Setting up Pfsense with C class through ADSL modem



  • Hi,

    I own a C class network range, and I am wanting to use Pfsense as my firewall.

    I am unclear as how to do it at the moment, and would like help / clarification as how to do it ..

    xxx.xxx.xxx.1 -> xxx.xxx.xxx.2
    (ADSL MODEM)        (Pfsense)
                                        |
                                        |
                                        -> xxx.xxx.xxx.3
                                        |
                                        -> xxx.xxx.xxx.4
                                        |
                                        -> and so on ..

    I have been reading about bridging interfaces, but I am not sure how to do it and if this would be correct or whether assigning the firewall a public address would be correct?

    If bridging is not correct, and the above diagram is correct would I route all packets from xxx.xxx.xxx.1 -> xxx.xxx.xxx.2 and route all packets from xxx.xxx.xxx.3 and 4 to xxx.xxx.xxx.2 which then routes to xxx.xxx.xxx.1?

    Any help would be greatly appreciated!

    Cheers!



  • From your diagram I assume you are talking about machines and not about nets. Well, assign a public IP to your pfsense and set up the default router on all machines (or use DHCP) on all machines bahind the firewall, and this will make the traffic to pass thru the firewall.
    Usually what you have is a WAN interface with a public ip, a LAN interface with a private IP and all the machines in private address space with such router as default gateway. You can use the wizard for such configuration.
    And you don't need bridging to do that.



  • If you plan on using the class C on all the computers and components behind the FW, then you are going to have to setup a filtering bridge. Quick searches on the internet can get you what you need. I ran a similar setup with pf on OpenBSD (pfSense was not around at the time to make my life easier).
    If you are going to NAT, then I would run a LAN with more private IPs in it (like a /23 or /22).



  • There are advantages in using an ADSL modem as modem only ("bridge mode") rather than as modem/router (it will free up a couple of your IP addresses).

    Some options for what you described are discussed in section 6.7 of the book pfSense: The Definitive Guide

    However I have a vague recollection of a previous discussion on this sort of issue. I think the discussion petered out (or I lost interest) when it became apparent that pfSense needed to talk PPPoE with the ADSL modem and a pfSense PPP interface couldn't be bridged with ethernet interfaces. So it would be helpful to have more details.

    How many class C addresses do you have and how many individually addressable hosts do you need?

    Do you need to talk PPP with the ADSL modem?



  • The diagram was just to show what I wanted to do.

    I want each machine to have a public ip address that is reachable from the internet individually, rather than a single public IP and NAT (192.168.1.0)

    @fluca1978:

    From your diagram I assume you are talking about machines and not about nets. Well, assign a public IP to your pfsense and set up the default router on all machines (or use DHCP) on all machines bahind the firewall, and this will make the traffic to pass thru the firewall.
    Usually what you have is a WAN interface with a public ip, a LAN interface with a private IP and all the machines in private address space with such router as default gateway. You can use the wizard for such configuration.
    And you don't need bridging to do that.



  • I have a single C class xxx.xxx.xxx.1 to xxx.xxx.xxx.254

    I thought about bridging the modem, but I wont be using all the IP addresses so I am happy to using them liberally.

    I would however like all 254 IP's to be publicly addressable.

    I do not need to talk PPP with the modem, it does this itself through web configuration (Draytek 2700)

    @wallabybob:

    There are advantages in using an ADSL modem as modem only ("bridge mode") rather than as modem/router (it will free up a couple of your IP addresses).

    Some options for what you described are discussed in section 6.7 of the book pfSense: The Definitive Guide

    However I have a vague recollection of a previous discussion on this sort of issue. I think the discussion petered out (or I lost interest) when it became apparent that pfSense needed to talk PPPoE with the ADSL modem and a pfSense PPP interface couldn't be bridged with ethernet interfaces. So it would be helpful to have more details.

    How many class C addresses do you have and how many individually addressable hosts do you need?

    Do you need to talk PPP with the ADSL modem?


  • Netgate Administrator

    @wallabybob:

    it became apparent that pfSense needed to talk PPPoE with the ADSL modem and a pfSense PPP interface couldn't be bridged with ethernet interfaces.

    Yes. I can't find that thread now either.

    It depends what services your ISP is providing to you. DHCP? Are they just routing your subnet to your connection?
    How did you have this setup before?

    Steve



  • It was previously routed through to me, right now I just have a standard issue single static ip address that the ISP owns.

    I will arrange to get the ISP to route to my subnet when it is all arranged.

    @stephenw10:

    @wallabybob:

    it became apparent that pfSense needed to talk PPPoE with the ADSL modem and a pfSense PPP interface couldn't be bridged with ethernet interfaces.

    Yes. I can't find that thread now either.

    It depends what services your ISP is providing to you. DHCP? Are they just routing your subnet to your connection?
    How did you have this setup before?

    Steve



  • If you can get them to route those addresses to a separate static IP in a different subnet (like maybe your existing static IP, for example), you could do this with routing instead of bridging and your DHCP server could directly hand out public IP addresses on the local side.


Locked