PfSense with multiple wan vlans and transparent bridging



  • Hello

    First, sorry for my poor english  :-[

    Second, I think i'm in the good section to place my question, but if i'm wrong, fill free to move it to the good place :)

    I'm new to pfsense and not a 'geek' in BSD not Linux world and I'm currently trying to deal with a specific setup for an FTTH (Fiber To The Home) connection in triple-play mode.

    As the current 'Residential Gateway' is all but the best router I have seen (no more than 8 forwarding rules, no dmz, hangs regulary, …), I try to replace it with a 'real firewall' with best features like PfSense.

    The current wiring is :

    fiber <-> Fiber/Ethernet100BaseT Tranceiver <-> Isp_Router <-> Natted Lan port and wifi port
                                                                                          <-> IpTv Port
                                                                                          <-> RJ11 analog phone port

    I want finally this :

    fiber <-> Fiber/Ethernet100BaseT Tranceiver <-> PfSense <-> Natted Lan port (and optionnal natted wifi port with Carp enabled)
                                                                                      <-> Isp_Router <-> Natted Lan port and wifi port (no more used)
                                                                                                             <-> IpTv Port
                                                                                                             <-> RJ11 analog phone port

    Each service (Internet, IpTV, VoIP) on the fiber/tranceiver side is associated to it's own vlan (802.1q tagged).
    And on the Vlan dedicated to Internet, the Isp use PPPoE.

    So I want the PfSense box to do the PPPoE connection on the 'Internet' Vlan, and do its normal job on it (natting, rules, ...); and for the two other vlans (IpTv and VoIP) do 'transparent bridge' on them for the 'bad' Isp_Router (at this time I don't try to replace the isp router to  manage the IpTv and VoIp channels :) )

    Someone could say 'Simply add a managed switch doing vlan and vlan truncking in front of the tranceiver and dispatch the vlans on the appropriate ports (untagged 'Internet vlan' to the pfsense port and the two other tagged to the isp router) !'
    Sure it will work, but I don't have a 'managed' switch, and that cost around 150/250$ ! I want to minimize the cost :) (for me and others)

    Can PfSense handle this scenario ?

    Any help will be appreciated  ;)



  • Create 3 vlans at the interface that hooks into the fiber uplink (the WAN). These will show up as seperate interfaces after assigning them (you can do that from the shellmenu, option assign interfaces or from the webgui at interfaces>assign). Then configure your interfaces just like if they were real interfaces.



  • Thanks Hoba for your help.

    So PfSense can do the work  :D

    I will take a try and report the result here ASAP

    Thanks again


Locked