pfSense and Netgear router

MCSpaceWolves · Nov 5, 2023, 2:05 AM

Hello, I am struggling with a few things in regard to my router and my PF sense. Bellow I am going to explain what I am trying to do and the reasoning behind it.

To start my goal is to divide my network into two parts using my firewall and its ports. Essentially I plan to make a DMZ in a way. What I want is the firewall to hold the servers that I host, websites, games, and so on. Then on another port on my firewall, I want to have my wifi router. This will host my personal devices like computers, tablets, and so on. This way I have "2 Firewalls" protecting my stuff. I have a diagram below that has a rough drawing of what I plan to make it look like. Additionally, I have linked the products I am working with.

Equipment:

Arris SURFboard SB8200 DOCSIS 3.1 Cable Modem
pfSense + firewall 4 ports 8gig ram, 2.4 GHz CPU, and 64gigs storage
Netgear Nighthawk XR5000

Diagram:

SteveITS · Nov 5, 2023, 2:18 AM

@MCSpaceWolves You didn’t really ask a question… :)

This will work fine. The Netgear LAN needs to be a unique subnet.

MCSpaceWolves · Nov 5, 2023, 2:50 AM

@SteveITS

Sorry, I don't believe I explained it correctly. So I have tried this and the issue I am running into is if I turn the router in AP mode it shows it has internet but doesn't allow other devices on its network to have internet.

If I have it plugged into a port running a DHCP server it won't take an IP so it remains unable to get internet.

So my question I guess is how do I set this up am I missing something? I made rules to let stuff pass through and made sure the DHCP server wasn't using a reserved IP set. I just feel like I am missing something.

SteveITS · Nov 5, 2023, 5:22 AM

@MCSpaceWolves In AP mode you would typically not connect its WAN, and only a LAN cable. That would also put all devices on the same network.

Using router mode would isolate your LAN devices from the server network. (They can connect to the servers via the Netgear’s NAT).

MCSpaceWolves · Nov 5, 2023, 5:20 PM

@SteveITS

Hello, I wanted to thank you for the help I figured out where I went wrong. Essentially I created the ports added the needed DHCP server setting had all that correct. What I failed to do was allow traffic from the wan to the second LAN port correctly. I had defined in the rules for the LAN2 ports LAN2 -> WAN was okay when in fact I needed to do WAN -> LAN2 okay. Now my DMZ is wokring. All my servers are on the pfSense only and all my other devices behind the router are connected to the pfSense.