Topic: Billion 8900AX (Bridge mode) and PfSense using single WAN cable for stats (Read 3429 times)

BigJ · « **on:** February 05, 2017, 01:47:17 PM »

Hi all

In a case of more money than sense I recently got a 8900AX-2400 and paired it with PfSense v2.3 that I've been experimenting with. Follwing Chrysalis' guides I got most of the way there but setting up PfSense was different so I thought I'd shared how I did it. I'm not a Linux/Unix or networking expert and I don't claim it's the right/best way.

EDIT: Chunks post below provides a link to a good explanation for setting up pfsense for this scenario

First set the Billion to Bridge mode http://forum.kitz.co.uk/index.php/topic,17915.0.html

The following is adapted from http://forum.kitz.co.uk/index.php/topic,14621.0.html

Note that I've got PfSense running in a virtual machine so it doesn't have the usual device names.

I know that my chosen physical WAN port on PfSense for communicating with the 8900AX has two devices.

Code: [Select]

ifconfig vtnet1
vtnet1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=6c00b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
	ether 3a:32:62:31:39:30
	inet6 fe80::3832:62ff:fe31:3930%vtnet1 prefixlen 64 scopeid 0x2 
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
	media: Ethernet 10Gbase-T <full-duplex>
	status: active

No IPv4 addresses there but there is on

Code: [Select]

ifconfig pppoe0
pppoe0: flags=89d1<UP,POINTOPOINT,RUNNING,NOARP,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1492
	inet 80.XXX.XXX.XXX --> 195.XXX.XXX.XXX netmask 0xffffffff 
	inet6 fe80::c067:2731:13b:99a4%pppoe0 prefixlen 64 scopeid 0x9 
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>

So it didn't look like I needed to create an IP alias. In the PfSense web GUI go to "Interfaces -> (assign)". vtnet1 was currently unassigned so I added it. For me (likely different for you) it was initially named OPT3 but I changed it later to 8900AX.

See attached add_interface.jpg

Now clicking OPT3, set a meaningful Description and a Static IPv4 address. Make sure "Enable Interface" is ticked.

See attached config_interface.jpg

Like Chrysalis I could ping the 8900AX from PfSense but not my LAN.

Code: [Select]

[2.3.2-RELEASE][admin@pfsense01.local]/root: ping -c 3 192.168.2.254
PING 192.168.2.254 (192.168.2.254): 56 data bytes
64 bytes from 192.168.2.254: icmp_seq=0 ttl=64 time=0.786 ms
64 bytes from 192.168.2.254: icmp_seq=1 ttl=64 time=0.800 ms
64 bytes from 192.168.2.254: icmp_seq=2 ttl=64 time=0.698 ms

Setup NAT rule, "Firewall -> NAT > Outbound". Not sure this is the best method so any advice greatly welcome.
Select "Hybrif Outbound NAT" mode.

See attached nat_rule.jpg

That's it and hope it's of some use. Thanks to Chrysalis for doing the hard work

BigJ · « **Reply #1 on:** February 05, 2017, 04:48:01 PM »

Following up on previous post, I couldn't successfully change the subnet of the "bridge" on the 8900AX.

Changing subnet from 192.168.2.0/24 to 192.168.4.0/24 however didn't work. I could ping it from PfSebse so I'd guess the NAT rule was not working but I've no idea why.

Edit: For clarity

Chrysalis · « **Reply #2 on:** February 05, 2017, 11:04:49 PM »

welcome to the pfsense world.

BigJ · « **Reply #3 on:** February 06, 2017, 12:46:51 PM »

Hi Chrysalis

Turns out pfsense is working fine and it was me being a numpty! I'm running a VPN on my desktop and I'd forgotten that I needed to update the IP range that will be excluded from the tunnel

Chunkers · « **Reply #4 on:** February 06, 2017, 01:36:21 PM »

I am also contemplating doing this to get access to my two VMG8924 modems over the LAN, it looks like your approach is described in simple terms in these HOWTO instructions ?

Chunks

BigJ · « **Reply #5 on:** February 06, 2017, 03:48:40 PM »

Good find Chunks. That link rather nicely explains the process and I'll update the first post accordingly. One observation though. Personally I'm sticking with "Hybrid Outbound NAT" mode instead of "Manual" as mentioned in the guide. I'm just a part time tinkerer and very forgetful so Manual mode would probably catch me out if I change IP subnets.

I've also now created a new interface group (subnet) for wireless access on the 8900AX and connected a cable to the Wireless port on the pfsense box. "Ping-ing" from my android phone suggests that everything is properly isolated. I can now retire my Asus AC68 (Access Point mode) that was plugged into pfsense

Edit: NAT mode comment

Chrysalis · « **Reply #6 on:** February 07, 2017, 03:45:59 PM »

yes i used that guide also which was the basis of the how to i posted in my pfsense thread

BigJ · « **Reply #7 on:** February 07, 2017, 05:25:51 PM »

The LAN setup thread? I did skim through that but didn't spot it. I've been meaning to go through it slow time looking for tips &tweaks.

Chrysalis · « **Reply #8 on:** February 07, 2017, 05:41:07 PM »

yeah was a post I mentioned what I did.

News:

Author Topic: Billion 8900AX (Bridge mode) and PfSense using single WAN cable for stats (Read 3429 times)

BigJ

Billion 8900AX (Bridge mode) and PfSense using single WAN cable for stats

BigJ

Re: Billion 8900AX (Bridge mode) and PfSense using single WAN cable for stats

Chrysalis

Re: Billion 8900AX (Bridge mode) and PfSense using single WAN cable for stats

BigJ

Re: Billion 8900AX (Bridge mode) and PfSense using single WAN cable for stats

Chunkers

Re: Billion 8900AX (Bridge mode) and PfSense using single WAN cable for stats

BigJ

Re: Billion 8900AX (Bridge mode) and PfSense using single WAN cable for stats

Chrysalis

Re: Billion 8900AX (Bridge mode) and PfSense using single WAN cable for stats

BigJ

Re: Billion 8900AX (Bridge mode) and PfSense using single WAN cable for stats

Chrysalis

Re: Billion 8900AX (Bridge mode) and PfSense using single WAN cable for stats