[H] - pFsense Behind ISP Router - No Bridge Mode Available !!



  • Hey guys if someone has a similar router and setup please help. [ I've read countless of pages but no avail. ]

    1. I've getting a Huawei B315 LTE router bundled from the ISP. [ Its a nice router so I don't want to get another one ].
    2. Problem is that there is no bridge mode available on this router.
    3. I've read I can setup a DMZ - Is it advisable to DMZ the pFsense box on the ISP router and disable its firewall / NAT to allow pFsense to be the boss.
    4. Currently, pFsense is running everything on my network and I intend for it to stay like that as everything works, [ Snort, DHCP, Traffic Shaper … ]
    5. Anyone have any advise on what a recommended setup will be in this situation without having to buy a new router.. ?
    6. how would my NAT be working in a DMZ environment.. ? [ Will I have to do all my NAT mappings form the ISP router ]

    Thanks in advance.



  • @Gatekeeper-ZA:

    Hey guys if someone has a similar router and setup please help. [ I've read countless of pages but no avail. ]

    1. I've getting a Huawei B315 LTE router bundled from the ISP. [ Its a nice router so I don't want to get another one ].
    2. Problem is that there is no bridge mode available on this router.
    3. I've read I can setup a DMZ - Is it advisable to DMZ the pFsense box on the ISP router and disable its firewall / NAT to allow pFsense to be the boss.
    4. Currently, pFsense is running everything on my network and I intend for it to stay like that as everything works, [ Snort, DHCP, Traffic Shaper … ]
    5. Anyone have any advise on what a recommended setup will be in this situation without having to buy a new router.. ?
    6. how would my NAT be working in a DMZ environment.. ? [ Will I have to do all my NAT mappings form the ISP router ]

    Thanks in advance.

    #3 is probably your best bet.  That's also how the AT&T Uverse hardware works; there's no customer available bridge mode but they have something called IP passthrough that will allow your pfsense instance to have the public IP address on the WAN interface.  The difference between that and a true bridge mode is that the ISP hardware rewrites the MAC address on packets, and therefore tracks every connection in its state table.  As long as the state table is large enough, that's not usually a problem, especially on a residential connection, and you'll be able to run your pfsense instance as if it was bridged or connected directly to the internet.

    I briefly looked at this: https://blog.hqcodeshop.fi/archives/105-Using-the-DMZ-setting-of-Huawei-B593.html and it seems DMZ mode will do what you want.  Let us know your results!

    Matt



  • Ok so I set the ISP Router 192.168.1.1 disabled its firewall and set DMZ on the isp router to my pfsense box 192.168.0.1
    had to disable Block private networks and Block bogon networks otherwise no traffic came through wasnt aware of this found it in another post somewhere.
    now the problem is NAT is not working correctly or not at all all ports I had in my existing NAT get detected as closed, Ive tried Pure NAT and NAT+Proxy
    but still stays closed. Ive setup my ports under Special Applications in the router could be port triggering. the NAT section only has  2 options. Cone and Symmetric
    as this is a LTE router Ive read most LTE devices do not allow bridging but could be incorrect. there is no IP passthrough on the router

    If anyone can help or has had a similar situation and can help me try and figure out how to get my ports open again it would be great.

    The pfsense box is accessible externally which is fine im taking it as the DMZ working the problem is getting round the NAT issue…..

    Many billions of thanks in advance.

    Router external link : http://consumer.huawei.com/en/smart-home/lte-router/tech-specs/b315-en.htm



  • @Gatekeeper-ZA:

    Ok so I set the ISP Router 192.168.1.1 disabled its firewall and set DMZ on the isp router to my pfsense box 192.168.0.1
    had to disable Block private networks and Block bogon networks otherwise no traffic came through wasnt aware of this found it in another post somewhere.
    now the problem is NAT is not working correctly or not at all all ports I had in my existing NAT get detected as closed, Ive tried Pure NAT and NAT+Proxy
    but still stays closed. Ive setup my ports under Special Applications in the router could be port triggering. the NAT section only has  2 options. Cone and Symmetric
    as this is a LTE router Ive read most LTE devices do not allow bridging but could be incorrect. there is no IP passthrough on the router

    If anyone can help or has had a similar situation and can help me try and figure out how to get my ports open again it would be great.

    The pfsense box is accessible externally which is fine im taking it as the DMZ working the problem is getting round the NAT issue…..

    Many billions of thanks in advance.

    Router external link : http://consumer.huawei.com/en/smart-home/lte-router/tech-specs/b315-en.htm

    I also have similar setup with your router. I have pfsense box which connects to 3 different ISP. The first ISP is DSL modem, second one is LTE modem and the third one is 3.5G modem. None of them offer bridge mode which I am stuck using their private IP address. In your case, there are 2 ways to open port.



  • Thank you the easy way worked didnt thing of that at all..