Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Advice needed about buying system from pfsense store

    Scheduled Pinned Locked Moved General pfSense Questions
    9 Posts 4 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J Offline
      JonH
      last edited by

      Thinking about purchase of SG-2440 (4 port appliance).
      I have a bunch of questions I hope to get answered.

      The SG-2440 comes with 8GB flash memory.  How much of that is used up by the standard installation?  I'm wondering if I need to buy extra storage.  Down the road I'll probably want to add snort & squid guard.

      I read that the standard install sets this up on 192.168.1.1
      Is there any reason I can't change that to say, 192.168.1.100?  I ask this because my current gateway/firewall machine is not using x.1 and it would save a lot of configuring if I did not have to change all the devices on my lan.  I'd rather be able to drop it in with the same IP my current gateway is using.

      I gather from poking around the forum and wiki that the way to use SG-2440 is via the web gui from a lan workstation.  I have not found any comprehensive info on the gui menu so I don't know what choices are available.  Is there ability to go to terminal?  Will I have access to root?

      My current system has a computer operating with obsolete software that provides 25 seat NAT license/gateway/firewall functions.  It also provides ipsec however, since it was written 15 yrs ago I suspect that the problems I have with setting up tunneling on Apple mobile devices has to do with newer protocols, etc.  This is the motivation for a new purchase.  From posts on this forum I gather than getting this to work is a problem for some folks.  I have my fingers crossed.

      Thanks for any suggestions about my concerns.
      jon

      1 Reply Last reply Reply Quote 0
      • stan-qazS Offline
        stan-qaz
        last edited by

        I have the SSD in mine and I'd recommend that to you too. As far as usage goes mine is pretty much stock aside from having added pfBlocker from the packages page.

        [2.3.2-RELEASE][root@pfSense.home]/root: df -h
        Filesystem                     Size    Used   Avail Capacity  Mounted on
        /dev/ufsid/571783696cadccec    108G    1.1G     98G     1%    /
        devfs                          1.0K    1.0K      0B   100%    /dev
        /dev/md0                       3.4M    124K    3.0M     4%    /var/run
        devfs                          1.0K    1.0K      0B   100%    /var/dhcpd/dev
        
        

        Changing from 192.168.1.1 to 192.168.1.100 is likely to cause you a lot of frustration, I don't know how much as I've never tried someting like that.

        Now changing to another more usual address like 192.168.100.1 should be no problem or any of the other "assigned to you" address or an RFC1918 addresses. Here I use 172.16.0.1 as my pfSense address and for the LAN port while I put 172.16.1.1 and 172.16.2.1 for the other two ports.

        The web gui is pretty extensive, I believe it is covered in the on-line documentation: https://portal.pfsense.org/docs/manuals/sg-2440/quick-start-guide.html and https://doc.pfsense.org/index.php/Main_Page or the pfSense book.

        You can go to a terminal from within the gui but I find it less hassle to just ssh in using a terminal program. I also have the serial port hooked up to a nearby PC and that comes in handy.

        You will have root access, think of pfSense as an appliance built on BSD.

        1 Reply Last reply Reply Quote 0
        • J Offline
          JonH
          last edited by

          stan-qaz:

          So the 2440 comes with 4GB memory and df shows you are using just over 1/2 of that.  I guess it makes sense to add SDD for future-proofing.

          Regarding gateway addr, my lan has a half dozen static ip devices mixed with more recent acquisitions using dhcp.  It wasn't until the last few years with mobile stuff that I started using dhcp with ip-pools reserving the addresses.  So rather than reconfig all those static devices I'd rather just 'drop in' the sg-2440 and change it from the standard x.xx.1 IP to the IP I currently use.  Two cat 6 cables and I'm done.  I don't know if the gui has a nic configuration screen, should be doable from terminal tho.  I suppose ifconfig would do it.  I had read somewhere that it should be left as x.1 so that is why I asked if it could be changed.

          I did read a recommendation to use a 172 net range but again, I'd be changing quite a few devices to implement that.

          I read the quick start guide prior to joining this forum.  If there is a complete menu layout for the gui, I missed it.  I did see a partial menu sample.

          Can you explain the serial port hookup to nearby PC (or point me to a link)?  That would be from the 2440 console port to a pc comX port?  Would this essentially be using the pc as a slave terminal w/ video?

          Thanks for info on root.  I have a NVR running busybox and it is locked up so I was wondering if the sg-2440 was similarly locked up.

          Thanks

          1 Reply Last reply Reply Quote 0
          • stan-qazS Offline
            stan-qaz
            last edited by

            Serial port: https://doc.pfsense.org/index.php/Connecting_to_the_Serial_Console

            Me I just plugged the serial cable that came with the router into a USB port of my computer and ran Putty on /dev/ttyUSB0 at 115200. Not sure what you mean by "slave terminal with video" what you get is a basic serial console, think VT-100 type terminal.

            SSH access: https://doc.pfsense.org/index.php/HOWTO_enable_SSH_access

            I wasn't recommending using the 172 range as such, rather I was questioning using the .100 as the firewall's address. No clue how that will work out but someone else may have an idea.

            1 Reply Last reply Reply Quote 0
            • J Offline
              JonH
              last edited by

              Thanks for those links.

              I wasn't recommending using the 172 range as such, rather I was questioning using the .100 as the firewall's address. No clue how that will work out but someone else may have an idea.

              OK, I was concerned about the IP because I read a comment somewhere that it should not be changed.  I now realize if it can be changed from the 192 private range to 172 private range then it should be able to be changed to any IP in private range.  I was uncertain because I'm unfamiliar with the product.

              In theory my existing IP should work fine if I can define it in BSD, just a matter of assigning an IP to the interface, em1 if I understand correctly.  I will give it a try, if it doesn't work I can reconfig my lan devices.

              One of my wireless AP's is statically assigned x.1, that is very easy to change but would then still need to reconfig all my other static devices.

              Thanks again

              1 Reply Last reply Reply Quote 0
              • L Offline
                liontaur
                last edited by

                @JonH:

                I read that the standard install sets this up on 192.168.1.1
                Is there any reason I can't change that to say, 192.168.1.100?  I ask this because my current gateway/firewall machine is not using x.1 and it would save a lot of configuring if I did not have to change all the devices on my lan.  I'd rather be able to drop it in with the same IP my current gateway is using.

                I've got a pfSense setup to use 192.168.0.5 as its LAN IP. I've also setup other pfSense boxes to use non-default IPs (like 172.16.0.1 and 192.168.0.1). My experience has included needing to do a reboot of the pfSense box to get the setting to work fine. You can do the change from either terminal (option 2 - Set interface(s) IP addresses) or the web GUI (Interfaces - LAN).

                Don't use the ifconfig command to do it as it won't survive a reboot and I doubt that the bazillion other things that require knowing the LAN IP (like firewall rules) would recognize the change if done through ifconfig.

                1 Reply Last reply Reply Quote 0
                • jahonixJ Offline
                  jahonix
                  last edited by

                  @JonH:

                  …I had read somewhere that it should be left as x.1 so ...

                  That's just false info. You can set your interface to any address you like.
                  As mentioned before, do it via the console menu or the webGUI so your changes will be written to your config.xml file and survive a reboot.

                  1 Reply Last reply Reply Quote 0
                  • J Offline
                    JonH
                    last edited by

                    Thanks all for the informative info.
                    I've ordered the 2440 w/extra storage and reading hundreds of posts and how-to's.

                    1 Reply Last reply Reply Quote 0
                    • stan-qazS Offline
                      stan-qaz
                      last edited by

                      Your copy of the pfSense book will be a big help too, much information in one well organized spot.

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.