PfSense firewall


Hey
I just installed PfSense firewall

But I’m having trouble getting on to the internet

Both Ethernet ports or working
I see wan and Lan IP address

I have modem cable going to wan

Router cable going to Lan

I want to keep dhcp going on the linksys router

Any help be great

Thanks

Start by asking one of your devices (PC) to show whether it is getting an IP address or not. If Windows, bring up a cmd shell and type ipconfig/all . If the device has an IP address not in your LAN range (169.254. 0.0 to 169.254. 255.255), it’s probably and autoconfig address. If it has an expected IP address, then your firewall rules are probably blocking you. If you don’t get an IP address, you have an issue with DHCP.

reading the screen there, clearly two logins were made from the correct subnet. if pfsense is going to use the address of .5 then i would check that your lan devices have that .5 address as their default gateway. and make sure the .5 address is a permanent assignment so you don’t have to chase it around.

beyond that it would help to know how the linksys is connected. so far it doesn’t appear like double-nat but inquiring minds want to know!

1 Like

I’m on my way to work now
When I get home from work I will take photos of my setup

Do I have to make the linksys router into repeat mod to work with PfSense

If it was me, I would plug both the Pfsense and the Linksys into your switch, make the Linksys the .5 IP but make sure the DHCP configuration is handing out the .1 address for the gateway.

Not sure if you have the option in your Linksys or not to make the gateway a different IP.

Alternatively, unless you have a massive network then it should not be too time consuming to migrate your DHCP configuration onto Pfsense, including any static reservations. Means you can get rid of your Linksys.

1 Like

I don’t think any device much cares if pfsense is .1 or .5 as long as the gateway is set appropriately. I’m not sure why you are loyal to the linksys, if it is for wireless there is no need to use the WAN port on it. In fact, given the great record Linksys has of updating its hardware over time (NOT), the fewer functions you use in it the better. Just my $.02

2 Likes

What I have on my linksys router
I upgraded it to dd-wrt

I setup NordVPN on it my linksys router

But

On PfSense I was hoping to setup openvpn

To be able to remote to my home computer from out of my home network

But if there’s a way to put both on PfSense firewall please let me know

Or

I would like to keep linksys router with the NordVPN on

Openvpn on the PfSense firewall

Please let me know

I’m going for the following, from your description:

ISP → Modem → (WAN) pfSense (LAN) → Linksys → Devices

If the pfSense is plugged into one of the LAN ports on the Linksys, you need to ensure that the router is configured to use the .5 address as its default gateway, and to pass on that default gateway information through DHCP to everything else in the network.

If you are plugging the pfSense into the WAN port of the Linksys, you need to set up the pfSense and the Linksys to use a secondary subnet (E.g. 192.168.0.0/24) and make the pfSense the .1 and the Linksys the .2 on that network. Then the default routing configuration should work on the Linksys, but opening up internal ports might be trickier.

I’d prefer to put the Linksys in “dumb switch” mode and let the pfSense do the DHCP and DNS duties for the internal network and just plug it into one of the LAN ports on the Linksys.

Is the NordVPN just for incoming VPN connections? Then I’d go with openVPN on the pfSense, it works very nicely. You should be able to set up port passthru for the NordVPN, if you really want to. But disable it to start with, until you get everything else working. Adding VPN into the mix can cause its own problems, so it is better to get the basic configuration working first, then gradually build up until you have everything working again.

1 Like

I agree, other than devices with static IPs which would need changed.

I don’t really use Nord but do you need to create an outbound VPN as well as receive inbound connections? E.g. be an open vpn client and server? If so the Pfsense can do this. If you simply just want to VPN into your home when remote then you can do this with Pfsense using openvpn or wireguard.

1 Like

I would like to keep NordVPN on linksys router
And
Openvpn to be able to use laptop computer outside my home network

I never use Wiregrade vpn before

First time using PfSense

Sounds like you need to keep the Linksys inline between your LAN and the Pfsense if you want to keep it and use it to create an outbound tunnel. Again if it was me I would ditch the Linksys and do it all from Pfsense but maybe you’re not that comfortable with it Pfsense yet. There are guides on how to connect to Nord using Pfsense when you’re ready for it.

ISP— Pfsense — Linksys

You should use something like 192.168.2.0/24 between Pfsense and your Linksys. Turn off NAT on the Linksys if you can. Add a static route in the Pfsense for the 192.168.2.0 network with a next hop of the Linksys WAN interface, and add firewall rules if needed to allow the 192.168.1.0 network to access the internet.

1 Like

I will take some photos of how I got
ISP-PfSense-linksys router hookup
And
Screenshot of my PfSense settings

When I get home from work I’m will be leaving around 5:40pm be home around 6:30pm

I’m not sure

I reinstalled the PfSense on 192.168.1.1
Put linksys router on 192.168.1.5

Still can’t connect to PfSense
But
I can connect with my iPhone Wi-Fi

Do you think maybe I should connect my laptop computer with Ethernet cable to PfSense computer and see if I can get it working

Or

Maybe one of you guys would like to remote connect to the computer???

Let’s get one thing figured out first. What device do you want to face the Internet, and for what reason. Is it the firewall or is it your router? There are different tradeoffs for each choice, but you got to pick one.

The next decision is whether you want double NAT or not. Both devices are cable of running DHCP and providing NAT capabilities. Which one, or both, do you want to do these tasks and why?

If you do want double NAT, for the extra security it will offer, then you should NOT use overlapping IP ranges. Use 192.168.1.x/24 for one and 192.168.2.x/24 for the other (as one possible config.)

To start with, I would try putting pfSense as your primary router, and put your wireless router into AP mode (also known as bridge mode) and plug it into the pfSense. This will turn off a lot of your router’s features, but it will let you experience pfSense as your primary router. You may have to play with firewall rules at this point to get traffic flowing as you like. Once you know how to do all this, you will have figured out pfSense pretty well, and now you can decide if you like the result, or you want to switch to something else.

So
When I use up address 192.168.1.1 for the PfSense
And
Up address 192.168.2.1 for the linksys router

Will I still be able to see my other computer’s on my home network

How are they connected?

If pfSense has 192.168.1.1, then the Router also needs a 192.168.1.0/24 address, otherwise they won’t see each other.

If the pfSense is plugged into a LAN port on the router, the other devices on the network will also need an address in the 192.168.1.0/24 range (I’m assuming you aren’t using any VLANs). The router needs to have the pfSense as the default gateway.

If the pfSense is plugged into the WAN port, the WAN port on the router will also need a 192.168.1.0/24 address, but you can then use a 192.168.2.0/24 address on the internal network and the router remains the default gateway and all devices on the internal network also get a 192.168.2.0/24 address.

Personally, I’d plug the pfSense into a LAN port on the router and put everything in the same address range and finished. Especially if you want to use openVPN/Wireguard on the pfSense.

1 Like

Any chance any one can please send me a picture of how I should hookup modem-PfSense-router

And

If this is right

PfSense IP address 192.1681.1

Linksys router IP address 192.168.1.2

And

What setting I should have on PfSense

And

What to turn off on the linksys router

I understand what you guys are saying

Do I need to put the DCHP from the PfSense in to the router same as the PfSense

You can only have one DHCP server active. You will need to decide, whether you want the pfSense or the router to be your DHCP server.

From your previous message:
pfSense 192.168.1.1 connected to one of the internal network ports on the router
router 192.168.1.2 set its Standard Gateway setting to 192.168.1.1 (pfSense)

In router, disable DHCP.
In pfSense, set DHCP to offer:

Lease addresses in range 192.168.1.20 - 192.1681.254 (I always leave some addresses free at the front for critical devices that get a fixed address)
DNS - 192.168.1.1
Standard Gateway 192.168.1.1

(If you really want to, you can turn off DHCP in the pfSense and use the router, it doesn’t make much difference, the settings need to be the same, either way.)