PfSense in modem/router's DMZ - any downside ?



  • Hi all, this relates to my question about the sometimes-problematic pppoe reconnection after link loss issue.

    I want to have a fallback option if it turns out that this problem occurs with the ISP in question (BigPond in AU).

    Is there any issue with setting the modem up so that the pfSense router is in the modem/router's DMZ ? It would be the only machine connnected, so:

    ISP –> Billion 5200SRD's DMZ --> pfSense --> switch --> LAN .

    The Billion would do the authentication. Thanks.



  • The best way is doing it at pfsense, But if you having issues, there will be just some limitations with protocols like sip that are really hard to configure When you have double nat.



  • That's a common deployment, works well generally. Depends on the modem though, some of them suck in varying ways at NAT. Most are pretty good though. If the modem can do the PPPoE and pass through the public IP, that's generally the best option. Double NAT complicates things at times, though I know thousands of people run that way, I would avoid it where possible.

    On that problem in general, it's like virtually any problem you'll read here, or on any tech-related forum of software with a large install base. If it's happening on a stable release version, it's happening to a minuscule fraction of people. We'd have 5000 people here complaining if that weren't the case. It's highly likely you wouldn't see it.



  • OK, thanks very much.

    I'll try bridging the router first then and see if pfSense recoonects OK after link loss.

    I must say that I very much appreciate the rapid and helpful replies - what a great community this is  :)


Locked