OK, I’ve just purchased a RB750G to use as a ‘router’ only. In fact, I only want to route one /29 from it to a pfsense firewall. This is replacing a netgear DG834 which currently does the job well, but it has lately become a tad unreliable.
Currently the DG834 has IP 10.18.200.100 and the pfsense firewall is 10.18.200.99. I have disabled NAT for the 10.18.200.0/24 network and I can connect to the DG834 on its web interface and configure it etc. I can ping and telnet the DG834 also. This setup has worked for a few years. I think the fact that it works proves that my pfsense firewall is not misconfigured. On the DG834 I have one static route for my /29 that points to the IP of my pfsense box. I run this with NAT and firewall disabled. That way my pfsense box sees the public IP addresses of the /29. I then make routing forwarding decisions on the destinate address. Works well and has done reliably for a long time.
My goal is to ditch the DG834 and replace it with the combo billion + 750G. I have a billion DSL modem running in bridged mode and it is physically connected to the 750G port1. I have successfully set up the PPPOE interface and it connects and works as expected. I have setup a static route for my /29 which points to the IP of my pfsense firewall, but here is the catch, I cannot get the pfsense box to ping, ssh or anything the 750G. I have given the 750G the same address as the DG84 had, yet no matter what I try, these devices will not talk. Given that pfsense can happily talk to the DG834 when it has IP 10.18.200.100, I’m guessing that the firewall or possibly routing table on the 750G is blocking everything by default ? To test I have added a firewall rule to allow icmp traffic from pfsense to 750G. Yet nothing shows up. I’ve run tcpdump on the pfsense box and I can see the ‘echo request’ packets leaving but nothing coming back. I have also used the packet sniffer on the 750G but I cannot see the pings.
I have at times seem this sort of thing in the pfsense firewall logs;
Mar 19 23:34:06 WAN 10.18.200.100:5678 255.255.255.255:5678 UDP
Which appears to be coming from the 750G. I have also noticed that the MAC address of the 750G shows up in the arp table on the pfsense box.
Dumb questions;
Can I effectively disable the firewall and just route ? That is the way the DG834 works and I think it is what I want.
If IP routing do I need ‘forward’ rules ?
I have ‘local-ether2’ configured as the 10.18.200.100 address, is this correct for what I’m trying to achieve ?
Is this problem related to proxy arp ? I’m sure the DG834 is a good bit dumber than the 750G.
Any help greatly appreciated.