Are these settings for pfSense behind an ISP router correct?
My pfSense setup used to work fine but I recently had to switch to a different ISP and my new one does not allow their modems to be set into Bridge Mode.
As such, I am trying to reconfigure my pfSense appliance to work behind my ISP's router.
Here's my current layout:
My issue is currently the following:
- pfSense itself can access the Internet just fine
- pfSense's DHCP server properly allocates fixed IPs to all my devices
- but none of my devices can access the Internet.
I tried the following Ping tests within pfSense and they all seem to work.
DEFAULT -> 184.108.40.206 OK
WAN -> 220.127.116.11 OK
LAN -> 18.104.22.168 OK
Localhost -> 22.214.171.124 OK
DEFAULT -> google.com OK
WAN -> google.com OK
LAN -> google.com OK
Localhost -> google.com OK
I'm pretty sure I missed some gateway/DNS setting that prevents my devices from accessing the Internet.
The only things I have NOT yet tried are the two settings in RED in my chart above:
Creating a routing table entry on my ISP's router: Destination [192.168.100.1], Subnet Mask [255.255.255.0], Gateway [192.168.1.2]
Activating the DMZ (although not sure how that would impact my issue)
Below are my key pfSense settings highlighted in yellow.
If any of the great experts here could have a quick look and tell me what I missed I would greatly appreciate it! :)
Many thanks in advance for any help and pointers
Can the LAN hosts ping 126.96.36.199? If so can they ping www.google.com ?
Ping 188.8.131.52 works OK
But www.google.com NOT (cannot resolve www.google.com: Unknown host)
Then you need to fix your DNS.
Can pfSense resolve names using 184.108.40.206 and 220.127.116.11 ??
Why forwarding mode? Why not just let the resolver do its thing?
Hi again :)
Thanks for the quick response.
Unticking the forwarding mode actually seems to have fixed it. Not sure where I picked up that I had to tick this setting, but it seems to do the trick.
Many thanks for that!!!!
While we're at it, would you know if I should tick the "Block Private Network" box in "Interfaces: WAN"?
My understanding from the contextual help is that because I'm behind another router that I need to un-tick this? Is that corrector should I leave it ticked?
Many thanks again for your help!