PFsense with Syswan SW88 Multi Wan Router in front

Guest

You would be far better served to use pfSense as your router/firewall, and offload snort and squid to separate boxes.

GruensFroeschli

Yeah this was my first thought too.
If you're already going to have 2 boxes, why not 2x pfSense?
Or pfSense for loadbalancing and another system for snort/squid if you cannot get it to run on pfsense.

dschmid

Hello, I only got an small IBM ThinkCenter as pfsense box and I have to connect seven DSL Modems to it. But I only got one nic for my internal and one for my wan. Is it possible to connect the modems to a switch wich supports vlan?

Perry

yes they just need to have a different gateways
http://pfsense.site88.net/mysetup/index.html

GruensFroeschli

Yes.
Or if the modems are in NAT/routing mode you could even have all their LANs in a single subnet and modify the config.xml manually so you balance between the LAN-IP's of the modems.
–> Different gateways as perry said.

[WAN]          [WAN]         [WAN]          [WAN]          [WAN]          [WAN]           [WAN]
  Modem         Modem         Modem         Modem         Modem          Modem          Modem
       |      172.17.10.2/24      |         172.17.10.4/24         |        172.17.10.6/24      |
  [LAN]           [LAN]          [LAN]              [LAN]          [LAN]            [LAN]          [LAN]
172.17.10.1/24   |        172.17.10.3/24         |       172.17.10.5/24       |          172.17.10.7/24
       |               |                |                    |                 |                |                 |
       |               |                |                    |                 |                |                 |
       –-----------------------------------------------------------------------------
                                                          switch
                                                              |                   
                                                              |
                                                              |
                                                              |
                                                              |
                                                [WAN] 172.17.10.100/24
                                                         pfSense
                                                  [LAN] 10.0.0.1/24
                                                              |
                                                              |
                                                              |
                                                           clients

dschmid

The problem I've got is that I can't enable dmz on the cheap modem routers from the provider or can I forward all ports 1-65535 tcp/udp to the pfsense box?

GruensFroeschli

@dschmid:

Or can I forward all ports 1-65535 tcp/udp to the pfsense box?

Yes.
I have to do that on my modem at home too because it's a piece of shit (never came around to buy a better modem ^^" )

dschmid

OK I try this this weekend. Thank you very much.

dschmid

Sorry I forgot to ask how to insert the different gateways into the config.xml and activate Load Balancing.

GruensFroeschli

1: Create a balancing pool and add a dummy-entry.
2: Download the config.xml and find the part with the info you add.
3: Copy/Paste your dummy entry and fill in the real gateway/monitor IPs.

As monitoring IP use one of the immediate hops on your ISP's side.
You cannot have the same monitoring IP for different WANs.

4: Restore the config.xml.

Now your manually added infos should show up.