Help needed for Wireless Router Set up Behind pfSense Box
-
Hello,
Currently my set up consists of an ADSL modem router set in bridge mood and the pfSense box WAN Ethernet port set as PPPOE. The LAN NIC is set at 192.168.1.1/24 and the box as an additional NIC (WLAN) set at 192.168.2.1/24.
The wireless router is set as follows.
LAN Settings
Router IP Address: 192.168.3.1
Subnet Mask: /24
DHCP: enabledWAN Settings
IP Address: 192.168.2.2
Subnet Mask: /24
Gateway: 192.168.2.1Currently I’m able to connect to my wireless router and pfSense box with a wireless connection using my laptop but not the internet.
I created a port forwarding and firewall rule.
What am I missing to get an internet connection? Any help would be much appreciated
Port Forwarding rule
if Proto Src. addr Src. ports Dest. addr Dest. Ports NAT IP NAT Ports
WLAN TCP * * WLAN Address 80 (HTTP) 192.168.1.1 80 (HTTP)Firewall Rule
WLAN TAB
Proto Source Port Destination Port Gateway Queue Schedule
TCP * * 192.168.1.1 80 * none -
https://forum.pfsense.org/index.php?topic=81014.0
-
Yep, that ^. You're double NATing when you don't need to.
Also you don't need a port forward rule on WLAN. You just need a firewall rule that allows out traffic to external addresses. Use the default allow rule on LAN as a template.Steve
-
Hello ,
Thank you both for your replies. Well I did some what change my set up per the link provided and what I did was move my cable form the WLAN NIC on the pfSense box and wireless router internet port to the LAN NIC on the pfSense box and LAN port on the wireless router and all worked fine even without changing any LAN and WAN settings on the wireless router.
Is it still possible to access the internet based on my initial set up where I use a connection from the internet port of my wireless router to the WLAN NIC card on the pfSense box? it's more of a curiosity
to me since I'm coming from an ISA 2006 setup.Karl
-
It's usually possible but it likely involves natting twice which generally sucks.
-
all worked fine even without changing any LAN and WAN settings on the wireless router.
If you do that at the very least you must disable the DHCP server on the wireless router. It may be working fine now but sooner or later a device is going to get an IP address from the wireless router and it will be in the wrong subnet with the wrong gateway.
Going the way you originally had it configured is generally frowned upon because of the double NAT, as Derellict said, but in many situations it will work fine. I'm writing this from behind double NAT and have experienced no issues with day to day stuff. Things get complicated if you have to forward ports though and some things (VoIP) really hate double NAT. ;)
Steve