Some questions about setting up a pfsense box
-
First of all i am new here so would like to say hello to everyone!!
Now, here is what i would like answered.. I am looking at building up a box with pfsense, as it looks like it can do what i need.
Basically my setup currently is this:
Cisco 2811 router (with NAT configured)
Centos 5.6 server (RADIUS)
Wireless RouterI have a small WISP here, and am wanting to get the following from pfsense: transparent proxy, ability to monitor bandwidth (if possible). Remove NAT from Cisco and create NAT on the pfsense box, Create a coupleVLAN's.. Can pfsense do all of most of this? (reasonably simple hopefully)
Can i install pfsense directly to a normal SATA hard drive in a dedicated box or a virtual on my server?
I mainly want the transparent proxy up and running to assist with bandwidth being used from clients, and pfsense and a few others like smoothwall seem todo all this reasonably easy, and also alot of other things.
Thanks in advance, and assistence is appreciated..
-
Transparent proxy: yes
Bandwidth monitor: yes
NAT: Yes
VLANs: Yes (if the hardware supports it)
Dedicated or Virtual: yesAll of this, and much more, is covered in the documentation ;)
-
Hey yeah thanks for that, I am happy to see that it will all work for what i need.
I figured it is in the documentation, just a little busy right now and thought i would get a quick reply and then get into the documentation.
The only thing i dont understand is what download to get to install to a dedicated server, say a SATA hard drive. The images to me all look like they are just for compact flash or something, 1g, 2g and 4g.. which should i use?
-
Use the search, Luke ;)
Those are for embedded installs, you want the ISO image.
-
Thanks again. I actually had used the search for this and read the versions page on the pfsense site.. I misunderstood that the Live CD was a full install, and not just a Live CD.. Thanks again mate!
-
I have read the documentation and still don't understand a couple of things related to my setup.
I have a small WiSP, my link comes to me directly with a range of 13 IP's, which currently goes directly to my Cisco 2811, which has a NAT configured to change those IP's to my local network 192.168.1.0.. ( sorry but IP's and internet is not my field so am not sure how to explain better, and i dont understand NAT still).
My setup is this: Link in to my office goes into a CSU/DSU, which go into my Cisco. The cisco port with the NAT configured is plugged into a switch, which also my server and a wireless outdoor router is plugged into.
My server just runs FreeRADIUS. I was hoping to have a setup something like the pfsense box taking the link and configuring the NAT, so i can take the NAT off the cisco, cause the memory isnt huge on the cisco. I was hoping that i can then have some kinda vlan so that the outdoor router still connects through my firewall but protects my local network from the outside world. But still needing the router to pass logins through the RADIUS. Then i want squid on the pfsense box for caching.. is this possible and how do i do this? i am sorry, but i don't know how to describe this any better…
-
Each of these is individually possible, and that means that it should be possible to do it all. I would however suggest that instead of asking it as a single question you tackle it step by step. Anything else will be much, much harder.
You'll want the:
-
CARP/VIP forum for the multiple routable IP addresses
-
NAT forum for port forwarding/NAT
-
Packages forum for Squid
-
-
Ok thanks mate. Just as a last question.. once i have the NAT and all that setup and working on my pfsense box, does that make the cisco router no longer needed? I think i have to use it as it has the WIC's for my internet connection.. But again, i dont know too much about this kinda stuff
-
That depends, you may be able to use the pfSense host for that.
-
Hmm.. interesting.. i'll have to look into that. I find what i want to do hard to even decide how to do it..
I am not that great with networking stuff.. i just know that i need to protect my internal network (server) from the outside network, but unsure how to as people connecting to my Wireless Connection need the server which is on my internal network to accept their connection with the RADIUS server.
-
Ok thanks mate. Just as a last question.. once i have the NAT and all that setup and working on my pfsense box, does that make the cisco router no longer needed? I think i have to use it as it has the WIC's for my internet connection.. But again, i dont know too much about this kinda stuff
Depending on your connection type, you can either:
Ditch the Cisco and use a DSL/ ATM bridge/ modem
or
Have the Cisco bridge the IPs to the pfSense box (if using some other interface than xDSL/ ATM) -
Thanks for the reply.. i dont entirely understand what you are saying.. I have a fiber optic connection coming into my building, i have 2 big old looking modems. (DSU/CSU), each of these plug into my cisco 2811 as it has 2 WIC's.
The cisco i have no access to make any changed to it, as it is from the company we buy our link from. All they have done on it so far is created a NAT so can have my internal network of 192.168.1.XX
I have read a bunch of the documentation here and tutorials on other sites, but i dont understand what a WAN is? I know LAN is my internal network, so i guess WAN is my link? I have a setup with which i guess i need 2 LAN's.. but i dont know as the setup mentions having i LAD and 2 WAN's.. confusion!!
-
If this is the case, then you will be doing a double-NAT configuration. In this scenario, the network segment between the WAN interface of your pfSense box and the ethernet interface of your 2811 should be treated as your WAN network segment. The down side to this type of configuration is that you cannot allow any inbound services (SMTP, HTTP, etc) without having your provider create port forwards for you on the 2811 and then you repeat the same configuration on your pfSense box. Your network would then look something like this:
Office LAN -> pfSense LAN -> [pfSense box] -> pfSense WAN -> 2811 Ethernet -> [2811 box] -> 2811 Fiber connection -> Internet