pfSense behind another router?

Discussion in 'Software Stuff' started by GCM, May 15, 2016.

  1. GCM

    GCM Active Member

    Joined:
    Aug 24, 2015
    Messages:
    137
    Likes Received:
    43
    Has anyone set up pfSense behind another router?

    I'm looking to utilize pfSense as a DNS server only (for now). However, I seem to be running into a brick wall when trying to get it to do so.

    For now what I've done:

    Disabled the WAN interface
    Enabled the LAN interface

    Set up the DNS resolver
    Set the external DNS (Google DNS) servers in general

    Set my router as my gateway (192.168.1.1)
    Set static IP on the LAN interface, with the proper subnet.

    I feel like I'm missing something here, do I need to set a static route from my router to pfSense, just to do DNS?
     
    #1
  2. Markus

    Markus Member

    Joined:
    Oct 25, 2015
    Messages:
    78
    Likes Received:
    19
    First of all, what does not work?

    The clients need the information, that they have to use the DNS-Server of the pfSense-Box and not the router's one.
    So I assume you have enabled the DHCP-Server at the router? If yes you have to check if the DNS-Server given to the client is the correct one.

    Linux-Client: cat /etc/resolv.conf
    Windows-Client: ipconfig -all

    If you deactivate the WAN-Interface pfSense should not be able to contact the Google-DNS (depends on the rest of your configuration).
    So check with the Webinterface:
    Diagnostics->DNS-Lookup

    Can you check these to clarify if there is any configuration missing on your side?
    Regards
    Markus
     
    #2
  3. PigLover

    PigLover Moderator

    Joined:
    Jan 26, 2011
    Messages:
    2,775
    Likes Received:
    1,116
    Everything on the Internet is "behind another router". The whole darn network is nothing but interconnected routers :)

    Your issue is likely NAT behind another NAT. This can work but requires some care. At a minimum need to be sure that you don't have both routers using the same subnet for their NAT. If the "outer" router is assigning addresses in the 192.168.1.0/24 subnet then your "inner" router needs to select a different range (perhaps something from the 10.0.0.0 range).

    You said you set your LAN interface "from the proper range". What range did you use?
     
    #3
  4. Zack Hehmann

    Zack Hehmann Member

    Joined:
    Feb 6, 2016
    Messages:
    66
    Likes Received:
    5
    I have done a setup like this for a friend. Did you end up figuring this out?

    I'm more than happy to help you with the config and could assist over a hangout/teamviewer session if you like. Just let me know.

    Sent from my Nexus 6P using Tapatalk
     
    #4
  5. _alex

    _alex Active Member

    Joined:
    Jan 28, 2016
    Messages:
    874
    Likes Received:
    94
    The outer routers LAN is the inner routers (pfsense) WAN and also the default-gateway for pfsense.

    The inner routers LAN (OPT if applicable) need different subnet/s and/or own VLAN's. You then need rules to allow LAN/OPT <-> WAN Access via pfsense, and the clients on LAN/OPT need to use pfsense IP on these networks their default-gateway.

    For LAN auto-generated rules should be fine ...
     
    #5
Similar Threads: pfSense behind
Forum Title Date
Software Stuff A silly Question, is there a better alternative to pfsense for home use? Dec 13, 2017
Software Stuff pfSense 2.5 - Hardware Requirements May 1, 2017
Software Stuff Project Proposal: ELK Stack for Monitoring Proxmox, pfSense, FreeNAS Apr 26, 2017
Software Stuff Suggestion pfsense virtualization or not? Apr 21, 2017
Software Stuff pfSense - HAproxy Load Balancing Nov 9, 2015

Share This Page