• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Installing pfsense without ISP router on Bridge-Mode

Scheduled Pinned Locked Moved Routing and Multi WAN
12 Posts 6 Posters 271 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • J
    johnytb
    last edited by 28 days ago

    Hello friends.
    I NEED the most professional and senior advisors here !!!!

    I am completely new to PFSENSE, and I have a serious dilemma about whether I can even set up PFSENSE. it goes like this ..
    I have a router from the Internet provider in my building that is on the first floor and the Internet network is transferred to my apartment on the second floor via a MOCA device. And I want to connect the PFSENSE to the MOCA device that I have on the second floor. The problem is that I cannot change anything on the router on the first floor because there are other people living there who the router provides Internet, Wi-Fi, TV, and more. Will I be able to work with the PFSENSE without bridge mode on the main router? I cannot change anything on the router downstairs. The owners of the house are elderly people and do not agree to touch or change anything.

    Some technical information that might help - as I said, my apartment on the second floor receives internet via a MOCA device and to it will be connected a brand new i3 NUC ​​mini computer with two ETHERNET connections, one to WAN and one to LAN, on which the firewall will be installed. From the LAN connection on the mini computer, my home network will come out, which will be connected to the switch, and to the switch will be connected the rest of the network components in my house such as computers, a Wi-Fi access point and also a smart TV.
    I really hope you can help me understand whether this architecture and topology in my house can even exist with PFSENSE?
    Because right now everything is working great without any problems, but of course without a firewall in the middle between the main router of the house and the rest of my private network on the second floor

    I need the most professional and senior advisors here.

    V C 2 Replies Last reply 28 days ago Reply Quote 0
    • V
      viragomann @johnytb
      last edited by 28 days ago

      @johnytb said in Installing pfsense without ISP router on Bridge-Mode:

      Will I be able to work with the PFSENSE without bridge mode on the main router?

      Yes, if you can leave with double NAT, there is nothing special. And double NAT is almost not a problem.

      pfSense will act as any other device connected to the router, using the router as upstream gateway. The router will only see the WAN IP of pfSense then.
      Any upstream traffic from the LAN devices behind pfSense will get the WAN IP.

      J 1 Reply Last reply 27 days ago Reply Quote 0
      • C
        chpalmer @johnytb
        last edited by chpalmer 28 days ago 28 days ago

        @johnytb Just make sure that your LAN address of the two devices are not the same subnet.

        pfSense default LAN subnet is 192.168.1.0/24 therefore the WAN address cannot be within that subnet.

        Triggering snowflakes one by one..
        Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

        1 Reply Last reply Reply Quote 0
        • J
          johnytb @viragomann
          last edited by 27 days ago

          @viragomann
          How do i make sure or know that im leaving with double NAT ?
          And is it better to set the pfsense as a DMZ in my isp router instead of just recieving traffic from isp router ?

          N 1 Reply Last reply 27 days ago Reply Quote 0
          • N
            netblues @johnytb
            last edited by 27 days ago

            @johnytb You dont have options regarding double nat (and you will barely notice it too), especially if you have to ask.

            You don't need dmz either.

            J 1 Reply Last reply 27 days ago Reply Quote 0
            • J
              johnytb @netblues
              last edited by 27 days ago

              @netblues
              So you're saying that using pfsense for just an extra firewall layer, and without DMZ or bridge mode on the home router, it will work just fine?

              N G 2 Replies Last reply 27 days ago Reply Quote 0
              • N
                netblues @johnytb
                last edited by 27 days ago

                @johnytb Yes it will.
                It will be protecting you from elderly people who are known intruders too.

                1 Reply Last reply Reply Quote 0
                • G
                  Gblenn @johnytb
                  last edited by 27 days ago

                  @johnytb said in Installing pfsense without ISP router on Bridge-Mode:

                  So you're saying that using pfsense for just an extra firewall layer, and without DMZ or bridge mode on the home router, it will work just fine?

                  However, if you want to host some service accessible from the internet, or play some online games, you probably want to place your pfsense in DMZ.

                  N 1 Reply Last reply 27 days ago Reply Quote 0
                  • N
                    netblues @Gblenn
                    last edited by 27 days ago

                    @Gblenn Not without access to the main router and changing things, so... no, it won't fly

                    G 1 Reply Last reply 27 days ago Reply Quote 0
                    • G
                      Gblenn @netblues
                      last edited by 27 days ago

                      @netblues said in Installing pfsense without ISP router on Bridge-Mode:

                      Not without access to the main router and changing things, so... no, it won't fly

                      Well, if you are not permitted to make even such a small change, I guess you are stuck.

                      N 1 Reply Last reply 27 days ago Reply Quote 0
                      • N
                        netblues @Gblenn
                        last edited by 27 days ago

                        @Gblenn Hosting services isn't exactly for beginners, and as for gaming, the op would probably be better off without pf, especially if the elders utilize upnp, as is usually the default.

                        1 Reply Last reply Reply Quote 0
                        • E
                          elvisimprsntr
                          last edited by 27 days ago

                          If the OP needs remote access or host services, they should be using a VPN like Tailscale, which will traverse any level of NAT, including CGNAT

                          1 Reply Last reply Reply Quote 0
                          12 out of 12
                          • First post
                            12/12
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                            This community forum collects and processes your personal information.
                            consent.not_received