Use a second router behind SG-3100

CyberSecMGM · June 23, 2020, 8:43pm

Hello Guys,

I used to do this type of configuration at home when I needed it to do test with routers or setting up new network for friend and family, but ever since I upgraded my residential ASUS router for a Netgate SG-3100, i am unable to connect a router behind it and been able to browse the internet behind the second router (which the primary LAN is connected to the WAN port on the second router) I have disabled the RFC1918 on the SG3100 but no luck what do I need to do on the SG3100 to allow the traffic from the second router to reach the internet back and forth.
Here is a text diagram of my network and what I want to do:

ISP GATEWAY ----|
NETGATE SG-3100
|— CISCO SWITCH 2600
|— UNIFI AP (UAP-AC-LITE)
| |IoT VLAN
| |Office, Family & Guests VLANS
|— Computers/Laptops (Family VLAN)
|— My Computer/Laptops (Office VLAN)
|
|— Test Router (LAN -> Connected on the WAN on this router)
|— Test Laptop

By the way I can ping 8.8.8.8 from the test laptop but I cannot browse the internet, it does not resolve the name)
also Firewall rules in the LAN are the default rules, i am not filtering any DNS or DoH traffic out, but I am using DNS over TLS for my DNS queries.

Thank you in advance
RJ

LTS_Tom · June 23, 2020, 10:29pm

If you can ping 8.8.8.8 and get a response then it is routing traffic, but if you ping google.com and it does not resolve the name then you have a DNS issue.

CyberSecMGM · June 24, 2020, 2:30pm

Hello Tom,
Thanks for the reply, as I was writing the post I also realized that too, but I was somewhat confused with the RFC1918 protection feature, that even i turned it off on the WAN interface it was not working, yesterday after read your reply, I decided to redo from scratch my pfSense and the first thing I tested was the configuring DMZ interface with its firewall rules and it worked, then little by little I started adding features to the pfSense as of now everything is working, as many pfSense new users i do not have the experience to troubleshoot but building the install from ground up and testing with the other router step by step to ensure that what I wanted was still working. A big fan of your channel keep up with the videos.
RJ