pfSense on Optus Cable

Configure Your Modem

Depending on your cable modem model, it may already be a simple layer 2 bridge or you may simply have to enable "bridge mode". Read on.

Cisco DPQ3212

This is the best modem Optus has ever shipped. It's DOCSIS 3.0 but has no Router/NAT functionality whatsoever - it is the Gold Standard.

If you can find one on eBay or Gumtree then grab it, call up support and have them provision it for you (or plug it in, and use Optus' "self install" feature to swap your account over to it)

There are no steps that you need to take, just plug your pfSense firewall in to the modems single ethernet port.

Note: you can view its status via if will just work, you dont need to set an IP address in that range.

Netgear CG3000v2

Optus has been aggressively pushing out this modem since about 2015. It is a router/modem combo.

The good news is that the Netgear is easily bridged to turn it into a straight modem. You have the option of just pressing the wifi button on the front of the modem to switch off the wifi entirely, or you can put the modem into bridge mode which then makes it act like a modem with no router option.

To access the Netgear Genie interface, open your internet browser and type into the address bar where you usually enter the www address of the website you want to visit.

You will be asked for a login username and password which is listed on one of the stickers on the bottom/back of the Netgear modem.

Once in, you will see this screen:

Netgear CG3000v2 Menu for Bridge Mode

Please be aware that once you have activated Bridge Mode, you will only have access to the 1st ethernet socket on the modem, as Bridge Mode disables the other 3 sockets.

So plug your pfSense firewall into port 1.

Note: To disable Bridge Mode you will need to perform a factory reset of the modem (hold a paperclip or pin for 10 seconds in the small hole on the back of the modem).

Cisco/Scientific Atlanta DPC2203C

 Cisco DPC2203C

Optus began providing this modem just after Cisco acquired Scientific Atlanta, who originally designed and manufactured it. So it has been sold under both brands in various parts of the world, although Optus only ever sold it Cisco branded.

This device has no router/NAT feature, so no steps are needed to configure it.

As the DPC2203C is a DOCSIS 2.0 modem, the maximum speed it can achieve is around 30Mbps. Unless you plan has a lower maximum speed.

Simply plug your pfSense firewall into the single Ethernet port.

Motorola Modems

Motorola Cable Modem

If you have a Motorola modem with just one port, this device has no router/NAT functionality. So no steps are needed.

Motorols Modems that were provided by Optus are either DOCSIS 1.1 or 2.0, so the maximum speed achievable is around 30Mbps. Unless you plan has a lower maximum speed.

Simply plug your pfSense firewall into the single Ethernet port.

Other Netgear and Cisco Modems

You're probably out of luck, most other models are router+modem combos with no "Bridge mode" feature.

As such, your pfSense device cannot become the outer most firewall for your network.

Configure pfSense

Just set the WAN to DHCP, with an MTU of 1500.

This is in fact the default, so a fresh install should "just work".

Caveats of Optus Broadband

  • Optus blocks port 80 (HTTP) inbound to your modem. There is no way to have this turned off.
  • Optus blocks port 25 (SMTP)outbound except to their mail server You can disable this via their "Member Services" portal, or call up customer care and ask them to disable it.
  • Alternatively if your email server supports it, you can send email via port 587 which is not blocked by Optus. Generally this port requires TLS and authentication, which are both good to use regardless. As blocking SMTP is common for most ISP and on free wifi services etc, changing to 587 is a robust solution.
  • Port 456 is deprecated for email, but sometimes still offered by email servers.


