pfSense behind an ISP router in DMZ leads to no internet

ThM

Hello everyone :)

Until now, I had replaced my ISP router by a mini PC with pfSense installed on it, the pfSense plugged into the external ONT. Everything was working nicely.

However, the ISP router has passed away so I got a new one, but it came with no external ONT.

Never mind, I thought I'd leave the ISP router connected to the fiber, and put the pfSense behind in DMZ like:

Internet <-> ISP Router (DMZ) <-> (WAN) pfSense (LAN, OPT...) <-> private networks

So the ISP router act just as a bridge (but such a mod doesn't exists on it, that's why I've chosen the DMZ option).

I figured I'd just have to change the configuration of the WAN interface, and as everything else being already functional I wouldn't have to change anything else. So I configured my WAN interface as follows:
text alternatif

The ISP router is configured as follows:
text alternatif
Router IP : 192.168.100.1/24
DHCP : 192.168.100.1 - 192.168.100.254
Static DHCP lease : 192.168.100.5 (based on pfSense igb0 MAC address)

But the pfSense can't reach internet. A ping from the pfSense toward the ISP router (192.168.100.1) is OK, but a ping toward 8.8.8.8 is KO. Obviously, when connecting my laptop by RJ45 directly to the ISP router I have internet, so I think the problem comes from the pfSense config.

I tried to configure the pfSense WAN as DHCP instead of static IP. The ISP router configured it correctly but same as above : no internet connection whereas pingging the gateway is OK.

I'm running pfSense 2.7.2-RELEASE, and I don't really know how can I debug this, that's why I'm asking your help.

Thanks.

ThM

I have finally found!

I went to: System/Routing/Gateways and I saw that the gateway was grey/disabled (despite I saw it working OK in Status/Gateways). So I have deleted the corresponding row and then add it as the default gateway which done the trick!

Gertjan

@ThM

Ah, ok, a Livebox. I have the same (a 6, that is).

I never changed the default WAN setup of my pfSense :

So, my pfSense got an IP from my Livebox :

Because I want (an you want) to have the WAN IP of pfSense to stay the same, I did what needs to be done :

and from now on, my pfSense will always receive "192.168.10.4".

edit : Youcould also activate DHCP6 on the WAN interface.

These 'DHCP6 client' settings work 'fine' for me :

Set your LAN interface to :

and

and take note that the Lievbox DHCP6 server will only give you one prefix (one /64). So you have to select 0 from 0 (0/0)
An yes, you livebox tells you that it has a /56 (256 prefixes for 256 LANs) to use, but guess what, it's buggy (all version - for years)

And you can't "DMZ" IPv6 address to this prefix / network.
You have to read this.

Check that your LAN interface has an IPv6 :

and your fine.

the other

@ThM hey there,
just a sidenote: your (static) IP for pfsense (192.168.100.5) is right in your dynamic dhcp pool (.1 - .254)...
You might want to change that, so that your DHCP Pool is not overlapping with IP reservations or static IP settings...