Pfsense Blog of Failure

[JediAcolyte]

Trying to list my problems and chronicle my failures




Installed pfsense successfully.

Had trouble getting ports to be recognized during installation. Wait 15 seconds after hitting automatic (a) to plug in and another 15 seconds hit enter.





What settings do I change on my DSL modem to change from my Modem acting as a modem and DHCP and DNS server into just a modem? How do I make the PfSense box act as DNS and DHCP?





Can I make 2 ethernet connections from my modem to my Pfsense box to be able to survive cable or port failures? Can I do the same with 2 connections from my Pfsense box to my switch for the same reasons?





I got pfsense installed and eventually got into the gui.


I couldn't figure out how to make sure that my modem was recognized as my default gateway.





I'm not sure exactly how the wan port is treated in pfsense. It's not explained explicitly. It really cant think that its the direct connection to the internet, can it?

 

[Serverking]

What settings do I change on my DSL modem to change from my Modem acting as a modem and DHCP and DNS server into just a modem? How do I make the PfSense box act as DNS and DHCP?

Is your modern in bridge-mode? If not, tell your ISP to do so, this way the modem will stop acting as a DHCP and DNS server.

 

[JediAcolyte]

Is your modern in bridge-mode? If not, tell your ISP to do so, this way the modem will stop acting as a DHCP and DNS server.

I can use the modem GUI to disable DHCP and DNS

 

[Serverking]

I can use the modem GUI to disable DHCP and DNS

That means the modem isn't in bridge-mode. Bridge-mode can only be done by the ISP. Its just a 5 min call.

 

[RTM]

If you just want to chronicle your work that is fair enough, but if you would like some help we need a bit more information

I think you need to go back a couple of steps and think about what you want to achieve.
When you have done this, write it down and give us a few more details, such as:

• What hardware do you have?
• What type of internet connection do you have?
• What equipment did you receive from the ISP?
• And of course how is it all connected?

I do not like making assumptions, as it can easily be wrong ones, leading to incorrect/worthless help.

That all said, assuming you have connected your equipment in a fashion like this:
"ISP modem/modemrouter" <> "pfSense firewall" <> Switch <> "clients"

And assuming the pfSense firewall has received an IP-address and DNS-settings from the ISP or the ISP's modem (or modemrouter) via DHCP.
Then the pfSense firewall will by default work as DHCP for the client, for DNS it will forward requests upstream to whatever DNS-servers it received via DHCP.
If you want to make the pfSense firewall do all DNS resolutions, then you should disable the forwarding option under the "DNS resolver" settings.

If your pfSense firewall does not receive an IP-address after having disabled DNS and DHCP in the modem/modemrouter, then you will have to configure an IP-address manually in the pfSense and either disable forwarding of requests (as I just mentioned) or configure an upstream DNS server to send requests to.

It may not be in your interest to disable DNS and DHCP in the modem/modemrouter if you just need to get things to work, but it may also not be an ideal setup either.
It may make sense to enable a "bridge mode" in the modem (if it is a modemrouter), because in many scenarios it means your pfSense firewall can make use of an external IP-address, but at this point I believe we are getting awfully close to speculation.

 

[JediAcolyte]

http://imgur.com/a/iqKskCz

I was just planning to blog for myself but I can document a little bit of this if it may be of help to the community somehow.

I have a Zyxel C1100Z DSL modem that I have wired to a Supermicro CSE-502L-200B and the motherboard is a X7SPE-HF Atom 1U mini Server Intel D525 with 4GB DDR3. This is my pfsense device. From there, I run it to a patch panel and then my Mikrotik CSS-326.

I'll add more to this when I have more time, I'm working through the weekend and won't have any time to work on this until Monday at the earliest.

 

[JediAcolyte]

I contacted CenturyLink for support, because their websites says how to do this, you just need to contact them for “transport mode (VLAN settings) that work in your area”
But they didn’t know how to do this and said I must contact the router company I would be using to replace their AIO device. Here’s their article:
Configure WAN settings on your modem | CenturyLink

Needless to say, if I’m not back online in the next couple hours with reports of success you’ll understand why.

 

[JediAcolyte]

Well, it took a bit of work but it seems ok for now.

Untagged VLANs seems to be the ticket,
since I’m not using VLANs this make sense.

 

[JediAcolyte]

Concerning
The wifi AP is still directly connected to my modem and received its own IP address and got back online.
I enabled MAC address filtering, limiting it to my known devices, until I have a better solution.
i.e. moving it behind pfsense