfSense.

I'm not using the Dreytek any more.

TymH

@gertjan said in Complete newbie - set up guidance please:

You'll will discover that you don't want a modem <=> router <=> router <=> [LAN] setup.
It can be done of course.
Set the WAN to "dhcp" (this is the default) - and change the LAN network to 192.168.10.1/24 and adapt the DHCP LAN server settings accordingly. Done.

There's an option to use the ORBI as AP only, so if I do that, and set the LAN on pfsense to the default of 192.168.1.1.

Obvs I'll need to change the IP address of the ORBI to something available on the subnet, but we should be good to go with this I think.

Thanks for taking the time to reply (everyone!)

TymH

@gertjan said in Complete newbie - set up guidance please:

Set the WAN to "dhcp" (this is the default) - and change the LAN network to 192.168.10.1/24 and adapt the DHCP LAN server settings accordingly. Done.

If I use the Orbi as AP, then I guess this bit is redundant?

Gertjan

@tymh said in Complete newbie - set up guidance please:

There's an option to use the ORBI as AP only, so if I do that, and set the LAN on pfsense to the default of 192.168.1.1.

Set it up using, for example, 192168.1.2, network 255.255.255.0, gateway and DNS 192.1268.1.1 and you'll be fine.

Check with the pfSense DHCP LAN server that this "192.168.1.2" is outside the pool, as it is already 'used'.

JKnott

@tymh said in Complete newbie - set up guidance please:

Obviously I need to put pfsense in between the modem and the router,

Why would you need both pfsense and another router?

TymH

@jknott said in Complete newbie - set up guidance please:

@tymh said in Complete newbie - set up guidance please:

Obviously I need to put pfsense in between the modem and the router,

Why would you need both pfsense and another router?

Now I know more about this, it would be using the Orbi as an AP rather than a router.