Netgate SG-1000 microFirewall

Author Topic: setup pfSense Behind isp adsl router  (Read 21791 times)

0 Members and 1 Guest are viewing this topic.

Offline grievsa93

  • Newbie
  • *
  • Posts: 15
  • Karma: +0/-0
    • View Profile
setup pfSense Behind isp adsl router
« on: August 11, 2013, 03:30:14 pm »
Hi All,

first time poster in this forum. Switching from Untangle to pfSense as my own little networks firewall but having some issues setting it up correctly.

I have create a visio diagram on how i want my firewall to be setup, you can view it here

I want the firewall to be only for the computers connected to the switch behind it, any other devices will connect directly to the wireless adsl router (such as my dads and brothers wireless devices) So due to this, i want my isp adsl router to handle everything as it always has and i want that to be the GW, and i just want to have the pfsense as an extra firewall to get to my PC's. I have googled for guides but only seem to find old guides or i get no results, could someone guide me in the right direction please.

Thanks,

Offline wallabybob

  • Hero Member
  • *****
  • Posts: 5240
  • Karma: +11/-1
    • View Profile
Re: setup pfSense Behind isp adsl router
« Reply #1 on: August 11, 2013, 04:32:49 pm »
I have googled for guides but only seem to find old guides or i get no results, could someone guide me in the right direction please.
You want guides for: downloading the correct software? installing the software? configuring the box after installing the software? ...

On the pfSense documentation home page: http://doc.pfsense.org there are links to a wide variety of guides.

As far as basic configuration goes, you need the pfSense WAN interface and LAN interface to be in different IP subnets. At this stage I don't know what IP subnet the ISP router uses. It might conflict with the default pfSense LAN IP address of 192.168.1.1/24. Do you know the IP subnet used by the ISP router?
 

Offline grievsa93

  • Newbie
  • *
  • Posts: 15
  • Karma: +0/-0
    • View Profile
Re: setup pfSense Behind isp adsl router
« Reply #2 on: August 11, 2013, 04:38:21 pm »

You want guides for: downloading the correct software? installing the software? configuring the box after installing the software? ...

On the pfSense documentation home page: http://doc.pfsense.org there are links to a wide variety of guides.

As far as basic configuration goes, you need the pfSense WAN interface and LAN interface to be in different IP subnets. At this stage I don't know what IP subnet the ISP router uses. It might conflict with the default pfSense LAN IP address of 192.168.1.1/24. Do you know the IP subnet used by the ISP router?
 

I have downloaded and installed the software, its more configuring the software (sorry if this is in the wrong category.)

The adsl router's IP is currently at 192.168.0.1 on a subnet mask of 255.255.255.0

Offline wallabybob

  • Hero Member
  • *****
  • Posts: 5240
  • Karma: +11/-1
    • View Profile
Re: setup pfSense Behind isp adsl router
« Reply #3 on: August 11, 2013, 05:35:06 pm »
The adsl router's IP is currently at 192.168.0.1 on a subnet mask of 255.255.255.0
OK, connect your pfSense WAN interface to your ISP router. The pfSense WAN interface should get an IP address in the 192.168.0.0/25 subnet.

Connect a PC to the pfSense LAN interface. The PC should be configured to get an IP address by DHCP. The PC should be allocated (by DHCP on pfSense) an IP address in the 192.168.1.0/24 subnet. Then you point a web browser on the PC to http://192.168.0.1 (or https://192.168.1.1 I forget which) and login as user admin, password pfsense to complete configuration through the web GUI but you shouldn't need any additional configuration to allow other systems connected to the pfSense LAN interface to access the internet.

You can invoke the system setup wizard through the web GUI at System -> Setup Wizard

If you do nothing else else, you should change the password for the admin user.

Offline grievsa93

  • Newbie
  • *
  • Posts: 15
  • Karma: +0/-0
    • View Profile
Re: setup pfSense Behind isp adsl router
« Reply #4 on: August 12, 2013, 03:54:44 am »
Hi wallabybob,

Thanks for the advice, i will try that tonight when i get home from work.

It will probably be the correct way, but how come it is more complicated compared to Untangle? when i setup untangle, i just clicked transparent bridge mode, plugged the WAN into the ADSL router and the lan into my LAN and it work, and all PC's were on the same subnet? but anyway, i will have an attempt at this when i get home.

Thanks,

Offline wallabybob

  • Hero Member
  • *****
  • Posts: 5240
  • Karma: +11/-1
    • View Profile
Re: setup pfSense Behind isp adsl router
« Reply #5 on: August 12, 2013, 04:34:50 am »
It will probably be the correct way, but how come it is more complicated compared to Untangle?
Which it? My previous reply? Or are you referring to some guide you read on setting up transparent mode in pfSense?

Offline grievsa93

  • Newbie
  • *
  • Posts: 15
  • Karma: +0/-0
    • View Profile
Re: setup pfSense Behind isp adsl router
« Reply #6 on: August 12, 2013, 05:05:33 am »

Which it? My previous reply? Or are you referring to some guide you read on setting up transparent mode in pfSense?


Meaning to have the internal and external on different subnets seems to be alot more work compared to other firewall products such as Untangle. Just stating i setup untangle as transparent bridge in the wizard and it work fine without needing any teaks and all traffic was passed from my PC -> Switch -> Lan port -> Wan port -> ADSL router -> Internet.

My final plan is to have OpenVPN on pfsense so anything behind the firewall goes through pfsense and openvpn and connects to a anonymous VPN provider and anyone else like my brother, they just connect directly to the adsl router and use the internet as anyone else would.

Thanks,

Offline panz

  • Full Member
  • ***
  • Posts: 187
  • Karma: +0/-0
    • View Profile
Re: setup pfSense Behind isp adsl router
« Reply #7 on: August 12, 2013, 06:36:37 am »
Just stating i setup untangle as transparent bridge in the wizard and it work fine

If you set Untangle as a bridge you loose firewall capabilities. Is this the same scenario are you willing to obtain from pfsense?
pfSense 2.3.2-RELEASE-p1 (amd64)
motherboard: MSI C847MS-E33 Micro ATX (with Intel Celeron CPU 847 @ 1.10 GHz) ~ PSU: Corsair VS350 ~ RAM: Kingston KVR1333D3E9S 4096 MB 240-pin DIMM DDR3 SDRAM 1.5 volt ~ NIC: Intel EXPI9301CTBLK (LAN) ~ NIC: D-Link DFE-528TX (CAM) ~ Hard Disk: Western Digital WD10JFCX Red ~ Case: Cooler Master HAF XB ~ power consumption: 21 Watts.

Offline grievsa93

  • Newbie
  • *
  • Posts: 15
  • Karma: +0/-0
    • View Profile
Re: setup pfSense Behind isp adsl router
« Reply #8 on: August 12, 2013, 06:47:32 am »
Just stating i setup untangle as transparent bridge in the wizard and it work fine

If you set Untangle as a bridge you loose firewall capabilities. Is this the same scenario are you willing to obtain from pfsense?

Ahhh i didnt know that... well to be honest, i mostly want pfSense to be acting as a VPN tunnel gateway (allow me to be contasntly connected to my private VPN provider) and if a there was a firewall extra then yipee. Main useage i want is the VPN - My adsl router if setup correctly, could be just as good as a firewall.

Thanks,

Offline phil.davis

  • Hero Member
  • *****
  • Posts: 4617
  • Karma: +551/-3
    • View Profile
    • International Nepal Fellowship
Re: setup pfSense Behind isp adsl router
« Reply #9 on: August 12, 2013, 06:54:35 am »
Quote
OK, connect your pfSense WAN interface to your ISP router. The pfSense WAN interface should get an IP address in the 192.168.0.0/25 subnet.
Small correction: 192.168.0.0/24
and yes, on the LAN side you connect to 192.168.1.1
The basic setup of LAN 192.168.1.1/24 and WAN DHCP (with the upstream WAN DHCP server being NOT in 192.168.1.0/24) works out of the box. Actually you don't even need to use the wizard, you should get a working firewall with internet access from the LAN side immediately it boots.
Having the pfSense as firewall protects you from other users/devices between the ADSL and pfSense, so that is useful, if you care about it.
The OpenVPN client going out, as you plan, should also work fine.
As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

Offline grievsa93

  • Newbie
  • *
  • Posts: 15
  • Karma: +0/-0
    • View Profile
Re: setup pfSense Behind isp adsl router
« Reply #10 on: August 12, 2013, 08:18:21 am »
Quote
OK, connect your pfSense WAN interface to your ISP router. The pfSense WAN interface should get an IP address in the 192.168.0.0/25 subnet.
Small correction: 192.168.0.0/24
and yes, on the LAN side you connect to 192.168.1.1
The basic setup of LAN 192.168.1.1/24 and WAN DHCP (with the upstream WAN DHCP server being NOT in 192.168.1.0/24) works out of the box. Actually you don't even need to use the wizard, you should get a working firewall with internet access from the LAN side immediately it boots.
Having the pfSense as firewall protects you from other users/devices between the ADSL and pfSense, so that is useful, if you care about it.
The OpenVPN client going out, as you plan, should also work fine.

Ok,
Thanks for all the information, i will give it another go tonight once i am home from work. really appreciate it

Cheers,

Offline stephenw10

  • Administrator
  • Hero Member
  • *****
  • Posts: 11999
  • Karma: +474/-15
    • View Profile
Re: setup pfSense Behind isp adsl router
« Reply #11 on: August 12, 2013, 08:39:31 am »
If you set Untangle as a bridge you loose firewall capabilities.

I'm not sure that's true.  :-\
It may be true that if you choose bridge mode you get no firewall rules by default or only 'pass all' rules but there is still an internal and external interface and traffic between them is filtered. I'd be surprised if it wasn't possible to add firewall rules if you wanted them.
That said I only ran Untangle once experimentally years ago so I could be talking rubbish!  ;)

Steve

Offline grievsa93

  • Newbie
  • *
  • Posts: 15
  • Karma: +0/-0
    • View Profile
Re: setup pfSense Behind isp adsl router
« Reply #12 on: August 13, 2013, 02:27:04 pm »
I had this thought, but, at the same time, I'm not too good with routing etc!

Will test it and get back to you!

Thanks,

Offline kejianshi

  • Hero Member
  • *****
  • Posts: 4995
  • Karma: +199/-43
  • Debugging...
    • View Profile
Re: setup pfSense Behind isp adsl router
« Reply #13 on: August 13, 2013, 02:35:18 pm »
When I look at your diagram at the very top, the first thing that comes to mind is that you should only use your DSL modem/router as a modem to get your public IP.  Not a router.

You can use a system with 3 NIC cards, WAN, LAN1 and LAN2.  Call LAN1 your protected LAN.  Simple firewall rules can do this.

You can also use a single NIC system + VLAN switch to do same thing.

Its better to accomplish all your routing / firewalling on pfsense

Offline blake

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: setup pfSense Behind isp adsl router
« Reply #14 on: December 10, 2017, 10:38:45 am »
grievsa93,

Did you ever get this to work?  I'm trying to do the same thing.   I have attached a rough sketch.



Offline stephenw10

  • Administrator
  • Hero Member
  • *****
  • Posts: 11999
  • Karma: +474/-15
    • View Profile
Re: setup pfSense Behind isp adsl router
« Reply #15 on: December 11, 2017, 07:12:39 pm »
Your diagram appears to show a different configuration.

What exactly are you trying to do?

Steve

Offline blake

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: setup pfSense Behind isp adsl router
« Reply #16 on: December 12, 2017, 05:35:46 am »
Trying to setup pFense firewall behind  ARRIS NVG599.  The ARRIS NVG599 already provides one network, I would like to set up a separate network for a lab and still have access to the outside world.

Blake

Offline stephenw10

  • Administrator
  • Hero Member
  • *****
  • Posts: 11999
  • Karma: +474/-15
    • View Profile
Re: setup pfSense Behind isp adsl router
« Reply #17 on: December 17, 2017, 11:42:30 am »
Ah, OK so the two networks will be isolated in VMWare?

That should be possible. You will be double NATing though pfSense I imagine unless you have multiple public IPs from your provider.

What is not working?

Steve