Two firewalls - question?
-
Hello…
I have a question?
I have to limit bandwidth per host in my network. I know it is difficult to do with pfSense. I wonder is it possible to do this with m0n0 as on the sheme below. Does pfSense work on the same subnet on all interfaces, or do I have to setup diffrent subnet on fxp0 and vr0 ??Thx for comment's and some wise suggestion's....
[xl0] (wan address)
–----------------------------------
| |
| m0n0wall |
| |
| (DHCP) (limit p/host) |
------------------------------------
[fxp0] (192.168.1.1/24)
V
V
V
[vr0] (192.168.1.2/24)
–----------------------------------
| |
| pfSense |
| |
| |
| (squid) (DHCP relaying) |
| (wireless interfaces) |
--------------------------------------
[wi0] [wi1] [wi2]
(192.168.1.3) (192.168.1.4) (192.168.1.5)wireless client's somwhere here ;-)
-
Does pfSense work on the same subnet on all interfaces, or do I have to setup diffrent subnet on fxp0 and vr0 ??
you have to have different subnets. No IP routing device (essentially what you're doing here w/pfsense) can use the same subnet on multiple interfaces.
Make sure you disable NAT on pfsense (enable advanced outbound NAT and remove all NAT rules)
-
-
??? How to setup DHCP in m0n0 on Lan interface if it will be on different subnet?
you can't. m0n0wall (nor pfsense) isn't intended for a full scale DHCP server, so neither supports multiple subnets off of one interface. If you want DHCP on the LAN side of psense, use pfsense's DHCP.
-
@cmb:
you can't. m0n0wall (nor pfsense) isn't intended for a full scale DHCP server, so neither supports multiple subnets off of one interface. If you want DHCP on the LAN side of psense, use pfsense's DHCP.
Hmmm that's not good news…. how to use shaper and firewall on m0n0 using DHCP on pf? m0n0 will not know anythign about hosts on pf.
Mayby any other solution? Does anyone have any idea, how to do this ?? -
We have the same DHCP options as m0n0wall. What exactly are you looking for?
-
Hmmm that's not good news…. how to use shaper and firewall on m0n0 using DHCP on pf? m0n0 will not know anythign about hosts on pf.
huh? That has nothing to do with the functionality of the shaper on m0n0wall, it doesn't have to serve DHCP IP's to them to know what to do about them.
-
@cmb:
huh? That has nothing to do with the functionality of the shaper on m0n0wall, it doesn't have to serve DHCP IP's to them to know what to do about them.
You are right… but only in case of static IP or static DHCP mapping. Problem is with wireless client's, couse they may roam between station's. Probably I'll have to set static DHCP mapping on all wireless interfaces, in three diffrent subnets... if so, I'll have to setup three aliases per each host on m0n0, to easy manage shaper rules. It's getting little clumsy.. don't you think?
Perfect situation is when all wireless client's are in the same subnet, in this case there is no problem with client's roaming, aliases, traffic shaping.. etc..Am I wrong :-\
-
Sounds to me like you aren't really using pfsense for anything in this setup. Why not pull it and just use m0n0, seems like it suits your needs already without making your network (and life) needlessly complex.
–Bill
-
I guess he wants pfSense to be the AP. And I think m0n0s wireless support is somewhat limited.
-
@lsf:
And I think m0n0s wireless support is somewhat limited.
Exaclty, that's the reason I pointing to fps.
Does anybody can give me some good advise, how to do this? -
Set up the wireless in pfsense as a bridge then?
–Bill
-
Set up the wireless in pfsense as a bridge then?
–Bill
what do you mean?? make a bridge with each wireless interface to what?? to wan interface?
Meanwhile I've noticed that is some problem with bridge's in pfs <http: cvstrac.pfsense.com="" tktview?tn="693">:-\I'm confused… I'd like to use pfs as AP couse it has very usefull features....
Anyway I'm going to make some tests with bridging....</http:>