Nov 5, 2023
2
0
10
Hello, I am struggling with a few things in regard to my router and my pfSense. Below I am going to explain what I am trying to do and the reasoning behind it.

To start with, my goal is to divide my network into two parts using my firewall and its ports. Essentially I plan to make a DMZ in a way. What I want is the firewall to hold the servers that I host, websites, games, and so on. Then on another port on my firewall, I want to have my wifi router. This will host my personal devices like computers, tablets, and so on. This way I have "2 Firewalls" protecting my stuff. I have a diagram below that has a rough drawing of what I plan to make it look like. Additionally, I have linked the products I am working with.

So I have tried the following things and ran into these issues

If I have it plugged into a port running a DHCP server it won't take an IP so it remains unable to get internet. When this didn't work I swapped it into AP mode.

When in AP mode I am running into an issue where the router shows it has internet but doesn't allow other devices on its network to have internet. (WiFi or LAN)

So my question I guess is how do I set this up am I missing something? I made rules to let stuff pass through and made sure the DHCP server wasn't using a reserved IP set. I just feel like I am missing something.

Equipment:

  • Arris SURFboard SB8200 DOCSIS 3.1 Cable Modem
  • pfSense + firewall 4 ports 8gig ram, 2.4 GHz CPU, and 64gigs storage
  • Netgear Nighthawk XR5000
Diagram:


1699149938576-yeetus.png
 
It should work in both the default router mode and ap mode.

So a example of how this should work you need to say what you have different.
Your firewall runs as a router, it gets a public IP from the ISP/modem. It has a lan subnet let say 192.168.0.1, you need to run a DHCP server to give out IP to your servers and other devices. Your netgear should get a WAN IP from this dhcp server on the firewall. You could use a static IP on the wan port of the netgear. The netgear should run as if your firewall was the ISP. You need to be sure you use a different subnet for the lan...like 192.168.1.x.
You can also run the netgear in AP mode with the firewall running a DHCP server to assign the IP to the end devices.
 
It should work in both the default router mode and ap mode.

So a example of how this should work you need to say what you have different.
Your firewall runs as a router, it gets a public IP from the ISP/modem. It has a lan subnet let say 192.168.0.1, you need to run a DHCP server to give out IP to your servers and other devices. Your netgear should get a WAN IP from this dhcp server on the firewall. You could use a static IP on the wan port of the netgear. The netgear should run as if your firewall was the ISP. You need to be sure you use a different subnet for the lan...like 192.168.1.x.
You can also run the netgear in AP mode with the firewall running a DHCP server to assign the IP to the end devices.
Hello, I wanted to thank you for the help I figured out where I went wrong. Essentially I created the ports added the needed DHCP server setting had all that correct. What I failed to do was allow traffic from the wan to the second LAN port correctly. I had defined in the rules for the LAN2 ports LAN -> WAN was okay when in fact I needed to do WAN -> LAN2 okay. Now my DMZ is wokring. All my servers are on the pfSense only and all my other devices behind the router are connected to the pfSense.