pfSense behind another router?

[GCM]

Has anyone set up pfSense behind another router?

I'm looking to utilize pfSense as a DNS server only (for now). However, I seem to be running into a brick wall when trying to get it to do so.

For now what I've done:

Disabled the WAN interface
Enabled the LAN interface

Set up the DNS resolver
Set the external DNS (Google DNS) servers in general

Set my router as my gateway (192.168.1.1)
Set static IP on the LAN interface, with the proper subnet.

I feel like I'm missing something here, do I need to set a static route from my router to pfSense, just to do DNS?

 

[Markus]

First of all, what does not work?

The clients need the information, that they have to use the DNS-Server of the pfSense-Box and not the router's one.
So I assume you have enabled the DHCP-Server at the router? If yes you have to check if the DNS-Server given to the client is the correct one.

Linux-Client: cat /etc/resolv.conf
Windows-Client: ipconfig -all

If you deactivate the WAN-Interface pfSense should not be able to contact the Google-DNS (depends on the rest of your configuration).
So check with the Webinterface:
Diagnostics->DNS-Lookup

Can you check these to clarify if there is any configuration missing on your side?
Regards
Markus

 

[PigLover]

Everything on the Internet is "behind another router". The whole darn network is nothing but interconnected routers

Your issue is likely NAT behind another NAT. This can work but requires some care. At a minimum need to be sure that you don't have both routers using the same subnet for their NAT. If the "outer" router is assigning addresses in the 192.168.1.0/24 subnet then your "inner" router needs to select a different range (perhaps something from the 10.0.0.0 range).

You said you set your LAN interface "from the proper range". What range did you use?

 

[Zack Hehmann]

I have done a setup like this for a friend. Did you end up figuring this out?

I'm more than happy to help you with the config and could assist over a hangout/teamviewer session if you like. Just let me know.

Sent from my Nexus 6P using Tapatalk

 

[_alex]

The outer routers LAN is the inner routers (pfsense) WAN and also the default-gateway for pfsense.

The inner routers LAN (OPT if applicable) need different subnet/s and/or own VLAN's. You then need rules to allow LAN/OPT <-> WAN Access via pfsense, and the clients on LAN/OPT need to use pfsense IP on these networks their default-gateway.

For LAN auto-generated rules should be fine ...

 

[ReturnedSword]

@morris88 Did you just make an account and necro a thread to plug your affiliate link site? Not to be rude, but your comment has nothing to do with this thread.

 

[epicurean]

I also wanted to put a unifi router(eg. USG) either in front or behind pfsense , so that the rest of the nice unifi stats get filled up in their interface. I do have a few unifi switches and access points. perhaps just using the USG to serve as a DHCP server and everything else done by pfsense. So far, I have not found anything reliable or something I can comprehend.