[Solved] pfSense between WAN (Cable Router) and LAN



  • Hi,

    i want to use pfsense between my LAN and WAN (Cable ISP). From my ISP i have got a Router with a build in cable modem and i have no chance to use the router only as cable modem. The following figure make it easier to understand my problem.

    WAN / Internet
               :
               : DialUp-Cable-Provider
               :
         .–---+-----.
         |  Gateway  |  (Router with integrated Cable Modem)
         '-----+-----'
               |
               |
         .-----+-----.
         |  pfSense |
         '-----+-----'
               |
           LAN | 192.168.245.50 (Gateway and DNS for the Clients)
               |
         .-----+------.
         | LAN-Switch |
         '-----+------'
               |
       ...-----+------... (Client/192.168.245.100)

    I want to use pfSense as firewall for the traffic and as DNS-Adress for the clients. From my point of view it should be enough to setup pfSense for the WAN interface with a 'Static' address to the Cable-Router. All packets should be flowed through pfSense to the Cable-Router, thats all. But it doesn't work. The clients have to the network setup as gateway and DNS the TCP/IP adress from the pfSense (192.168.245.50).

    What must i do to let work pfSense together with the ISP Cable-Router?

    Thank you and

    best regards

    Oelauge



  • Can you put the cable gateway in bridge mode?



  • @chpalmer:

    Can you put the cable gateway in bridge mode?

    Sorry no. But now i try to configure pfsense as transparent firewall. I think, in this case i have as minimum the firewall functionalities. I will post my experiences.



  • What IPs are used between the pfSense and the cable-modem?
    Is it the same subnet than you use in your LAN?
    –> That wouldn't work.



  • @GruensFroeschli:

    What IPs are used between the pfSense and the cable-modem?
    Is it the same subnet than you use in your LAN?
    –> That wouldn't work.

    Hi GruensFroeschli,

    Your tip was gold worth. It runs and here is my solution:

    WAN / Internet
               :
               : DialUp-Cable-Provider
               :
         .–---+-----.
         |  Gateway  |  (Router, Fritzbox 6360 Cable)
         '-----+-----'
               | LAN 10.100.100.1/24
               |
               | WAN 10.100.100.2/24 (Static)
         .-----+-----.
         |  pfSense |
         '-----+-----'
               | LAN 192.168.245.50/24
               |
               |
         .-----+------.
         | LAN-Switch |
         '-----+------'
               |
               |
               | LAN 192.168.245.100/24
         .-----+------.
         | PC          | (PC/Client-LAN 192.168.245.100/24 with Gateway and DNS 192.168.245.50)
         '-----+------'


Locked