Router to Pfsense Setup
-
Hello community,
I am trying to convert my home network over to pfsense, and wanted to ask how I should go about doing so. Right now, I have a DSL modem/router that has DHCP enabled. This network is on 192.168.1.1/24. I have 10 people who use the network, so I want to slowly start incorporating pfsense into the network once I am sure everything is running smoothly. Ideally the main setup that I want to achieve is to switch the DSL modem/router into bridge mode, and then have the pfsense handle everything, while having 2 VLANs (1 for home network and 1 for computer lab). Like I said earlier though, I want to make sure I have everything set up correctly before that, so I want to connect the pfsense behind the DSL router so everyone can still use 192.168.1.1 without any problems. If the DSL router is on the 192.168.1.1/24 scheme, should I make the WAN of the pfsense static with an address of 192.168.1.x/24, and then creating VLANs on 192.168.2.1/24 and 192.168.3.1/24with DHCP enabled? If I do this, would I need to port forward anything from the DSL router to the pfsense in order for pfsense LANs to reach the Internet? Here is the setup I am currently trying to do:I appreciate any advice that anyone can give me!
![Network Scheme.png](/public/imported_attachments/1/Network Scheme.png)
![Network Scheme.png_thumb](/public/imported_attachments/1/Network Scheme.png_thumb) -
With above design, your ADSL interface is not bridged but act as a router. In such case, yes you will have to forward to pfSense. But is it an issue ?
On the other hand, if you can configure your ADSL device in bridge mode, why don't you go this way ? -
Home network? Really? This is nothing that can't mostly be done ahead of time. 30-minutes downtime max. "easing" a router into a default-gateway network is pretty much impossible.
Save yourself a ton of headaches and just put the modem in bridge mode giving pfSense WAN duties.
-
Thanks Derelict and Chris4916 for your responses. Currently I have the ADSL running as the primary router primary due to having 10 other people using the network. I don't want to switch the ADSL into bridge mode (my future plan) just yet, due to my lack of knowlege in networking. I am slowly learning, but I don't want to switch the network over to an unsecure network because I accidentally didn't understanding the firewalls, or someone's medai server won't connect to the vlan I created. That's why I want to "ease" into the switch by running the pfsense behind the ADSL, and practice setting up VLANs, Wireless router on 1 VLAN, understanding firewall configurations, etc with just myself being connected to the pfsense. Once I have a better understanding, then I want to put the ADSL onto bridge mode and just change a few WAN configurations on pfsense to have everything up and running. Am I wasting time doing it this way, or like Shia Labeouf says, I should, "JUST DO IT." Thanks for your help!
-
Take it easy ;)
You are not obliged to make any big risky move and could migrate smoothly from your current design to the new one relying on pfSense.
If you connect your pfSense machine to switch behind ADSL device, the external (WAN) interface of pfSense will get an IP from DHCP server.
You can then connect your own PC to the LAN (internal) interface and configure pfSense without any impact on other devices and servers.
Once your pfSense box is up and ready, connect switches, servers workstations or whatever behind pfSense et voila.
The only point (and this perhaps matter although I doubt) is that new network creates behind pfSense have to be different from what you currently have.The "bridge vs. router" story doesn't really matter.
if your ADSL device runs in bridge mode, pfSense will handle everything.
if your ADSL device runs in router mode, you will have another private network between ADSL device and pfSense and will have to maintain some port forwarding. This is not a big issue. It may have some side effect with double-NAT but this is quite unlikely.I currently have 2 WAN behind my pfSense firewall. One is ADSL, the other is FTTH. both have interfaces running in router mode rather than bridge and I'm very happy with this.
-
Thanks chris4916. Thanks for your help and advice on this setup. I am completely a noob at this, so I am glad you were able to explain and help me with this problem.