• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Whats Next?

Scheduled Pinned Locked Moved Off-Topic & Non-Support Discussion
14 Posts 6 Posters 815 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • D
    Digiguy
    last edited by Feb 19, 2023, 5:52 PM

    Newbie to pfsense after converting from another route/firewall or as they called themselves a UTM. I have setup pfsense at home with a VERY simple network but I ask myself, Did I set it up correctly? Am I using the proper private address and mask? Is my wireless setup correctly? Is my old Dell computer and old network card work okay? I know I know... WAY too many questions all in one thread. I don't want to just "Set it and Forget it" So I will be asking these and more specific questions later. I also don't want to eat the whole elephant but rather take little bites and learn little by little. I have looked at the 2000+ page pfsense documentation so I have RTFM...lol. If anyone has some insight on how to learn it and what to look at 1st without trying to swallow it all that would be helpful.. One thing I am am interested in right off the bat is what task I should be doing/looking at on a daily, weekly, monthly basis. How do I read and make sense of logs.... anyhow, thanks for at least reading 😊

    J J S 3 Replies Last reply Feb 19, 2023, 6:13 PM Reply Quote 0
    • J
      johnpoz LAYER 8 Global Moderator @Digiguy
      last edited by Feb 19, 2023, 6:13 PM

      @digiguy said in Whats Next?:

      Did I set it up correctly? Am I using the proper private address and mask?

      Do you have internet? Guess its setup "correctly" then ;) As to proper private IP and mask - this is pretty broad question.. What space you use in rfc1918 is pretty open to whatever you want to use.. Some suggestions just to lower the risk of possible issues in the future if you plan on setting up say remote vpn into your pfsense while you out and about at different locations.

      Don't use the common 192.168.0, 192.168.1 networks - or a mask that would include those.. 192.168.0.0/16 going to be problematic for example.. And no point in using such a large network, when you have say a handful of devices.

      Common practice for home networks is /24 as the mask, this allows for lots of devices on a network 254 while not being huge, and makes it easy to determine networks vlans going forward if you end up doing that where the 3rd octet is the network.. So easy to see that 192.168.10.x is different network than say 192.168.11

      But really your free to use anything in 192.168/16, 10/8 or 172.16/12 no real wrong answer here..

      As to set it and forget it - that is really up to you as well.. It is quite possible to set it up and it will just work.. And really not much to do, until such time as you want to do "something"

      As to things to do or look at - I would suggest you check to see if new version of pfsense out on somewhat regular basis.. One thing users coming from your typical soho router can get overwhelmed or shocked by is the vast amount of "noise" on the internet that their soho router didn't show them... Ie hits to your pfsense wan IP from all over the globe at all times and hours of the day on all kinds of different ports.. Doesn't mean anything is wrong, or bad - the internet is a noisy place.

      Or even blocks on their lan side for IPv6 or Multicast, or just broadcast traffic, etc. etc.. So prob you want to at least familiarize yourself with what is being logged in the firewall.. Do you want to see all of it all the time, or do you want to create some rules to minimize the amount of noise that gets logged, etc.

      As to making sense of the logs - that can be a bit of a learning curve if you don't have a lot of networking experience.. As mentioned all the wan traffic you will most likely see. Or even blocks on your lan side trying to understand what it all is..

      Lots of people here happy to explain any questions you might have about really anything - so welcome to using pfsense.. Have Fun..

      First thing though is to memorize every word of the manual, and be able to recite it from memory - there will be a test later, just kidding ;)

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.8, 24.11

      1 Reply Last reply Reply Quote 0
      • J
        Jarhead @Digiguy
        last edited by Feb 19, 2023, 6:20 PM

        @digiguy Just a suggestion for private addresses, I use the home/business owners birthday with a 10./24.
        So if today is your birthday, your subnet will be 10.2.19.0/24.
        This leaves the "usual" 192.168 addresses to be used for vpn tunnels and anything else that wouldn't overlap anywhere.
        Been doing that for years and still never used the same subnet twice!
        Still waiting for it to happen.

        J 1 Reply Last reply Feb 19, 2023, 6:23 PM Reply Quote 1
        • J
          johnpoz LAYER 8 Global Moderator @Jarhead
          last edited by johnpoz Feb 19, 2023, 6:28 PM Feb 19, 2023, 6:23 PM

          @jarhead that is actually a pretty slick way of coming up with network without having to put much thought into it, and should be unique, etc..

          This came to mind when you mention

          Been doing that for years and still never used the same subnet twice!

          https://en.wikipedia.org/wiki/Birthday_problem

          bday.jpg

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          J 1 Reply Last reply Feb 19, 2023, 6:36 PM Reply Quote 0
          • S
            SteveITS Galactic Empire @Digiguy
            last edited by Feb 19, 2023, 6:27 PM

            @digiguy There is not much maintenance needed. Updates come out 3x/year for plus and apparently less for CE.

            Everyone will have their own way of doing things. We turn off logging if the default block rule so there’s very little noise in the logs. (In logs page settings)

            Netgate has video “hangouts” if you prefer video.

            Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
            When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
            Upvote 👍 helpful posts!

            1 Reply Last reply Reply Quote 0
            • J
              Jarhead @johnpoz
              last edited by Feb 19, 2023, 6:36 PM

              @johnpoz Ha! Interesting graph.
              By that, it should've happened by now!
              Still wondering what I should do when it does happen, does that warrant buying the owner a beer?

              1 Reply Last reply Reply Quote 0
              • D
                Digiguy
                last edited by Digiguy Feb 19, 2023, 6:42 PM Feb 19, 2023, 6:39 PM

                Great to get such quick detailed responses to such a vague and generalized post! Thank you!!! I have D/Led the pfsense documentation/manual. Will start memorizing all 2000+ pages... LMAO!

                For my private address, I have gone away from 192.168.x.x and utilzed 172.16.0.x/16 Its what I used with what I had before won't mention any names but here is the initials (Untangle - lol) Seems to have worked.

                One reason I question my configuration is I have had some issues. My wireless access point wasn't working. A power cycle and cable reconnecting looks like it helped. I did notice my wan did go down/up and not sure if that was the start of the issue. Still attempting to read the logs to see if I can determine the issues...

                J 1 Reply Last reply Feb 19, 2023, 7:05 PM Reply Quote 0
                • J
                  johnpoz LAYER 8 Global Moderator @Digiguy
                  last edited by Feb 19, 2023, 7:05 PM

                  @digiguy said in Whats Next?:

                  utilzed 172.16.0.x/16

                  /16? You have plans of 65k some devices on this network?

                  I'm pretty sure /24 would work fine, or /23.. /16 is huge for a single segment..

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                  1 Reply Last reply Reply Quote 0
                  • D
                    Digiguy
                    last edited by Feb 19, 2023, 7:11 PM

                    uhh.. no plans to expand that big... lol.. will change it to 24... thanks!

                    J 1 Reply Last reply Feb 19, 2023, 7:27 PM Reply Quote 0
                    • J
                      Jarhead @Digiguy
                      last edited by Feb 19, 2023, 7:27 PM

                      @digiguy I see a lot of people using /16's for their LAN. Think of the broadcast traffic that generates alone. It makes no sense at all.

                      1 Reply Last reply Reply Quote 0
                      • D
                        Digiguy
                        last edited by Digiguy Feb 19, 2023, 7:51 PM Feb 19, 2023, 7:33 PM

                        Nevermind... doing some reading and I am seeing some of the answers in Dr Google... lol

                        You are certainly correct on the extra traffic. If I setup another interface for a internal web server, a DMZ(OPT1), do I need another segment? a subnet? What or how should that interfaces IP be setup? Static? dhcp? What should my internal web server's static IP be?

                        J Dobby_D 2 Replies Last reply Feb 19, 2023, 10:04 PM Reply Quote 0
                        • J
                          Jarhead @Digiguy
                          last edited by Feb 19, 2023, 10:04 PM

                          @digiguy The answer to all of those questions is "Up to you".
                          It really depends on what you want but yes, you would use another subnet on another interface and you would set the interface address statically but you can use DHCP for connected devices. Really is up to you.

                          1 Reply Last reply Reply Quote 0
                          • Dobby_D
                            Dobby_ @Digiguy
                            last edited by Feb 20, 2023, 11:43 PM

                            @digiguy

                            pfSense Documentation

                            You could have a look in, if you find something you may interested or it is matching your needs or fitting the rest of
                            your network. If you find something configure it out following that docu.

                            #~. @Dobby

                            Turris Omnia - 4 Ports - 2 GB RAM / TurrisOS 7 Release (Btrfs)
                            PC Engines APU4D4 - 4 Ports - 4 GB RAM / pfSense CE 2.7.2 Release (ZFS)
                            PC Engines APU6B4 - 4 Ports - 4 GB RAM / pfSense+ (Plus) 24.03_1 Release (ZFS)

                            1 Reply Last reply Reply Quote 0
                            • P
                              Philipgran
                              last edited by Philipgran Apr 6, 2023, 8:38 AM Apr 6, 2023, 8:36 AM

                              This post is deleted!
                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                                This community forum collects and processes your personal information.
                                consent.not_received