Help needed for Wireless Router Set up Behind pfSense Box

kiekar

Hello,

Currently my set up consists of an ADSL modem router set in bridge mood and the pfSense box WAN Ethernet port set as PPPOE.  The LAN NIC is set at 192.168.1.1/24 and the box as an additional NIC (WLAN) set at 192.168.2.1/24.

The wireless router is set as follows.

LAN Settings
        Router IP Address: 192.168.3.1
        Subnet Mask: /24
        DHCP: enabled

WAN Settings
IP Address: 192.168.2.2
Subnet Mask: /24
        Gateway: 192.168.2.1

Currently I’m able to connect to my wireless router and pfSense box with a wireless connection using my laptop but not the internet.

I created a port forwarding and firewall rule.

What am I missing to get an internet connection? Any help would be much appreciated

Port Forwarding rule

if        Proto    Src. addr    Src. ports        Dest. addr            Dest. Ports          NAT IP              NAT Ports
WLAN      TCP          *                *            WLAN Address        80 (HTTP)        192.168.1.1        80 (HTTP)

Firewall Rule

WLAN TAB

Proto      Source      Port      Destination        Port      Gateway      Queue          Schedule
TCP            *            *        192.168.1.1      80            *            none

Derelict

https://forum.pfsense.org/index.php?topic=81014.0

stephenw10

Yep, that ^. You're double NATing when you don't need to.
Also you don't need a port forward rule on WLAN. You just need a firewall rule that allows out traffic to external addresses. Use the default allow rule on LAN as a template.

Steve

kiekar

Hello ,

Thank you both for your replies. Well I did some what change my set up per the link provided and what I did was move my cable form the WLAN NIC on the pfSense box and wireless router internet port to the LAN NIC on the pfSense box and LAN port on the wireless router and all worked fine even without changing any LAN and WAN settings on the wireless router.

Is it still possible to access the internet based on my initial set up where I use a connection from the internet port of my wireless router to the WLAN NIC card on the pfSense box? it's more of a curiosity
to me since I'm coming from an ISA 2006 setup.

Karl

Derelict

It's usually possible but it likely involves natting twice which generally sucks.

stephenw10

@kiekar:

all worked fine even without changing any LAN and WAN settings on the wireless router.

If you do that at the very least you must disable the DHCP server on the wireless router. It may be working fine now but sooner or later a device is going to get an IP address from the wireless router and it will be in the wrong subnet with the wrong gateway.

Going the way you originally had it configured is generally frowned upon because of the double NAT, as Derellict said, but in many situations it will work fine. I'm writing this from behind double NAT and have experienced no issues with day to day stuff. Things get complicated if you have to forward ports though and some things (VoIP) really hate double NAT.  ;)

Steve