Best Practice? 1 WAN in 2 Interfaces out, Bridge 1 or 2? NAT 1?



  • Here's my situation.

    I've been running pfSense in Transparent bridging mode for about 6-8 months and I love it… previously my network was.

    Cable Modem -> HUB -/ pfSense(bridge) -> ISA -> Internal network
                                  \ WiFi Router (DMZ) -> DMZ network

    pfSense again running in bridge mode.

    well, I rewired my rack over this past weekend, and I wanted everything behind pfSense now my network is

    Cable Modem - / pfSense(bridge) -> ISA -> Internal network
                        \ pfSense(brdige) -> WiFi Router - DMZ network

    Problem is, my WiFi router is not getting an IP from my cable provider (external IP), I can see where the DHCP request/response to the broadcast address 255.255.255.255 is getting blocked (NO TRAFFIC) yet allowing all * * * *  in my firewall ruleset does nothing, now as I'm sure you have picked up on already, I'm not the greatest when it comes to networking.

    What I'd like to know, is whats best practice, should I leave both internal adapters to Bridge to WAN?

    WAN - (Bridge) LAN
              (Bridge) OPT1

    If so, how can I get the device on OPT1 to accept external DHCP responses?

    Else should I setup

    WAN - (Bridge) LAN
              (NAT)  OPT1

    Letting OPT1 get the External IP?

    if Bridge/NAT is the best route, can anyone give me a quick run down on how to do so?

    Thank you.



  • Ok, well I'll ask this then..

    How can I get DHCP on my WAN address to pass thru a filtered bridge onto both the OPT1 and OPT2 internal adapters?


Log in to reply