Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfSense behind an ISP router in DMZ leads to no internet

    Scheduled Pinned Locked Moved Routing and Multi WAN
    4 Posts 3 Posters 404 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      ThM
      last edited by ThM

      Hello everyone :)

      Until now, I had replaced my ISP router by a mini PC with pfSense installed on it, the pfSense plugged into the external ONT. Everything was working nicely.

      However, the ISP router has passed away so I got a new one, but it came with no external ONT.

      Never mind, I thought I'd leave the ISP router connected to the fiber, and put the pfSense behind in DMZ like:

      Internet <-> ISP Router (DMZ) <-> (WAN) pfSense (LAN, OPT...) <-> private networks

      So the ISP router act just as a bridge (but such a mod doesn't exists on it, that's why I've chosen the DMZ option).

      I figured I'd just have to change the configuration of the WAN interface, and as everything else being already functional I wouldn't have to change anything else. So I configured my WAN interface as follows:
      text alternatif
      text alternatif

      The ISP router is configured as follows:
      text alternatif
      Router IP : 192.168.100.1/24
      DHCP : 192.168.100.1 - 192.168.100.254
      Static DHCP lease : 192.168.100.5 (based on pfSense igb0 MAC address)

      But the pfSense can't reach internet. A ping from the pfSense toward the ISP router (192.168.100.1) is OK, but a ping toward 8.8.8.8 is KO. Obviously, when connecting my laptop by RJ45 directly to the ISP router I have internet, so I think the problem comes from the pfSense config.

      I tried to configure the pfSense WAN as DHCP instead of static IP. The ISP router configured it correctly but same as above : no internet connection whereas pingging the gateway is OK.

      I'm running pfSense 2.7.2-RELEASE, and I don't really know how can I debug this, that's why I'm asking your help.

      Thanks.

      T GertjanG the otherT 3 Replies Last reply Reply Quote 0
      • T
        ThM @ThM
        last edited by

        I have finally found!

        I went to: System/Routing/Gateways and I saw that the gateway was grey/disabled (despite I saw it working OK in Status/Gateways). So I have deleted the corresponding row and then add it as the default gateway which done the trick!

        1 Reply Last reply Reply Quote 0
        • GertjanG
          Gertjan @ThM
          last edited by Gertjan

          @ThM

          8270f601-a043-4d00-a615-b3608ffaa358-image.png

          Ah, ok, a Livebox. I have the same (a 6, that is).

          I never changed the default WAN setup of my pfSense :

          b2dcf206-fd8c-4690-87a1-5c47117f042d-image.png

          So, my pfSense got an IP from my Livebox :

          ac9e39c5-8c66-41be-8182-fee2a6ea69f1-image.png

          Because I want (an you want) to have the WAN IP of pfSense to stay the same, I did what needs to be done :

          2a37f042-2720-4fe0-ac52-825f4cdb5914-image.png

          and from now on, my pfSense will always receive "192.168.10.4".

          edit : Youcould also activate DHCP6 on the WAN interface.

          These 'DHCP6 client' settings work 'fine' for me :

          0e9b5a9d-c8c4-41e6-a41c-c9b22a254b22-image.png

          Set your LAN interface to :

          69217dfa-332d-459b-87cd-45690287c4ba-image.png

          and

          c926d716-2e32-442f-893c-359e0ec92bed-image.png

          and take note that the Lievbox DHCP6 server will only give you one prefix (one /64). So you have to select 0 from 0 (0/0)
          An yes, you livebox tells you that it has a /56 (256 prefixes for 256 LANs) to use, but guess what, it's buggy (all version - for years)

          And you can't "DMZ" IPv6 address to this prefix / network.
          You have to read this.

          ff9c9d1e-af54-437f-abb1-6a88d62178ae-image.png

          Check that your LAN interface has an IPv6 :
          53c68f23-2686-4d8f-a284-b249cfafed7a-image.png

          and your fine.

          No "help me" PM's please. Use the forum, the community will thank you.
          Edit : and where are the logs ??

          1 Reply Last reply Reply Quote 0
          • the otherT
            the other @ThM
            last edited by

            @ThM hey there,
            just a sidenote: your (static) IP for pfsense (192.168.100.5) is right in your dynamic dhcp pool (.1 - .254)...
            You might want to change that, so that your DHCP Pool is not overlapping with IP reservations or static IP settings...

            the other

            pure amateur home user, no business or professional background
            please excuse poor english skills and typpoz :)

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.