Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Passing ISP IP through a pfSense FW to another firewall

    Scheduled Pinned Locked Moved General pfSense Questions
    6 Posts 3 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K Offline
      kschmidta
      last edited by

      I'd like to extend a group of public address from my ISP to a firewall located behind my pfSense firewall, see drawing attached. Can this be done? if so, how do I configure my pfSense firewall.

      ![Providing ISP Services.jpg_thumb](/public/imported_attachments/1/Providing ISP Services.jpg_thumb)
      ![Providing ISP Services.jpg](/public/imported_attachments/1/Providing ISP Services.jpg)

      1 Reply Last reply Reply Quote 0
      • V Offline
        viragomann
        last edited by

        The OPT interface must not be in the same subnet as the WAN. So your secand pfSense also must belong to another subnet.

        1 Reply Last reply Reply Quote 0
        • K Offline
          kschmidta
          last edited by

          Can you mark up my drawing as a sample of how it should be configured? Also note how I would configure the interfaces?

          ![Providing ISP Services.jpg](/public/imported_attachments/1/Providing ISP Services.jpg)
          ![Providing ISP Services.jpg_thumb](/public/imported_attachments/1/Providing ISP Services.jpg_thumb)

          1 Reply Last reply Reply Quote 0
          • V Offline
            viragomann
            last edited by

            Okay, I assume the numbers in the colored fields are vLANs. So this way it could work, you just need to bridge WAN and OPT1 and assign the WAN address to this bridge.
            https://doc.pfsense.org/index.php/Interface_Bridges

            1 Reply Last reply Reply Quote 0
            • K Offline
              kschmidta
              last edited by

              I will check it out. Thanks for taking the time to help me out.

              1 Reply Last reply Reply Quote 0
              • ? This user is from outside of this forum
                Guest
                last edited by

                With the ISP router which is doing NAT (1) and the pfSense is doing also NAT (2) and on top the
                other firewall is doing also NAT (3) you were creating a triple NAT situation and related to this this
                your problems exists. You have two choices to get rid of this issue.

                • Set the ISP router to the so called "bridge mode" that the router is only acting as a pure modem
                  if this able to realize, it would be the fastest and most stable way. Or buy a plain and pure modem.
                  Cons: no
                  Pros: You have then only created a double NAT situation with which you can live.

                • Or you should bridge the LAN port from the ISP router to the WAN port from the pfSense firewall
                  as suggest from @viragomann, that pfSense is acting as a fully transparent firewall then.
                  Cons: Port flapping, packet loss or packet drops
                  Pros: fully transparent firewall which is invisible

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.