The WAN interface is your connection to external networks (in most cases, the public internet). You will need a properly configured WAN interface and an internet connection. In this example, we will connect to the internet via an Internet Service Provider (ISP) and a cable modem.
- Navigate to
- Check the
Enable Interfacecheckbox (it should be checked by default):
- Choose anIPv4 Configuration Type(usually DHCP).
- Choose an IPv6 Configuration Type, or leave it set to None.
- Leave MAC Address blank. Manually entering a MAC address here is known as MAC address spoofing. You can enter a MAC address here if you want to force your ISP to hand you a different IP address, or a different set of DNS servers. Be warned, however, that the MAC address entered must have a valid manufacturer’s prefix or it won’t work.
- Leave MTU, MSS, Hostname, and Alias IP address blank.
- Check the Block private networks and loopback addresses checkbox (it should be checked by default). This will block RFC 1918 private addresses from being sent out over the public internet.
- Check the Block bogon networks checkbox (it should be checked by default). This will block packets from IP addresses not yet assigned by IANA from being sent or received:
Click on the
Savebutton when done.
We must first establish a connection to the internet before we can configure pfSense to allow other networks to access it. The example we provided is a typical WAN configuration for a Small Office/Home Office (SOHO) environment. By setting up the WAN interface as the only interface with direct access to the internet, we are securing the network behind the firewall and establishing complete control over our networks. All networks behind the firewall must now abide by the rules we create.
Now that we have configured the WAN interface, we can connect the cable modem to the WAN port on pfSense and check the status of the WAN port by navigating to