Home standard router and pfsense behind it on a switch

Ok, I’m wondering if I missed something since I’m seeing some unusual traffic on my pfense traffic charts.

I moved to fiber about a month ago. That connection comes only with a converter… At first I just hooked it up to my barebone running pfsense (via a cheapish TP-L managed switch)… But that meant my wifi wouldn’t work anymore. So now I changed the mac address on my normal router to the one my ISP knows and hands out a public IP.

I have setup a static IP on LAN 192.168.3.199 and the router itself has an IP of 192.168.3.1. They are on VLAN100 on the switch after my standard router. I didn’t setup any static routers…

In pfsense (on a trunk port) I setup my WAN to DHCP on the mac address I setup in my normal router. That seems to work fine. It will get my 192.168.3.199 for WAN and gateway of 192.168.3.1.

However I see a bit more traffic going back and forth where the traffic on my WAN almost seems to be identical to my LAN traffic graphcs (in pfsense)…

Did I miss something? Do I need to setup static routes somewhere… I would rather bypass any NAT or routing to my pfsense from my standard router all together but I don’t think my wifi will still work then… or will it?

Any insight would be great or ways to do it better. On the pc/vm end, everything seems to be working fine…

BTW… pfsense, truenas and win 11 are VM’s through proxmox. I also have a pihole+unbound VM running for DNS/blocking/reverse DNS

up:/> well added a static route on my standard router 192.168.3.199->192.168.1.1 (pfsense) / LAN anyways… seems to send through WAN traffic as expected.

Does this mean your problem is solved? If not:

Which is it, DHCP or static IP? Do you mean you have configured a static lease in the “normal” router?

As I understand it, you connect from a media converter to the WAN port on the ISP router and from a LAN port on the ISP router to the WAN port of the pfsense (topologically). Why not connect the pfsense directly to the media converter and use the ISP router in access point mode?

Yeah… The reason for this is basically because at this moment I still shut down my proxmox server at the end of the day. Trying to preserve energy… Energy costs here are insane atm… I figure, why have my server running when not using it… But eventually I will get tired of this hassle (not to mention the fact that servers aren’t supposed to be shutdown that often). So if I would hookup my standard router behind my proxmox server, I would lose my WIFI on my mobile devices.

But yeh seems everything is connected the right way… Just wanted to know if I missed anything… Everything seems to be working fine.

Yes I have setup a static lease on the standard router (192.168.3.199) which is my WAN connection to pfsense (going into my switch on vlan 100, untagged port)… pfsense with the trunk port picks it up.

lol… I realise these are somewhat basic questions but just wanted to run by others see if I missed something.

Do you have a network diagram for how you have it cabled/setup? What exactly are you trying to achieve with this double nat scenario (two routers on a network)?

I don’t reallly have a diagram but basically like I mentioned I don’t like to have my server running 24/7 atm… My fiber internet now connects to my older standard router… so I have wifi when my main server is offline. And it gets the WAN connection from that standard router via a static route to my pfsense. Seems to work as expected now. Ofc my wifi connections aren’t firewalled then but they weren’t before either.

I would go ISP equipment to pfsense then into the wan port on home (normal router) and give it for example pfsense is 10.1.1.1 on lan use 10.1.1.2 on the home router wan interface. Turn off DHCP on the home router and let pfsense do the work. Atleast this way you can still manage the home router via the static set in case you need to change any wireless settings.

Standard router handles wifi with dhcp. LAN static connection and static route to pfsense handles everything else. Seems to work well… I wanted to eliminate any routing by the standard router to pfesense and it seems that is the case.