Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Configuring Home Lab Network

    General pfSense Questions
    6
    9
    1950
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      negimudkip last edited by

      So I recently installed PfSense on a Watchdog X1000 and I want the firewall to be behind the main ASUS router so that I don't have to mess with putting it infront of the ASUS one. However I can't seem to get the right configuration down. I have both the WAN and LAN (Which I can access the Web interface) and the others are OPT1, 2, 3 etc with the other ports. Thanks.

      1 Reply Last reply Reply Quote 0
      • M
        marvosa last edited by

        What is it you can't get right?  Configure your WAN interface, uncheck "Block bogon networks", configure your LAN, and you're pretty much done.

        You'll have to tell us what we're missing here.

        1 Reply Last reply Reply Quote 0
        • Derelict
          Derelict LAYER 8 Netgate last edited by

          Uncheck Block private networks on the WAN interface.  Bogons might help but it's something else.

          Chattanooga, Tennessee, USA
          The pfSense Book is free of charge!
          DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • johnpoz
            johnpoz LAYER 8 Global Moderator last edited by

            The block private doesn't even have to be removed unless your going to have inbound traffic traffic from that segment between your asus and your pfsense wan.  Or you don't want to see noise that might be generated from that segment.  You can always turn off logging that rule.  Or just as stated disable it - it serves no real purpose since anything that is not allowed per a rule from the wan is blocked anyway.

            Its like when you turn on bogon on a lan interface - its just going to generate noise in the log, etc.

            There is nothing that has to be done really to be behind a nat on your wan, other than having to put any forwards into the asus that you want to get to stuff behind your pfsense.  Or putting your pfsense wan IP into the dmz of your asus.

            As to your other opt interfaces - you will have to create the rules you want on those, unlike the first lan you create that gets a default any any rule when you enable OPT interfaces the firewall rules will be blank and deny all traffic.  Anything that you want to pas thru opt interfaces you have to create a rule - might be any any to start with.  But something has to be put there or nothing is going to work from those segments attached to your opts.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.01

            1 Reply Last reply Reply Quote 0
            • N
              negimudkip last edited by

              @marvosa:

              What is it you can't get right?  Configure your WAN interface, uncheck "Block bogon networks", configure your LAN, and you're pretty much done.

              You'll have to tell us what we're missing here.

              @Derelict:

              Uncheck Block private networks on the WAN interface.  Bogons might help but it's something else.

              I've already uncheck it. I'll have to look over the config again.

              @johnpoz:

              The block private doesn't even have to be removed unless your going to have inbound traffic traffic from that segment between your asus and your pfsense wan.  Or you don't want to see noise that might be generated from that segment.  You can always turn off logging that rule.  Or just as stated disable it - it serves no real purpose since anything that is not allowed per a rule from the wan is blocked anyway.

              Its like when you turn on bogon on a lan interface - its just going to generate noise in the log, etc.

              There is nothing that has to be done really to be behind a nat on your wan, other than having to put any forwards into the asus that you want to get to stuff behind your pfsense.  Or putting your pfsense wan IP into the dmz of your asus.

              As to your other opt interfaces - you will have to create the rules you want on those, unlike the first lan you create that gets a default any any rule when you enable OPT interfaces the firewall rules will be blank and deny all traffic.  Anything that you want to pas thru opt interfaces you have to create a rule - might be any any to start with.  But something has to be put there or nothing is going to work from those segments attached to your opts.

              Got it, I'll see what I can do. Maybe I skipped something in my config.

              1 Reply Last reply Reply Quote 0
              • KOM
                KOM last edited by

                What is the actual problem that you are experiencing?  I don't see it anywhere in your post.  No Internet access on LAN?  No access to LAN from OPT1?….

                1 Reply Last reply Reply Quote 0
                • stephenw10
                  stephenw10 Netgate Administrator last edited by

                  The most important thing when setting up pfSense behind another NATing device is to ensure the WAN and LAN interfaces are using different subnets. The pfSense LAN interface uses 192.168.1.1/24 by default and that is a subnet commonly used by SOHO routers. If your ASUS router is using that you must change the pfSense LAN subnet to use something else like, for example: 192.168.100.1/24. Likewise the additional interfaces OPT1-4 must also use separate unique subnets.

                  Steve

                  1 Reply Last reply Reply Quote 0
                  • N
                    negimudkip last edited by

                    Alright think I got it. So I was able to ping Google from WAN so what I did was just bridged WAN to OPT1 - OPT4 leaving LAN as a Management Interface. This works out just find so that I can focus on one interface for the firewall rules….

                    1 Reply Last reply Reply Quote 0
                    • stephenw10
                      stephenw10 Netgate Administrator last edited by

                      Were you originally aiming for a bridged setup? (transparent firewall).

                      Steve

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post