• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Noob question, PFsense behind ISP router with no bridge mode option

Scheduled Pinned Locked Moved General pfSense Questions
7 Posts 4 Posters 668 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • R
    roboto
    last edited by roboto Sep 23, 2022, 9:23 PM Sep 23, 2022, 9:05 PM

    I'm setting up PFsense behind a router with no bridge mode.

    When I set up the WAN on re0, I choose DHCP and my router gives it 192.168.1.2. I can log in to the webConfig there from a PC which is plugged into the ISP router, and also from PCs via wifi into my AP (which is also plugged into the ISP router.)

    But then I set up LAN on re1, and I can no longer access the pfsense box from my PC, which is plugged into the ISP router. I can also no longer access via the wifi'd devices.

    I reset to factory and same thing, I can access pfsense until LAN has been set up. I believe I may be misunderstanding and not setting up DHCP correctly. What am I missing?

    Question 2: in this scenario, do I need LAN set up with DHCP? Either way, doesn't seem to make a difference.

    thanks!

    J S 2 Replies Last reply Sep 23, 2022, 9:40 PM Reply Quote 0
    • S
      stephenw10 Netgate Administrator
      last edited by stephenw10 Sep 23, 2022, 9:40 PM Sep 23, 2022, 9:39 PM

      With only one interface defined pfSense will allow access on that by default.

      As soon as you add another interface it moves to router mode and allows access only on the LAN by default blocking all traffic on WAN.

      Add an allow all rule on the WAN interface before you add the LAN and you will retain access from WAN. You will probably want to make that more specific depending on what traffic you want to allow.
      The WAN IP is in the default LAN subnet which will break routing. So be sure to choose a different subnet when you add the LAN. For example set LAN as static and use: 192.168.100.1/24

      Steve

      R 1 Reply Last reply Sep 23, 2022, 11:01 PM Reply Quote 1
      • J
        JKnott @roboto
        last edited by JKnott Sep 23, 2022, 10:27 PM Sep 23, 2022, 9:40 PM

        @roboto

        What network address are you using on your LAN? It has to be something other than 192.168.1.0. Yes, you still need DHCP.

        Also, are you certain the ISPs device can't be put into bridge mode? There have been others here who thought the same thing until we showed them otherwise.

        PfSense running on Qotom mini PC
        i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
        UniFi AC-Lite access point

        I haven't lost my mind. It's around here...somewhere...

        R 1 Reply Last reply Sep 23, 2022, 10:49 PM Reply Quote 1
        • S
          SteveITS Galactic Empire @roboto
          last edited by Sep 23, 2022, 9:53 PM

          @roboto It might be easier to plug your PC into the LAN side of the pfSense and configure it from there. Then plug in WAN.

          Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
          When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
          Upvote 👍 helpful posts!

          1 Reply Last reply Reply Quote 1
          • R
            roboto @JKnott
            last edited by roboto Sep 23, 2022, 10:54 PM Sep 23, 2022, 10:49 PM

            @jknott Yeah I've been around this bridge issue with the ISP and they explicitly don't allow it - and there's no visible option for it. Really wish they had it. Their modem is a Calix GigaCenter 844G-1

            1 Reply Last reply Reply Quote 0
            • R
              roboto @stephenw10
              last edited by Sep 23, 2022, 11:01 PM

              @stephenw10 Hey really appreciate your response. I've been trying to figure this out all day.

              My ISP gives my PFsense box 192.168.1.2, so I don't know how I can set the WAN interface to anything like 192.168.100.x

              I'm working from the serial interface. I presume that I need to give the WAN the same internal IP as the router gives it, then not sure what to give the LAN.

              1 Reply Last reply Reply Quote 0
              • S
                stephenw10 Netgate Administrator
                last edited by Sep 23, 2022, 11:02 PM

                Set the LAN interface to use a different subnet. 192.168.100.1/24 would work fine.

                1 Reply Last reply Reply Quote 0
                7 out of 7
                • First post
                  7/7
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                  This community forum collects and processes your personal information.
                  consent.not_received