Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PFSense Behind BW320 with Static IPs

    General pfSense Questions
    4
    12
    1.5k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pkeogan
      last edited by

      I currently want to setup a PFSense Server (running on a R250) behind my BW320 for a homelab.

      My IP block looks like
      SUBNET MASK: 255.255.255.248
      NETWORK BASE ADDRESS: ###.###.###.168
      ROUTER: ###.###.###.174
      BROADCAST: ###.###.###.175
      USABLE RANGE: ###.###.###.169 -> ###.###.###.173

      My network map looks like the following (With the desired IPs).

      BW320 ➝ PFSense Server
      ➝ Brocade ICX 6450-48p (###.###.###.169) ➝ Wireless APs + Devices
      ➝ Web Server (###.###.###.170)
      ➝ Camera Server (###.###.###.171)

      I have two options I understand

      1. Set BW320 into cascade mode -> and allow pfsense to dish out public IPS
      2. Set BW320 into *** Mode and connect the 3 devices I want static IPs directly to the BW320. (IP Passthrough)?

      I would like to use my PFSense server to handout the public IPs, but am struggling how to set this up.

      I am currently trying to cascade my PFsense into the BW320. (option 2)

      Below is my cascade settings into PFSense
      alt text

      PFSense is set at 192.168.1.69
      I was going to attach screenshots of PFsense, but I know its not even remotely setup close. I think I need to add a gateway? then do some NAT Rules to assign the public IPs?

      Am I using DHCP as a WAN? or a Static IPv4?

      Thanks any help or direction is welcome.

      NollipfSenseN S 2 Replies Last reply Reply Quote 0
      • NollipfSenseN
        NollipfSense @pkeogan
        last edited by

        @pkeogan You're aware that pfSense is a firewall and not a server, right?

        pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
        pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

        P 1 Reply Last reply Reply Quote 0
        • P
          pkeogan @NollipfSense
          last edited by

          @nollipfsense ???

          I have PFSense running on a Dell Poweredge R250 (referred to in the first sentence in my original post) Which the product itself is defined as a server. Hence, I referred to the server that is hosting pfsense a pfsense server, which is bleed over from my own network map.

          To answer your question, I am aware that PFSense is an application that can run on server equipment? yes, I am aware of that?

          NollipfSenseN 1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            If in the cascaded router mode the public subnet is routed to pfSense, which the screenshot seems to imply, then you can just use it directly on a pfSense interface.
            You don't need to add a gateway in pfSense. The interface IP will be the gateway for other devices in the subnet. Commonly that would be the first usable IP in the subnet but it doesn't have to be and you're using that for your switch already.

            See: https://docs.netgate.com/pfsense/en/latest/recipes/route-public-ip-addresses.html

            Steve

            P 1 Reply Last reply Reply Quote 0
            • S
              SteveITS Galactic Empire @pkeogan
              last edited by

              @pkeogan Is this an AT&T router? It looks like it, at least.

              AT&T has an IP Passthrough mode where you can set the AT&T router to pass through to yours. I don't have AT&T anymore but IIRC it is by MAC address. It's set on the firewall tab, see:
              https://forums.att.com/conversations/att-internet-equipment/bridgemode-vs-ip-passthrough-setup-information/5defbfffbad5f2f606ad5ed2

              When I did it, it was via DHCP from AT&T. In that setup there's no need to mess with subnets or DHCP on the AT&T router. pfSense will just get a public IP via DHCP.

              If you have multiple static IPs then I haven't done that myself, but in general one can add IP aliases to pfSense: https://docs.netgate.com/pfsense/en/latest/firewall/additional-ip-addresses.html

              Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
              When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
              Upvote 👍 helpful posts!

              stephenw10S 1 Reply Last reply Reply Quote 0
              • NollipfSenseN
                NollipfSense @pkeogan
                last edited by

                @pkeogan Cool, no problem; it wasn't clear as most folks would say they had pfSense running on R250 server.

                pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
                pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

                1 Reply Last reply Reply Quote 0
                • stephenw10S
                  stephenw10 Netgate Administrator @SteveITS
                  last edited by

                  @steveits said in PFSense Behind BW320 with Static IPs:

                  pfSense will just get a public IP via DHCP.

                  The interesting thing there is that's not what you want for a routed public subnet. If pfSense gets an IP from it on its WAN you have to use port forwards etc. You can't then use directly on an internal interface. The 'cascaded router' option might be better in this case. I've never seen that term before though so hard to say exactly what it does!

                  Steve

                  S 1 Reply Last reply Reply Quote 0
                  • S
                    SteveITS Galactic Empire @stephenw10
                    last edited by

                    @stephenw10 Yeah thanks for clarifying that, not enough sleep, or coffee yet. I'm so used to doing it via the forwarding or 1:1 NAT.

                    @pkeogan Why do the devices need public IPs? If handling it via pfSense port forwards then you can control access via firewall rules and/or NAT source.

                    Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                    When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                    Upvote 👍 helpful posts!

                    NollipfSenseN P 2 Replies Last reply Reply Quote 0
                    • NollipfSenseN
                      NollipfSense @SteveITS
                      last edited by

                      @steveits said in PFSense Behind BW320 with Static IPs:

                      Why do the devices need public IPs?

                      That's exactly why I asked whether he was aware that pfSense is a firewall and not a server.

                      pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
                      pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

                      1 Reply Last reply Reply Quote 0
                      • P
                        pkeogan @stephenw10
                        last edited by

                        @stephenw10

                        Thank you the direction. The lack of documentation from AT&T on what "cascade router" is lacking to say the least. I will run through the link you sent and see if I can get it setup.

                        1 Reply Last reply Reply Quote 0
                        • P
                          pkeogan @SteveITS
                          last edited by

                          @steveits My planned use for the public IPs are as follows:

                          1. Any home network devices
                          2. Camera Server
                          3. Linux Web Server for Development
                          4. Windows Web Server for Development

                          Prior to obtaining a block of static IPs, I used IP Passthrough on my BW320 (from AT&T) and set the device to the Linux Web Server for Development. Firewall was handled on the Linux Web Server, which only allowed access from a single IP (VPN). The server is accessed by a small team of devs, who have access to this VPN.

                          Maybe my above goals are not ideal, but It was just a starting point as I learn more about networking, as my primary skills and are software development with light networking experience.

                          NollipfSenseN 1 Reply Last reply Reply Quote 1
                          • NollipfSenseN
                            NollipfSense @pkeogan
                            last edited by

                            @pkeogan said in PFSense Behind BW320 with Static IPs:

                            I would like to use my PFSense server to handout the public IPs,

                            @pkeogan May I suggest that you take a look at the HaProxy package...

                            pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
                            pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.