FTTH cable to pfSense

What kind of network card and SFP adapter do I need to connect my FTTH termination directly to my pfSense router?

The current modem provided by the ISP does not support bridge mode, so I am dealing with a double NAT situation.

I have a connect-x3 already on the server, do I need anything new, other than the SFP adapter?

GPON ONT + ISP Router?
We need more information.

It has two pieces. The main fiber connect to the box on the first Pic. And another fiber connects to the modem with this cable

@cmtedouglas, we still need more information the pictures you provided don give enough information. For example, we need to know the make and model of the IPS-provided modem. Do you already have the equipment to run Pfsense?

I am guessing your internet service provider is StarWeb, an internet provider serving South America. I also think your native language is Spanish. Since I don’t understand Spanish, I hope you can understand English. You might be able to replace your IPS-provided modem with Pfsense; it depends on what modem is provided (provided device acts as modem and router) and if StarWeb will allow you to provide your equipment.

With my ISP I didn’t need anything else, but some patience with getting the connection up.
I have a connectx4-lx card with a 25GbE SFP28 module.
The SDP module needs to fit together with module from ISP (Type, wavelength, etc) and the connector (though there are opto couplers). Your patch cable looks the same as mine.

I just get the ipaddress and route information via DHCP from provider. So no special setup was required in this regards. Maybe other ISPs do it differently.
But my setup was unusual and most all other 25GbE Fiber customers are using the microtiq router the ISP provides. So their support couldn’t help me much.

Yes, @gysi ISPs do things differently; some require you to use their modem, some need you to call and get your IP address, and some will allow you to use your equipment.

In my area, there are only two choices Spectrum cable or Cincinnati Bell. Cincinnati Bell will allow the use of your equipment, but Spectrum Cable requires the use of their modem but doesn’t charge you for it.

@cmtedouglas, when I had Cincinnati Bell (now using Spectrum cable for internet), I was able to replace their modem with the equipment I purchased to replace Cincinnati Bell equipment. I then attached the Wan interface of my Pfsense device to one of the Lan interfaces of the replaced modem. So I had two different networks running and internet to both without having a double Nat situation. You might be able to do the same thing. I need the make and model number of all equipment so I can find their manual and see if it is possible.

yes, i have a pFsense setup, currently running

ISP modem/router → pfSense

The problem is, this generates a double NAT, because the ISP modem/router does not support bridge mode, so that’s why i want to remove it entirely.

the ISP modem/router is the ZTE F660

out of curiosity, which modules did you used?

I use this SFP28 module with my provider ( Init7 in Switzerland) : https://www.fs.com/de/products/85132.html
My ISP luckily had the specs online what to get in terms of wavelength, type, etc:
FTTH Fiber router and media converter for Fiber7 (at bottom of page).
The fs.com module was much cheaper than the recommend one by the ISP

1 Like

@cmtedouglas I found this youtube video for your IPS-provided device to show how to put modem in bridge mode.
How to bridge F660 router
The first thing I would try and see if your IPS won’t replace the ZTE F660 with just a modem, not a combo box. If that failed, I would ask my ISP if it could help put the ZTE F660 in bridge mode. If your ISP won’t help you, Then I would try and connect Pfsense directly to the ONT. The last step I wouldn’t do unless double-nating really got on my nerves.

1 Like

@cmtedouglas, I had some thoughts after I sent my last post. As I said, I wouldn’t connect the Pfsense device directly to the ONT. The reasons are first probably won’t like it, and second I have heard of getting that situation to work; the IPS needs to reconfigure their equipment on their end in most cases. Whatever option you try calling your ISP and reaching a level 2 technician is the first step. Please update us on your progress.

1 Like

I will try tomorrow, i hope bridge works since its the simpler solution

@cmtedouglas If bridge mode doesn’t work, let me know; I thought of another way to accomplish your goal. I will be home all-day checking to see how it is going. Please let us know if you succeed.

bridge did not work. the firmware on my version of the router does not have the option to select bridge :frowning:

@cmtedouglas Can you upgrade the firmware on your version of the router to the version that supports the option to select bridge? If not, have you tried putting the Pfsense server on the ISP-provided devices’ DMZ? Let us know if either option doesn’t work.

I am afraid of updating its firmware and losing the device for good.

I will see if there is a DMZ option

also, i got another GPON (from Huawei) router from a friend, that has bridge mode. but i cannot get it to connect

DMZ worked. not the completed solution that i wanted, but will do for now

I will try and buy another ZTE F660 GPON, that i can try and flash a factory firmware to it. maybe it will do it

You need to manually set up the other router (the one from Huawei) because it wouldn’t be set up automatically.

@cmtedouglas could try flashing the correct factory firmware on it, but I feel Cmtedouglas IPS provider requires routers have custom firmware to work on their network. So his best option is to talk to his ISP and asks them how to set up a Pfsense router the way he wants it.

I will call them this week, see if they can do anything. Other than that, i will give up. I just hope this isp router is not infected with some botnet or other things

Some bot shouldn’t infect the ISP router or other things; you shouldn’t be connecting your ethernet clients directly to the ISP-provided device. Instead, there should be a layler2 switch between the router and the ethernet clients.