pfSense WAN Configuration

Retrograde · April 2, 2023, 8:24pm

Good Day,

I am having trouble getting internet to my pfSense box via my (Canadian) ISP router.

I am using my ISP router to pass it’s connection to a Netgate SG-2100.

The WAN interface receives an IP via DHCP (ISP) but the gateway is showing offline(100% packet loss).

I’ve added the pfsense WAN Port MAC to the ISP Router’s Advanced DMZ.

In pfSense, I have Pure NAT enabled, and here are my settings:

Outbound NAT
	Mode	Hybrid Outbound NAT
	Mappings	
		Interface	WAN
		Source		This Firewall
		Src Port	*
		Destination	192.168.2.0/24 #ISP Router LAN
		Dest Port	*
		NAT Address	WAN address
		NAT Port	*
		Description	Allow Traffic from Firewall to ISP Network

		Interface	WAN
		Source		192.168.2.0/24
		Src Port	tcp/udp/443
		Destination	*
		Dest Port	tcp/udp/*
		NAT Address	WAN address
		NAT Port	*
		Description	Allow HTTPS (443) from ISP Network

Any ideas on where I’m going wrong?

Thanks!

LTS_Tom · April 2, 2023, 11:59pm

Do you know if the ISP provided device supports “Bridge Mode”?

Retrograde · April 3, 2023, 10:30am

It does not, unfortunately.

LTS_Tom · April 3, 2023, 11:17pm

On the WAN make sure you have Block Private Networks & Block Bogon Networks unchecked.

https://docs.netgate.com/pfsense/en/latest/firewall/rule-methodology.html#block-private-networks

Retrograde · April 5, 2023, 9:14am

I made that change, but no change in the Gateway status.

Retrograde · April 5, 2023, 9:15am

Here’s the details my WAN is getting:
pfsense_wan_interface

Paul · April 5, 2023, 9:21am

In the first screenshot, change the monitor IP address to an external dns server i.e. ISP DNS servers or 8.8.8.8

Currently you have it set to check 192.168.2.1 which is an RFC1918 network, and the wan cannot access this address

LTS_Tom · April 5, 2023, 9:49am

If you are getting an 159.X.X.X address then it is giving out public IP addresses. Does it work if you try another device like a laptop or desktop computer?

Retrograde · April 7, 2023, 4:51pm

I tried changing the Monitor IP to Google 8.8.8.8 but there was no change in connectivity.

Retrograde · April 7, 2023, 5:01pm

The ISP Router is currently my only functioning Wifi Access point, so I currently connect my devices (phones, laptops) through that. The devices get an IP in the 192.168.2.0/24 network and can access the internet.

If I connect the ISP Router’s 10G port to the pfSense’s WAN port, I get no internet, but the Wifi access point on the ISP Router works as expected, devices get an IP in the 192.168.2.x range and can access internet.

If I connect a pc directly to the pfSense box LAN, the pc can access the LAN but no internet.

If I connect the pfSense box to the ISP Router via two physical connections: 10G port from Router to WAN port of pfSense and 1G port from Router to LAN port of pfSense, all devices connected to the ISP Router’s Wifi AP lose internet connectivity, the devices no longer get assigned a 192.168.2.x address, and instead get a 192.168.88.x address (LAN). No internet is available for any device with this configuration.

Retrograde · April 12, 2023, 12:46am

I take it back! I just need to be patient, I have connectivity. Thank you, Paul, for the good advice!