NIC interface "zones"?

kobos · Jan 2, 2007, 11:41 AM

Hi all

I'm looking into a Linux firewall OS and I need to have the "zones" feature which is in IPcop and Smoothwall, but they don't work fully with my hardware.

I need to have 6 zones each with their own rules relating to each other. (each zone would have their own NIC)
Red -> Internet
Blue -> Wifi only access to red
Yellow -> semi-trusted staff limited access to orange
Orange -> SQL Server and backups (limited access to internet) with secondary firewall
Green -> Admin
Purple -> NAS and Printers

So is that config possible with PFsense?

regards

stefan

hoba · Jan 2, 2007, 11:51 AM

If you really want a Linux firewall pfSense is not suitable for you. It runs freebsd :P

Besides that pfSense can handle any amount of interfaces (that your hardware can handle, I have heard from people using it with 12 interfaces already). It also doesn't have this unflexible classification for interfaces (like, green, red, orange, blue,…). You can setup any interface with custom rules.

So the answer (besides the Linux thing) is: Yes, pfSense can do all that.

yoda715 · Jan 2, 2007, 12:28 PM

Yes, Pfsense can do all that in a much simpler way :)

kobos · Jan 2, 2007, 1:51 PM

linux = not freebsd = verbally slap myself… :)

how do i create rules for this / is there a tut?

hoba · Jan 2, 2007, 2:27 PM

First set up and assign all interfaces (wither from the shell or from the webgui interfaces menu). Then add required firewallrules under firewall>rules. Each interface will appear as seperate tab. Firewallrules are always applied for incoming traffic and rules are applied top down. First match wins. At the bottom there is always an invisible "block anything" rule, so anything not explicitly allowed will be blocked. If you need seperate DHCP-Servers for each interface you can set them up at services>dhcp server (you'll find a tab for each interface there). I think the rest should be pretty clear once you start editing firewallrules.

kobos · Jan 2, 2007, 3:27 PM

yar, clarity!

I'll be using this then!

yoda715 · Jan 3, 2007, 8:39 PM

@kobos:

yar, clarity!

I'll be using this then!

Awesome! Spread the word to your IP-Cop and Smoothwall friends ;D

kobos · Jan 13, 2007, 7:23 PM

ok i've installed PFsense on an old box works fine with just a LAN and a WAN interface. I want to now add another LAN interface for an AP.
But when i assign the interface on the webgui the new interface configuration is for a WAN interface. How do i change that so it runs a DHCP server on it and acts like a LAN interface?

hoba · Jan 13, 2007, 8:34 PM

Create firewallrules at firewall>rules, new_interface_tab. You can setup DHCP server for this interface at services>dhcp server, new_interface_tab.