PFSense Behind Router in Demilitarized Zone, No internet.

ITMike

Hello,

I am still learning about PFSense and need help with a certain situation. First, here is how my setup looks like: Modem > Wireless Router > Unmanaged Switch (Port 1 on Router), PFSense (Port 2 on router). I had my wireless router put my PFSense in a demilitarized zone since I am practicing PFSense in a home lab so it doesn't interfere with local home network.

I can't seem to figure out how to get my PFSense to access the internet. I know I have to set up the routing settings but I do not know what to put for the IP for the upstream gateway. For example, my static WAN IP is 192.168.1.55 and LAN IP is 192.168.55.1 for PFSense. Do I use the same ip (192.168.1.55) for the upstream gateway? I tried that already and I still can't ping 8.8.8.8 or get any internet connectivity. Am I missing something here?

Gertjan

@itmike

You upstream router is using 192.168.1.1/24 on its LAN, right ?
In that case, pfSense should not be using 192.168.1.1/24 on any of its LANs.

Set up the pfSense LAN to, for example, 192.168.55.1/24 - adapt the DHCP server accordingly, and pfSnse will be 'plug and play' now.

@itmike said in PFSense Behind Router in Demilitarized Zone, No internet.:

I am still learning about PFSense

Good news for you : DLINK, TPLINK, your ISP router, a big Cisco route, pfSenser : they are all the same ^^
Stay away from the many option and gadgets and your dealing with a basic router.

ITMike

@gertjan, thank you for replying.

My modem is separate from my wireless router.

Yes, my wireless router IP is 192.168.1.1/24. I put my PFSense in a demilitarized zone with IP 192.168.1.55 (i.e.).

I assigned a static WAN IP (interface) for PFSense 192.168.1.55/32.

I assigned a static LAN IP (interface) for PFSense 192.168.55.1/24.

DHCP Server is enabled.

I do not have an upstream gateway set up on the WAN interface since I do not know what to put for the IP for that.

However, the DHCP, DNS, NAT, and firewall rules are default. Am I supposed to change these?

I was following Networkchuck's video on PFSense, but I think my situation might be a little different since I have my PFSense behind my wireless router (meaning my pfsense is not directly connected to my modem) in a demilitarized zone.

Gertjan

@itmike said in PFSense Behind Router in Demilitarized Zone, No internet.:

I assigned a static WAN IP (interface) for PFSense 192.168.1.55/32.

What about leaving the WAN interface to the default DHCP-client mode ?

Note the WAN MAC address of pfSEnse, and add a DHCP MAC static lease on the upstream router, so pfSense always gets the IP 192.168.1.55
Now its DNS, gateway etc will by fine automatically.

stephenw10

The upstream gateway on the WAN should be the router, 192.168.1.1.

The WAN subnet should be /24 not /32.

ITMike

@stephenw10 Thanks Stephen! That fixed it. I put my WAN Upstream Gateway to 192.168.1.1 and WAN subnet to /24. I am able to connect to the internet now. I did have to perform an ipconfig /release and ipconfig /renew towards the ends before it started working for me.