I’m working on this right now and trying to dig around in the logs to see if there is anything that might point me in the right direction. I am hotspotting now so I can reply. I keep trying to force the Wan to connect but no luck.
Well that was fun. Spent 3 hours working on it and got nowhere. Fresh Pfsense install, tried reassigning ports and vlans. Followed some guides, argued with tech support, tried multiple MTU’s all for nothing. Is it just me or is DSL just a nightmare?
@Letsgetsteve, I have a suggestion. I know you are trying to get your internet-provided device running in bridge mode, but have you considered setting up a double nat situation? It was the only way I could provide Internet access to my network lab. My internet provider (Cincinnati Bell) would only allow me to change the mode their device run’s if I upgraded to a business plan. Since I couldn’t afford that, I fixed the lab internet problem by setting up a double nated situation. You probably have to do the same thing. If you are interested, I would be willing to help.
Sorry, I forgot to mention the equipment I am running. For my switch, I am running an Unifi 16 port switch Gen 2, and for the router, a Netgate firewall device. Also, while on the subject, I have two networks sharing one connection to the Internet.
1 Like
I have been seeing this in a lot of places. I am becoming more and more interested in it. Are there major disadvantages of it? I just want to have all the good bits of the Pfsense box and could care less about the junk the ISP gave me. I’m starting it loose my mind so I would be very interested in your experience with doing this.
I’ve been double NAT-ing for a while. The only disadvantage I see, aside from the usual NAT, is that you have to port forward twice, once in pfSense, second in your ISP router, because 99% of the time, you can’t configure static routes or OSPF on their routers, so double NAT it is.
2 Likes
I don’t have time right now for a long-winded explanation, but I can give some advice. I had two primary goals in this project ( which has been running since December this year). Goal one I wanted to set up two networks, one for everyone else and one for me to learn networking. So when I changed a setting, and the Internet went out, I didn’t have the whole house screening fix the Internet. Goal two provides Internet access to my networking lab without installing a second fiber line. What I did was allowed my ISP-provided device to assign an IP address to the wan interface of my Netgate device. For example, my internet IP address for the house network is 192.168.50.0. You will have to set your Pfsense wan interface to your internal IP address. I am sorry I can’t be of more help right now. I have to work tomorrow; hopefully, I will have Saturday or Sunday off and have more time to help then. At least I have given you a different plan of attack.
To answer your question, from my experience, the disadvantages are the latencies on my networking lab have increased twofold. First, if I need to forward any internet traffic to a server on the Internet, I have to deliver rules for both Pfsense and the house network. So far, I haven’t had any problems, but I don’t run game servers or host my internet services. It’s 9:15, and I have to get up at 5:00, so I got to go now.
1 Like
That is pretty close to what I want to do too. Seems pretty smart.
I really appreciate it. I will be out of town this weekend unfortunately but I will for sure be working on it again on Monday.
I did just find this write up for the ISP supplied router and I think it might be worth a shot to try it one more time before going down the double Nat road. The only real question is, In reading this setup for the ISP device, Is it hinting at things I need to setup in my Pfsense router? I think there is some hinting at Vlan’s for sure.
@Letsgetsteve, the new guidance you found sounds very close to the instruction I found to put my IPS device into bridge mode, unfortunately. In my situation, there were some settings Cincinnati Bell had to change on their end, and they weren’t willing to make the changes unless I upgraded to a business plan. Also, if I had succeeded in run Cincinnati Bell’s device in bridge mode, I wouldn’t be able to accomplish my first goal, which was to prevent the family from yelling the internet was down. But, you know what they say a happy wife is a good life. So, you might have better luck than I. If the new instructions don’t work, then I would assume you will have to contact your IPS provider and see if they are willing to make the changes on their end. The only other advice I could give you about the new guide is to make sure the DCHP server and the device’s firewall are disabled. You don’t want the IPS device to pass through an IP address or have ports disabled. You will wish the machine to give its Wan address to the Pfsense device. Keep me updated on your progress.
So the progress is just the same as before. I can’t seem to get a connection no matter what I try. I have been playing around for too long. I think there is a chance that I will revisit the straight bridging in the future at some point, but at the moment I think going double NAT is the way to go. I can always reevaluate after, but at this point, I think you have the right idea.
So for me to do the double NAT in the same config as you where do you recommend that I start?
I’d say in your routers web interfaces. If you have a web server or a VPN, port forward its TCP or UDP port on pfSense, then on your ISP box. On pfSense, they don’t have to be 1:1, but I would suggest you keep the port NAT 1:1 between pfSense and your ISP box. For example, if you pass port 443 from a web server to pfSense on port 8443, you should also keep port 8443 on your ISP device, just so you don’t create too much confusion for yourself.
Ok, do you run any servers or host any services? Do you have a switch? The reason I ask is I am trying to head off any problems with server hosting services. If the answer is no, then changing the Pfsense Wan address’s IP address to the IPS device’s Lan address should be easy, and it should work. If you can wait until Sunday, I could create a video guide for you. I got to go now need some sleep. Oh, by the way, before you change any setting on Pfsense, make a backup of your current settings first.
1 Like
I have a NAS and will eventually be playing with a DIY Unraid NAS. I have a dumb switch but I was looking to get a Ubiquity 8 lite or a Netgear GS308EPP. I was going to have the managed switch after the Pfsense box as the picture above shows (the plan at least) I have reset to factory my Pfsense setup a few times trying to get it to work but I have backups of how it was working great with all of the services from before. At the moment I am out of ideas so I can wait for sure and would be grateful for a guide!
@Letsgetsteve I looked at the diagram you posted, and I might have some equipment suggestions for you. If you purchase a managed switch, I will go with a 16 port switch instead of an eight-port switch. I bought an Unifi 16 port switch version 2 last Christmas. Now I wish I had purchased the 24 port or the 48 port version because I am running out of free ports. Now the question remains which switch manufacturer to go with, that depends. Do you have any Unifi AP, or do you plan on purchasing any in the future? If the answer is yes, then I would get an Unifi 16 port POE switch. Unifi equipment is designed to be configured by their controller’s software. Right now, there is a forum member who has Unifi Ap but no Unifi switch and is running into all kinds of issues. A lot of his problems would go away if he purchased an Unifi switch.
@Letsgetsteve, I thought I would give you an update, I unexpectedly had to take today off, so I did a little work on the video guide I promised you. I think your idea not to purchase any more equipment until Pfsense is working as it should is the correct one.
Another update I just finished the network map and set up the network simulation for the guide. Now I need to run the simulation and video record it. I probably do that Saturday afternoon and have it ready Saturday evening or Sunday morning.
That’s the plan so far. Also since almost everything is out of stock at Ubiquity Canada, I don’t really have the option either! I really appreciate the help with this!
Sounds good. I forgot to mention I don’t have my networks double nated. For networks to be double nated, the wan port of both of my routers would each have a different IP address; since I don’t, then my connections aren’t truly double nated; at least that’s how I understand what double nated is. When I post my video guide, it will make more sense. I guess the best way to describe how the traffic works on my networking lab, remember any internet traffic from the lab has first to go through the home router before it can reach the internet. Which is the reason for increased latency and the possibility of needing to set up forwarding rules in both routers
1 Like
Hi, @Letsgetsteve I am sorry I couldn’t post that video guide today as I promised. Life events kept getting in the way today and yesterday. I have the next two days off from work, so I should post it sometime during the next two days. Keep a lookout for it.
1 Like
@Letsgetsteve Just an Update I am going to try live stream the video guide I promised tonight. I will let you know how it goes.
@Letsgetsteve I got some bad news. For some reason, my network simulation software is refusing to work, and I am upset about it, so I will not be able to fix it before I have to go back to work. However, if you are willing to log into the level 1 discord server and can understand English, I will be ready to walk you through the steps this weekend.