@twrigglesworth said in pfSense with ESXi 6.5:

Thank you =) this is all new to me so sorry if it's a little silly asking things like this.

Then read the whole pfSense book.

Kinda depends on how smart your AP is. If it is capable enough to have one SSID tagged on the wired side and another untagged, then you are good to go. I.E. "original SSID" would stay untagged (no VLAN field inserted), and the "new SSID" would be set to get tagged w/ VLAN 50.

PFSENSE will handle things just fine from there.

I got that to work by using a PAC file.
I have enabled SQUID in my pfsense.

So, basically, when my browser calls for netflix, the PAC file send it to the proxy, thus using my WAN IP, which is default gateway of Pfsense.

Everything else goes direct, through the VPN.

I had to make a policy rule, without enabling any of advanced options, so my PC can speak with the proxy on port 3128.

After that, I`ve made another policy rule, setting in the advanced options, source MY LAN, destination ANY, gateway VPN gateway.

So, by doing like this, I could route based on the domain name.

@vacquah ...Back I got it working take a look at https://forum.netgate.com/topic/139218/sonos-speakers-and-applications-on-different-subnets-vlan-s

good luck and cheers,

Qinn

Glad you have it working. ☺

-Rico

Yeah get an ISP that allows you to actually route a cidr block of IPs to you if you want to use them like your using so you can actually put them behind pfsense vs being wan IPs..

Then you would have actual transit networks for your different ISP connections...

Option 2
Put your services in actual DC that will assign you IP block vs ding what amounts to a home user hack trying to run services off dynamic IPs..

Why are you dealing with dynamic IPs? Just don't get it - get a block of addresses and route it to you so you can do this correctly..

@kartoff If you also exclude http traffic from load balancing, then there isn't much to load balance.
https has issues with the tls mechanism and ip's changing.
http is much more forgiving.
Enable sticky connections, put 1800 (sec) as timeout and you should be ok

@kartoff said in Configure BGP - announce ASN and our public ips:

@jubimathew said in Configure BGP - announce ASN and our public ips:

@kartoff

@kartoff said in Configure BGP - announce ASN and our public ips:

@jubimathew said in Configure BGP - announce ASN and our public ips:

I have configured a device with the lan ip, but when doing show my ip address on google, it reflects the wan IP. How do we reflect ip on all outgoing traffic and can use our public ips on our devices, such that they can be accessed directly outside the firewall.
Please let me know if you require more information on the setup that i have done.
thank you

As i understand you have firewall turned on ? Or you just mentioned it... Are you sure NAT is disabled ? Did you disable firewall in System>Advanced>Firewall&NAT ?

Hi kartoff, thank you for your response. Disabling firewall in system>>advanced>>Firewall&NAT would cut off internet. Please let me know, if you require more information on the current setup.

Would cut off internet if you don't have public IP's... When you have public /24, leaving firewall on cuts their publicity... Choice is yours :)

Ok, what all parameters shall i check in openbgp_status which could confirm if the BGP settings is set correctly.

thanks

Registered the issue under https://redmine.pfsense.org/issues/9232. I suppose, if people read this, any support in that issue is welcome. First time I filed a bug for this software so I hope its in order.

You should not have a Gateway on your LAN interface.

@netblues for now i set WAN_IBIZ and WAN to any (source ) any (destination)

You need a Access Point acting in Client Mode to connect via Wireless to this MiFi.

-Rico

Looks like you scared him away - I think he deleted his account..

I wanted to learn how to do it with pfSense :) So I assembled test setup... Now when I have completed this step I have no problem to route public IP's same way :) I just missing chunks in how it should be done, but now i am happy :)
You mention static routing (witch i never used before) and gateway and they do the trick... Thank you :)

Got it all up and running thanks! Eddie

Correct. I was thinking in terms of building sort of "security domains". The (potentially wrong) assumption was, that having some sort of sacrificial anode to the net was something good.

But no big deal, i am not seriously attached to that idea if it makes no sense.

Had tried this and it didnt work, but just now realised I had the gateway wrong.

Have set up a daily email to run that script for each gateway that I have, against the same server. Works like a charm! Thanks for your help 👍

+1