1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

PFSense and Modem\Modem Mode Security

Discussion in 'General Network Security' started by Green_Goblin, Dec 17, 2018.

  1. Green_Goblin

    Green_Goblin New Around Here

    Joined:
    Nov 25, 2018
    Messages:
    6
    llll
     
    Last edited: Jan 13, 2019
  2. Xentrk

    Xentrk Part of the Furniture

    Joined:
    Jul 21, 2016
    Messages:
    2,226
    Location:
    The Land of Smiles
    You should be okay. I have done this for myself and other people. It is referred to as Bridge mode.

    Once you place the modem/router into bridge mode, it no longer has a WAN IP address that can be scanned for vulnerability by those with ill intent on the WWW. The ISP can still ping it on their end though.
     
  3. CaptainSTX

    CaptainSTX Very Senior Member

    Joined:
    May 2, 2012
    Messages:
    1,833
    The biggest thing you need to do to protect your LAN from WAN side attacks is not allow administrative access to the router from the WAN including SSH, Telnet, etc. unless you run a VPN connection to your router and run a VPN server on the router.
     
  4. sfx2000

    sfx2000 Part of the Furniture

    Joined:
    Aug 11, 2011
    Messages:
    14,025
    Location:
    San Diego, CA
    pfSense is, by design, fairly secure... keep it up to date, and you should be fine.
     
  5. sfx2000

    sfx2000 Part of the Furniture

    Joined:
    Aug 11, 2011
    Messages:
    14,025
    Location:
    San Diego, CA
    You probably need to take some time to understand what you are asking - pfSense does not have an FTP server - you can port forward an internal server if you want... if you do, you need to secure that ftp server outside of pfSense

    pfSense is not going to "protect" your modem...
     
  6. abailey

    abailey Very Senior Member

    Joined:
    Mar 29, 2014
    Messages:
    577
    Location:
    Tennessee, USA
    Your network protection is your firewall/router. If that is pfSense then everything on your LAN side is protected. I assume you hook it up like Internet-> Modem -> pfSense WAN.
    So even if your modem somehow became compromised, all your network behind pfSense is still protected.
     
    Green_Goblin likes this.
  7. Xentrk

    Xentrk Part of the Furniture

    Joined:
    Jul 21, 2016
    Messages:
    2,226
    Location:
    The Land of Smiles
    You get the public IP from the Router. The routers is where you configure the user name and password and other information required by your ISP. I did a web search and saw some modems had security issues back in 2009. Have not heard of any recent concerns.

    Bridge Mode turns it into a modem. It just passes the connection onto the router. The PPPoE config is made on the Router. Bridge Mode feature turns off the routing capabilities while leaving the modem capabilities on. Then, you may connect and use your own router.

    Bridge Mode and Modem Mode are probably synonymous. The term used may differ depending on the manufacturer.

    No special configurations or port forwarding is required. All of the security settings are made on the Router. I think a switch box may be a good analogy. The modem/router placed in Bridge mode is just passing the signal onto the Router.
     
    Green_Goblin likes this.
  8. CaptainSTX

    CaptainSTX Very Senior Member

    Joined:
    May 2, 2012
    Messages:
    1,833
    Correct a modem just connects you the public network. The name really says it all.

    Modem is short for modulator demodulator. In the old days the modem's function was to take an analog signal transmitted over a telephone line and convert it to digital and then take the digital signal from your computer and convert it back to analog. Different technology today as networks are no longer analog but in general the device serves the same purpose.
     
    Green_Goblin and Xentrk like this.
  9. Xentrk

    Xentrk Part of the Furniture

    Joined:
    Jul 21, 2016
    Messages:
    2,226
    Location:
    The Land of Smiles
    I’ve not heard of that before. pfSense performs both the routing and firewall duties. So not sure why that is necessary. Perhaps there are some special requirements in an enterprise or medium sized business where additional network segregation is required.

    https://www.netgate.com/solutions/pfsense/
     
  10. degrub

    degrub Very Senior Member

    Joined:
    Dec 21, 2015
    Messages:
    797
    That is what a correctly configured pfSense box is doing.
    Otherwise, turn your modem/router back into router mode and have it drop al unsolicited packets and turn off WAN access.
     
  11. abailey

    abailey Very Senior Member

    Joined:
    Mar 29, 2014
    Messages:
    577
    Location:
    Tennessee, USA
    I have never heard of this. Even businesses that i know of that use pfSense don't do this. Not sure what the point would be. pfSense is mainly a firewall. If someone did not want to use it for a firewall why would you use it at all? I guess maybe as a standard router, but there are better router software's out there for purely routing.
     
  12. sfx2000

    sfx2000 Part of the Furniture

    Joined:
    Aug 11, 2011
    Messages:
    14,025
    Location:
    San Diego, CA
    pfSense can be the edgerouter/gateway, or it can be an internal router...