Noob question, PFsense behind ISP router with no bridge mode option
-
I'm setting up PFsense behind a router with no bridge mode.
When I set up the WAN on re0, I choose DHCP and my router gives it 192.168.1.2. I can log in to the webConfig there from a PC which is plugged into the ISP router, and also from PCs via wifi into my AP (which is also plugged into the ISP router.)
But then I set up LAN on re1, and I can no longer access the pfsense box from my PC, which is plugged into the ISP router. I can also no longer access via the wifi'd devices.
I reset to factory and same thing, I can access pfsense until LAN has been set up. I believe I may be misunderstanding and not setting up DHCP correctly. What am I missing?
Question 2: in this scenario, do I need LAN set up with DHCP? Either way, doesn't seem to make a difference.
thanks!
-
stephenw10 Netgate Administratorlast edited by stephenw10 Sep 23, 2022, 9:40 PM Sep 23, 2022, 9:39 PM
With only one interface defined pfSense will allow access on that by default.
As soon as you add another interface it moves to router mode and allows access only on the LAN by default blocking all traffic on WAN.
Add an allow all rule on the WAN interface before you add the LAN and you will retain access from WAN. You will probably want to make that more specific depending on what traffic you want to allow.
The WAN IP is in the default LAN subnet which will break routing. So be sure to choose a different subnet when you add the LAN. For example set LAN as static and use: 192.168.100.1/24Steve
-
What network address are you using on your LAN? It has to be something other than 192.168.1.0. Yes, you still need DHCP.
Also, are you certain the ISPs device can't be put into bridge mode? There have been others here who thought the same thing until we showed them otherwise.
-
@roboto It might be easier to plug your PC into the LAN side of the pfSense and configure it from there. Then plug in WAN.
-
@jknott Yeah I've been around this bridge issue with the ISP and they explicitly don't allow it - and there's no visible option for it. Really wish they had it. Their modem is a Calix GigaCenter 844G-1
-
@stephenw10 Hey really appreciate your response. I've been trying to figure this out all day.
My ISP gives my PFsense box 192.168.1.2, so I don't know how I can set the WAN interface to anything like 192.168.100.x
I'm working from the serial interface. I presume that I need to give the WAN the same internal IP as the router gives it, then not sure what to give the LAN.
-
Set the LAN interface to use a different subnet. 192.168.100.1/24 would work fine.