Two subnets
-
@johnpoz But if will switch off NAT on Wireless router working in router mode connected to LAN of pfSense , how clients behind this Wireless router will have internet access or me don't understand something? Like understanding NAT to make 1 IP on WAN for all clients in this network but in this case how will all this work?
-
@Antibiotic yeah your not understanding is my guess.
You can use this 2nd router as just a router, and firewall I would take it.. Not sure what firmware your running on it.
You would just set it up as a downstream router. It just won't nat the IP ranges. Pfsense would nat any traffic from this downstream network, just how its doing now for your 10 and 11 networks.
See the left setup with a downstream router (L3 switch doing routing).. That would be your "nat router"
-
@johnpoz I have Asus merlin firmware RT-AX86U Pro router
-
@johnpoz Asus router have on WAN option Forward local domain queries to upstream DNS. Is it better to keep ON, because have pfBlockerNG on pfSense? or it doesn't matter
-
@johnpoz Thank you for perfect explanation with a schemes , have in mind a lot new! You are the best)))
-
@johnpoz So finally better to switch OFF NAT and firewall on Wireless router and set on pfSense router interface LAN 192.168.11.1/29 not 24. Is it correct?
-
@Antibiotic Invalid DHCP pool 192.168.11.10 - 192.168.11.30 for WIFI subnet 192.168.11.0/29 detected. Please correct the settings in Services, DHCP Server
-
@Antibiotic if you set a /29 on pfsense interface - how would you think you could have a dhcp range of .10 to 30?
You don't have to use the /29 as your transit.. That just a example, you can use any network you want for your transit network.
-
@johnpoz So can leave 192.168.11.1/24?
-
@Antibiotic sure.. keep in mind a transit network shouldn't have any "hosts" on it - so not sure why would would "need" a /24.. but sure you can use it as long as doesn't overlap with other networks. When you put hosts on a transit network your most likely going to run into asymmetrical routing problems.
-
@johnpoz So you mean better do not put any devices in LAN of Wireless router?or what it mean hosts?
-
@Antibiotic yeah a device.. be it a phone or pc or anything that is going to talk to anything.. Ie not a router.. These devices do not belong on a "transit/connector" network..
-
@johnpoz So , again misunderstanding, I can use LAN of Wireless router to connect devices but this devices should belong to transit network. Is it correct? Should be in network for example 192.168.11.0/24
-
@Antibiotic dude if your going to use your 11 network to connect your router.. Then those should be the only thing on that network pfsense and your downstream router.
Put your stuff on either the 10 network or the 12 network behind your router...
-
@johnpoz So LAN of Wireless router should set for example 192.168.50.1 , Its correct?
-
@Antibiotic what? Yes you can use any network you want, as long as its doesn't overlap with yoru lan (10 network) or your lan 2 (11 network)...
-
@johnpoz Thank you very much)))
-
@Antibiotic
pfSense LAN static 192.168.11.1/29 DCHP POOL 192.168.11.1-192.168.11.6
Wireless router WAN :
IP Address static 192.168.11.2
Subnet Mask 255.255.255.0
Default Gateway 192.168.11.1
DNS 192.168.11.1
Wireless router LAN:
IP Address192.168.13.1
Subnet Mask 255.255.255.0
DCHP POOL 192.168.13.1-192.168.13.5
Wireless router NAT and Firewall disabled, router itself have internet but Laptop and Phones, no any internet, please what I'm doing wrong? -
@Antibiotic why are you changing the IP ranges to /29?? Just leave all your networks /24, not like you have a limted amount of space to work with..
And you have a mask mismatch, you have /29 on pfsense and /24 on your 2nd routers wan????
Did you setup the gateway and route in pfsense for this downstream network? All of the info you need on how to do a downstream router is right there on drawing..
This is perfect example of why you don't complex this up.. Even if you get it working, its clear your not going to have any idea "why" its working.. Or how..
-
@johnpoz Did back to /24 no result, see on picture" pfSense interface rules must pass traffic from downstream subnets not just the interface subnet. Should me create some firewall rule?