Had trouble getting ports to be recognized during installation. Wait 15 seconds after hitting automatic (a) to plug in and another 15 seconds hit enter.
What settings do I change on my DSL modem to change from my Modem acting as a modem and DHCP and DNS server into just a modem? How do I make the PfSense box act as DNS and DHCP?
Can I make 2 ethernet connections from my modem to my Pfsense box to be able to survive cable or port failures? Can I do the same with 2 connections from my Pfsense box to my switch for the same reasons?
I got pfsense installed and eventually got into the gui.
I couldn’t figure out how to make sure that my modem was recognized as my default gateway.
I’m not sure exactly how the wan port is treated in pfsense. It’s not explained explicitly. It really cant think that its the direct connection to the internet, can it?
Usually involved calling the ISP and asking them to put it in “bridge mode”.
Yes, failover bond is what you want under Interfaces > LAGGS.
Once you put it in bridge mode, your public IP will be the gateway. If your ISP provides IP over DHCP, just use DHCP on the WAN interface. Otherwise they need to provide you with a static IP, subnet mask and gateway which you configure statically. Haven’t used DSL in a long time, but it might require PPOE also which is another case where the ISP needs to provide you with info.
By default it’s a DHCP interface so it accepts whatever an upstream DHCP server assigns or just doesn’t work unless you assign a static address.
Otherwise, the WAN port is just preconfigured to be the 0.0.0.0 route, NAT masquerade and have some sane default firewall rules, all of which can be changed later. Think of it as a preset.
My modem, a Zyxel C1100Z,
has a wan setting that changes the ISP protocol (auto selected) from IPoE to transparent bridging. Is this what you mean? I have difficulty dealing with my ISP, CenturyLink.
Hi @JediAcolyte, have you been able to get Pfsense working (meaning handling your network’s DHCP and DNS server needs)? If you haven’t, it might be easier to create two separate networks. What I mean by the previous statement is set up a double Nat. I will explain further by an example. Please excuse the wordiness of the next Paragraph.
In June 2020, I replaced my ISP-provided router with an ASUS RT-AC88U. The ISP-provided router’s replacement was the first step in a more secure (for the house) and private networking lab for me. It is important to keep in mind that the procedure I followed when I replaced the ISP-provided router was to connect the new router to my fiber connection, log into the new modem, and click on the quick internet setup button (this fact will become obvious later). I didn’t have to contact my ISP. They didn’t need to implement any changes on their end, nor did I need to contact them for information on what changes I needed to make to the new router. Now I will talk about the next and final step toward a more secure network in the next paragraph.
This Christmas, I purchase a Netgate SG-5100 appliance and an Unfi Gen 2 POE 16 port switch. I have included a diagram of the two different networks below to present a better idea of how the two networks are connected.
The steps I did to set up my new network (network lab) were to connect all ethernet cables to all equipment, making sure all equipment was getting power, boot up the Netgate appliance waited for 5 minutes then boot up the switch 5 more minutes later I had internet access. The initial setup phase of the Netgate appliance (which happens in the first 5 minutes) automatically signs an IP address from the ASUS router’s Lan interface to the Netegate’s Wan interface. It leaves the default Lan interface on the Netgate alone. So all devices on the Netgate network get signed a default gateway IP address of 192.168.1.1. So How am I able to get internet access on the Pfsense network? I will tell you, packets destined for the internet originate from the client which get forward to the switch which forwards them to the Netgate device, which in turn forwards them to (in this case the ASUS router) then by magic internet access.
I have a Zyxel C1100Z DSL modem that I have wired to a Supermicro CSE-502L-200B and the motherboard is a X7SPE-HF Atom 1U mini Server Intel D525 with 4GB DDR3. This is my pfsense device. From there, I run it to a patch panel and then my Mikrotik CSS-326.
@Shadowbane
I think I have to use the DSL modem that CenturyLink provides.
Your setup looks like what I would like to run with my own network. I have a Linksys WRT3200ACM that is plugged into my modem that provides wifi and I would like to leave it alone so that I can maintain wifi access in case I fuck up pfsense significantly. I’d like to be able to keep my wired network separate.
I’m working this whole weekend so I don’t have any time to tinker with this until Monday
Find which interface your modem plugs into the pfSense box then setup a tagged VLAN 201 interface on that eth0/eth1 interface and delete all other interfaces for that port.
Set VLAN 201 on that interface as your WAN then setup NAT, DHCP & DNS for your LAN interface.
Or plug your modem into the switch and set that switchport as tagged VLAN 201 and then plug the WAN port of the pfSense box into the switch and configure that switchport as access VLAN 201. Then use access VLAN 1 for the LAN switchports.
You may need to restart your pfSense box for VLAN changes to take effect, depending on your NIC.
I’m going to try what you suggest @NZSNIPER
I contacted CenturyLink for support, because their websites says how to do this, you just need to contact them for “transport mode (VLAN settings) that work in your area”
But they didn’t know how to do this and said I must contact the router company I would be using to replace their AIO device. Here’s their article: https://www.centurylink.com/home/help/internet/modems-and-routers/advanced-setup/wan-settings.html
Needless to say, if I’m not back online in the next couple hours with reports of success you’ll understand why.
Concerning
The wifi AP is still directly connected to my modem and received its own IP address and got back online.
I enabled MAC address filtering, limiting it to my known devices, until I have a better solution.
i.e. moving it behind pfsense
Your modem would be doing the VLAN translation in that configuration, unless your ISP is not using a VLAN.
You have multiple public IP’s?
Depending if your router supports this or not, you could disable the DHCP server on the router then plug the LAN port of the router into the LAN interface of the pfSense box. It should be L2 switched in most cases.
The other option would be using the WAN port of the router which would cause a double NAT.
