[HowTo] Getting PfSense working with BT Infinity/FTTC/FTTP

  • All,

    I've finally got this working :D

    We have Zen FTTC at home and 4 virtualised instances of PfSense running there without any problems…mainly because Zen are awesome!

    We have FTTP from BT at our offices and I didnt want to use their HomeHub (it's rubbish) so decided on setting up PfSense instead. The problems started because they have a odd network setup where your PPPoE interface gets a dynamic IP Address rather than a static like Zen's.

    This is how I've got round it.

    Our IP Addresses are x.x.x.208/28 so x.x.x.208-223 with 209 to 222 useable. 222 is the Router IP Address. 221 is the Firewall external IP.

    All of my servers are virtualised using VMWare ESXi 5.1/5.5, I may miss some steps out but feel free to ask if your having trouble and I will let you know what my configuration is.

    In VMWare, create 3 vNetworks, WAN, External and Internal. Set the Security on all to be "Accept".
    Connect your BT Supplied white box to your WAN interface on the server.

    Create a new virtual machine, give it a NIC for the External and LAN networks.
    Call it "Firewall", install PfSense as you normally would.
    Internal Network is
    Setup DHCP (makes life easier)
    On the WAN Interface, set this to be x.x.x.221 (basically one of your static IP addresses).
    The Default Gateway on this box should be your Router IP (222 in my case). This default gateway must be set on your WAN interface.

    Ensure your Gateways are online. (Diagnostics -> Gateways)

    Create a new Virtual Machine, give it a NIC for the WAN, Internal and External networks.
    Call it "Router" and install PfSense as normal.
    Let the LAN interface get an IP Address from DHCP from the Firewall - turn this interface off later, it just makes it easier to configure for now.

    Create a new Interface within PfSense, normally called OPT1 as WAN and LAN are already taken, give this access to the External Network and set the IP to Static and use your Router IP Address (222 in my case).

    The WAN interface on this server will have the PPPoE connection on. Set this up. This will get a dynamic IP Address from BT, makes sure it connects.
    Go to Advanced -> Firewall / NAT and tick "Disable all packet filtering". This converts the box to a router.
    Routing, Default Gateway is "" here, check your PPPoE Connection and use that gateway.

    Your Internal Network should route to your Firewall....this then sends it to it's default gateway which is the Router box, this then routes everything to it's default gateway which is BT's network. Job Done.

    Change all default usernames and passwords!

    Feel free to ask any questions and I will answer them the best I can.

    Thank you

Log in to reply