New to pfSense - help me strategise?



  • Hi I am new to pfSense.

    I have an office with a netgear modem router running wifi and DHCP on the 192.168.0.1/24 IP range (0-100 are reserved, 101-254 are leased) and has some basic port forwarding rules and a small set of MAC address locked IP's.

    What has happened is that I need to log all internal traffic by type and IP address. The netgear router doesn't do this. SO I need to add a "box" and I thought of pfSense. What I would like to do is this:

    • buy a mini-pc (does it need 2 network cards?)

    • put pfSense on it

    • disable DHCP on the router

    • give the router it's own static IP of 192.168.2.2

    • use pfSense for the netgear wifi DHCP leases (?! how ?!)

    • create a new pfSense gateway with  2 ( ?do I need 2 or can I bridge a virtual network connection?) ethernet connections (giving it an IP of 192.168.2.1 and an of 192.168.0.254) and use that to hand out the DHCP leases in the 192.168.0.1/24 range (101-253)

    • do this is such a way that the router on 192.168.2.2 is the gateway for pfSense

    • do nothing to the static IP addresses in the 192.168.0.1/24 range because they will still work

    • lock down the small number of DHCP leases that stay locked to MAC address, also on the 192.168.0.1/2 range

    • add ntop (for traffic logging) and configure pfSense into some traffic shaping for the 192.168.0.1 /24 range

    • re-apply the port forwarding rules

    my question is - will this even work? If so what are my main things to look at? How can I assure the network that the wifi will still work, or that the modem will be ok.

    my minimum baseline is … a world where wifi works... current static ips are able to stay as they are... everything is logged and managed by pfSense but the netgear is doing all the peripheral interconnecting at both ends (i.e. ISP and wifi, even perhaps a physical switch when needs be, with pfSense in the middle doing DHCP and being a gateway) - ISP -> modem ->  pfSense (DHCP) < - wifi < - LAN



  • Usually, ISP -> modem(bridge mode) -> pfsense –> LAN is a good setup.

    Pfsense is able to be a wifi router too if you buy a compatible device.

    Disable net gear wifi before enabling bridge mode.

    If you have a switch that supports vlans, pfsense box can work with one interface only.



  • Hi,

    If I don't use VLAN, then how should the pfSense server be configured? One networkcard with two interfaces? So one for incoming network and the other one for filtered network?


Log in to reply