How To: Bypass Google Fibers Network Box

Background

That is correct, this How To guide will show you the steps needed to bypass Google Fibers network box and be able to use your own firewall. I did need to purchase one additional item, a Netgear GS108T which is listed below. I will follow up this guide with another How To on getting the TV Services working using a pfSense firewall.

The install was super smooth along with getting the TV Boxes connected and I will have to say the picture is much clearer than TWC. Anyways Google’s Network Box is a MUST in order to get the gigabit internet and TV working. I of course was not to happy about this because I have a few sub-domains pointed to a FreeDNS URL that I use to hit an internal reverse proxy. From there I direct the traffic to the proper destination. Now there are settings for the port forwarding on the Network Box but I found them limited. The biggest disappointment was there isnt any way to turn the Network Box into a bridge mode. After running a double NAT for a week I set out to find a way around and found the following. A post here says that Google doesn’t care if you don’t use their equipment but its very vague on how to do so. That being said there had to be a work around, after searching the internet, pfSense forums, Google Fiber Groups I finally got it working. I will credit flyovercountry.org as to a very helpful write up which got me to the 80% mark of getting everything working. I decided to get straight to the point as he goes into more depth on what your actually doing and it is a great read.

NOTE: This guide only gets Internet services working. If you wish to get the TV services working as well follow Part 2

Prerequisites

  1. Googles Fiber Jack Model – GFRG110 or GFRG100
  2. Netgear GS108TV2 (Cheapest Managed Switch with necessary options) – Amazon Link
  3. Optional: Wireless Router that Supports IGMP Snooping (This feature is necessary as your WiFi will drop off at random times)

How To

Part 1: Configuring the Switch

Googles documentation says that traffic needs to be tagged as VLAN2 to the Fiber Jack. The following guide assumes that your Fiber Jack is plugged into Port 1 on the Netgear switch and your Firewall/Router WAN port is plugged into port 2 of the Netgear switch.

Step 1: Disable Voice VLAN Switching

  • Switching -> Voice VLAN -> Basic -> Properties
  • Voice VLAN Status – Set to ‘Disabled’

guide-01

Step 2: Port Grouping

  • Switching -> VLAN -> Advanced -> VLAN Membership
  • Select VLAN ID 1 from the drop down, then click the small drop down arrow next the PORT and check ports (3-8) so they all say ‘U’
  • Click Apply in the bottom right

guide-02

  • Select VLAN ID 2 from the drop down, click the small drop down arrow next to the PORT and check port 1 to say ‘T’ and port 2 to say ‘U’
  • Click Apply in the bottom right

guide-03

Step 3: Port Assignment

  • Switching -> VLAN -> Advanced -> Port PVID Configuration
  • Check boxes for g1 and g2 and enter the value 2 into the PVID Configured box
  • Click Apply in the bottom right

guide-04

  • At this point the internet should work however your speeds will be very slow until the next steps.

Step 4: QoS Class Configuration

  • QoS -> DiffServ -> Advanced -> Class Configuration
  • Enter DHCP into the Class Name box, select All from the drop down box and click on the Add button in the bottom right
  • Enter IGMP into the Class Name box, select All from the drop down box and click on the Add button in the bottom right
  • Enter Default into the Class Name box, select All from the drop down box and click on the Add button in the bottom right

guide-05

  • Click on the DHCP class the you’ve created and set the following, once completed click Apply in the bottom right corner
    • VLAN = 2
    • Source L4 Port = Other 68
    • Destination L4 Port = Other 67

guide-06

  • Click on the IGMP class that you’ve completed in the last step and set the following, once completed click Apply in the bottom right corner
    • VLAN = 2
    • Protocol Type = IGMP (it will default to 2)

guide-07

 

  • Click on the Default class that you’ve completed in the last step and set the following, once completed click Apply in the bottom right corner
    • VLAN = 2

guide-08

Step 5: QoS Policy Configuration

This is probably the trickiest part of the guide on getting the policy configuration set correctly and doing so in the proper order. It should look like the below screen shot.

  • QOS -> DiffServ -> Advanced -> Policy Configuration
  • Enter in GF in the Policy Selector and select DHCP in the drop down menu and click on ADD
  • Check the box next to GF and select IGMP in the drop down menu and click on APPLY
  • Check the box next to GF and select Default in the drop down menu and click on APPLY

guide-09

Now its time to set the Policy for the three difference classes

  • QOS -> DiffServ -> Advanced -> Policy Configuration -> GF (DHCP Member Class) and set the following, after doing so click APPLY in the bottom right
    • Mark COS = 2

guide-10

  • QOS -> DiffServ -> Advanced -> Policy Configuration -> GF (IGMP Member Class) and set the following, after doing so click APPLY in the bottom right
    • Mark COS = 6

guide-11

  • QOS -> DiffServ -> Advanced -> Policy Configuration -> GF (DHCP Default Class) and set the following, after doing so click APPLY in the bottom right
    • Mark COS = 3

guide-12

Step 6: Service Configuration

Last step, you’re almost there.

  • QOS -> DiffServ -> Advanced -> Service Configuration
  • Check the box next to g2 and select GF from the Policy In drop down menu

guide-13

 

If the Operation Status says down you’ve missed a step somewhere in the Class or Policy Configuration. Just go back through the steps and make sure all settings match.

Conclusion

All finished, for now. Go ahead and run another SpeedTest and you should get pretty close to a gig up/down. Also note that if your running pfSense as your firewall it will need to be somewhat of a decent machine. I came to find out that my P4 3.00GHz w/ HTT and 4GB of Ram wasn’t enough to handle the gigabit connection. While running speedtests my CPU became 100% consumed and I was limited to around 650mb up/down. Just something to think about.

Now for the TV side of things. At this point my TV service didn’t work until I added a bunch of settings into pfSense to help route the TV traffic. For that guide follow Part 2.

If you have any questions please leave a comment below.

Leave a Reply