R2 behind Netgate Pfsense

[[email protected]]

Hi

I want to use my recently purchased R2 as a gaming only for my console and gaming PC to get the benefits of Geo Filtering / pIng etc.

Id imagine setup is ISP Modem > Netgate > R2

So ISP modem goes into WAN port on Netgate. 

Id create an OPT1 port on Netgate and send that to the R2.

Question is does the it go to the R2 WAN or LAN port

Anyone have experience on the best way to get this working or recommended settings?

As the only things on the R2 will be Console/Gaming PC i would allow an ALL out rule on the pfsense if needed for the R2 source.

[Netduma Fraser]

Hey, welcome to the forum!

The R2 has to get internet so it would be in the R2 WAN port. I haven't used pfsense specifically so couldn't help with that aspect but the allow all out rule should hopefully allow for an Open NAT for the gaming devices behind the R2.

[[email protected]]

thanks

i think you just replied on twitter too 🙂

OPT1 on pfsense is just another port you can use for whatever you want.

So id assume the WAN port on R2 would need a static IP on the same subnet as whatever the Subnet would be on the pfsense opt1 port. 

I was going to make the pfsense port 192.168.88.1 and make the R2 wan port 192.168.88.2 as s tart to this process

Does sound about right?

[Netduma Fraser]

Lets continue here for ease, I'm assuming the Netgate is running DHCP in which case it will automatically give the R2 an IP address when connected so you can set that as static. 

[[email protected]]

yeah it has DHCP but i was going to disable DHCP on that pfsense and manage it statically as its only 1 device plugged in and you can turn off pfsense per interface port on the pfsense.

[Netduma Fraser]

1 hour ago, [email protected] said:

yeah it has DHCP but i was going to disable DHCP on that pfsense and manage it statically as its only 1 device plugged in and you can turn off pfsense per interface port on the pfsense.

Fair enough, shouldn't have any issues then!

[[email protected]]

R2 Dashboard is coming up so im getting internet OK. 

is there a ping tool on the R2 that i can use to ping from the device itself?

[Netduma Fraser]

28 minutes ago, [email protected] said:

R2 Dashboard is coming up so im getting internet OK. 

is there a ping tool on the R2 that i can use to ping from the device itself?

It depends what you're wanting to do exactly, you can use Ping Heatmap to do that by making your own list.

[[email protected]]

wanted to check my pfsense firewall rules and make sure i can ping certain things from the R2 to my internal network 

 

[Netduma Fraser]

1 hour ago, [email protected] said:

wanted to check my pfsense firewall rules and make sure i can ping certain things from the R2 to my internal network 

 

I think that should work just fine!

[[email protected]]

only issue im having is the Double NAT on Xbox live - any ideas?

[Netduma Fraser]

In that case you'll need to put the R2 WAN IP in the DMZ of the Netgate and you'll get an Open NAT then

[[email protected]]

Jsut to clarify - for any of the functions i want like geo filtering the connection has to be via the wan port on R2 to the netgate?it cant be a lan port.

[[email protected]]

ive set the outbound NAT rule on the netgate interface that the R2 is plugged into to "Do not NAT" - see what happens 🙂

[Netduma Fraser]

Any device you want to be Geo-Filter has to be connected to one of the R2 LAN ports or the R2 WiFi, Netgate will be the only thing connected via the WAN port and even with the WAN passing through the Netgate the Geo-Filter will still work. Let us know how you get on!

[[email protected]]

i guess what im asking i, could i achieve the geo filtering by connected the Netgate to an R2 lan port rather than wan?

[Netduma Fraser]

I may not be understanding correctly, what is the usecase you're wanting to achieve? Are you wanting to Geo-Filter the Netgate as a whole?

[[email protected]]

I want to Geo Filter gaming - that is all. So consoles essentialy.

I want this traffic to go through the R2 then Netgate and everything else in the house goes out direct via netgate

[Netduma Fraser]

Okay so you'll just need to do this:

On 1/9/2022 at 6:10 PM, Netduma Fraser said:

Any device you want to be Geo-Filter has to be connected to one of the R2 LAN ports or the R2 WiFi, Netgate will be the only thing connected via the WAN port and even with the WAN passing through the Netgate the Geo-Filter will still work. Let us know how you get on!

and have all other devices connected to the Netgate.

[[email protected]]

yeah everything else is going out of the netgate directly either physically or wirelessly

 

[[email protected]]

Only issue I’m having is the double nat now.  
 

when adding to a “dmz” in a traditional home router what is that actually doing? Is that port forwarding everything to the that ip? Is it essentially a 1:1 nat?

[Netduma Fraser]

5 minutes ago, [email protected] said:

Only issue I’m having is the double nat now.  
 

when adding to a “dmz” in a traditional home router what is that actually doing? Is that port forwarding everything to the that ip? Is it essentially a 1:1 nat?

It essentially passes all traffic straight through to the DMZd device so that it's unaffected by the router firewall etc imposing restrictions on the connection

[[email protected]]

yeah pretty much as i thought.

i assume there is a firewall on the Netduma for incoming traffic? 

[Netduma Fraser]

5 minutes ago, [email protected] said:

yeah pretty much as i thought.

i assume there is a firewall on the Netduma for incoming traffic? 

Yes there is so it's perfectly safe to put the R2 in the DMZ

[[email protected]]

this is the what Netgate consider the DMZ that SOHO routers have - scroll to the bottom

https://docs.netgate.com/pfsense/en/latest/nat/1-1.html