PPPoE WAN Transparent Bridge

I am trying to configure something unusual, and I am wondering if it's technically possible.

I recently moved to a different place, and got lucky with Fiber Internet on my new location.

Previously I had my pfSense Firewall/Router directly connected to the bridged DHCP WAN port of my DSL modem. Which resulted in pfSense getting an external IP by setting WAN to DHCP.

The Fiber Internet provider uses PPPoE instead of DHCP. pfSense also has support for PPPoE, but it's not very stable. I had a few situations where the PPPoE connection did not reconnect after a reboot, or where the PPPoE connection just dropped and did not come up again.

I decided to look for a solution. I bought a MikroTik RB750Gr3 which should handle the PPPoE connection, and then forward the resulting connection (and External IP + Routes) to one LAN port. I will then want to connect my pfSense Firewall to that LAN port and somehow get the External IP + Routes as my WAN connection. That way pfSense does not have to handle the PPPoE connection, but just receives the resulting connection.

So in my head it looks something like this:
INTERNET => MikroTik RB750Gr3 (PPPoE Client, External IP) => pfSense (External IP, so no double NAT) => LAN (

Is this possible? Of did I think of something technically impossible?

This is an Openwrt forum as opposed to a pfSense forum, so you're very unlikely to get any answers to your question here. Suggest you try on the pfSense forum....

1 Like

Well the question is fully related to OpenWRT, since that is what I use on the MikroTik RB750Gr3.
And some magic configuration needs to happen on the MikroTik to forward the PPPoE connection to the pfSense Firewall. So don't focus too much on pfSense, that could be any router.

The goal of my question is: How do I configure OpenWRT to forward the PPPoE connection (External IP and Routes) to a second device.

Whoever terminates the PPPoE session, holds the WAN IP.


Thanks, I will have to think of something else then. I might just replace pfSense completely then...

Yes, but that doesn't mean that it can't route that address to another device. Mix it with a fake netmask and gateway, and you could make your pppoe router appear to be a "bridge" to a single device.

This is similar to what most LTE modems do.

I'm obviously talking about what you can do in Linux. Don't know shit about any BSDs.