Adventures with pfSense: Act 1— Setting up Internet and MIO TV

Jeffery Tay
4 min readMay 3, 2020

--

Having had my fair share of pain with branded routers (plus current WFH arrangements), plus having a mesh wifi with ethernet backhaul deployed, I felt it may be time to relook at setting up a proper FW/IPS/IDS using something that has withstood the test of time.

First order of the day is to get a mini-pc on which pfSense will run on. After much consideration, I settled on an I5-7200U, 8GB Ram, 64GB SSD box from Qotom. Because OpenVPN is also deployed for remote connectivity, AES-NI is a requirement. Additionally this has 6 Intel GBIC NICS which is sufficient for my local connectivity and HDMI for ease of connecting to my monitor.

Qotom Mini PC

Network design

This box is intended to replace my current Asus router and interface directly with the ONT box. As such it needs to be able to understand and carry both the Internet and MIO TV vlans on INT1 (Internet uplink).

The MIO TV traffic (VLAN20) can then be bridged to INT2 which connects to the MIO TV Set Top Box.

Internet traffic will be bridged to INT3,4,5 which is basically the Intranet.

INT6 will host just a DHCP service and acts as a failsafe in case Intranet connectivity goes down due to mis-configuration. This way there is no need to connect a monitor and keyboard to the box when things go wrong.

Physical ethernet layout

Setting up the WAN

Start by setting up the VLANS that will be sent in INT1. For Singtel the VLANs are as listed below. As i’m using the traditional copper lines for telephony all that is needed are VLAN 10 — Internet and VLAN 20 — MIO only.

Once this is done, go back to Interface Assignments and assign WAN to VLAN10 on Interface 1.

Interface Assignment — WAN

The WAN configuration are as follows

Once configured, press Save and you should get an Internet IP within the next few minutes.

Setting up MIO TV

The next step is to get MIO TV up and running.

First add in and enable the following Interfaces

  • MIO_WAN on INT1 VLAN 20
  • MIO_LAN_VLAN20 on INT2 VLAN 20
  • MIO_LAN on INT2

Note: You need to enable both the normal and VLAN20 on Interface 2 in order for MIO TV to work

MIO TV Interface assignments

All 3 interfaces have the same interface settings

MIO TV setting for interfaces

Next create a bridge between connecting all of the MIO TV interfaces into a single bridge (switch)

MIO TV bridge setup

As firewall rules needs to be added, create an interface group to ease firewall rules maintenance

MIO TV interface setup

Finally goto Firewall > Rules and add an allow all rule

MIO TV Firewall rule

Now go back and wait a while for MIO TV to be connected and you should see a 10.x.x.x ip address being assigned MIO_WAN once you turn on your MIO TV Set Top Box.

There’s lots more that I’ve done with pfSense, but will leave that for another day.

PS: If you are only looking to run pfSense as a normal router + MIO TV you will probably be better off with a typical router or mesh. The reason for using pfSense is because it will also be to used for DNS filtering, IDS/IPS, Proxy, AV and network access control.

#pfsense #singtel #mio #miotv

--

--

Jeffery Tay
Jeffery Tay

Written by Jeffery Tay

Education is in my blood, partnership and coaching is my passion. ¬ L’essentiel est invisible pour les yeux