Are these settings for pfSense behind an ISP router correct?



  • Greetings :)

    My pfSense setup used to work fine but I recently had to switch to a different ISP and my new one does not allow their modems to be set into Bridge Mode.
    As such, I am trying to reconfigure my pfSense appliance to work behind my ISP's router.

    Here's my current layout:

    My issue is currently the following:

    • pfSense itself can access the Internet just fine
    • pfSense's DHCP server properly allocates fixed IPs to all my devices
    • but none of my devices can access the Internet.

    I tried the following Ping tests within pfSense and they all seem to work.

    DEFAULT -> 8.8.8.8 OK
    WAN -> 8.8.8.8 OK
    LAN -> 8.8.8.8 OK
    Localhost -> 8.8.8.8 OK

    DEFAULT -> google.com OK
    WAN -> google.com OK
    LAN -> google.com OK
    Localhost -> google.com OK

    I'm pretty sure I missed some gateway/DNS setting that prevents my devices from accessing the Internet.

    The only things I have NOT yet tried are the two settings in RED in my chart above:

    • Creating a routing table entry on my ISP's router: Destination [192.168.100.1], Subnet Mask [255.255.255.0], Gateway [192.168.1.2]

    • Activating the DMZ (although not sure how that would impact my issue)

    Below are my key pfSense settings highlighted in yellow.









    If any of the great experts here could have a quick look and tell me what I missed I would greatly appreciate it! :)

    Many thanks in advance for any help and pointers


  • LAYER 8 Netgate

    Can the LAN hosts ping 8.8.8.8? If so can they ping www.google.com ?



  • Hi Derelict

    Ping 8.8.8.8 works OK
    But www.google.com NOT (cannot resolve www.google.com: Unknown host)


  • LAYER 8 Netgate

    Then you need to fix your DNS.

    Can pfSense resolve names using 109.0.66.10 and 109.0.66.20 ??

    Why forwarding mode? Why not just let the resolver do its thing?



  • Hi again :)
    Thanks for the quick response.
    Unticking the forwarding mode actually seems to have fixed it. Not sure where I picked up that I had to tick this setting, but it seems to do the trick.
    Many thanks for that!!!!

    While we're at it, would you know if I should tick the "Block Private Network" box in "Interfaces: WAN"?
    My understanding from the contextual help is that because I'm behind another router that I need to un-tick this? Is that corrector should I leave it ticked?

    Many thanks again for your help!


Log in to reply