Pure router and traffic shaper
-
From your description: I don't see why pfSense shouldn't work for this.
If you're familiar with m0n0wall, then you'll find pfSense very easy. -
Thanks for your answer. I was find in Google that to turn off NAT I need to disable the firewall under system/advanced. But the traffic shaper is in menu firewall. Will the shaper work with disabled firewall? And will the shaper limit all traffic e.g. also GRE and IP xy?
I forgot to ask: Is there a way to reach the same goal with m0n0wall?
-
I know you probably don't want to hear this, but why add the extra complexity of two boxes when it can be done with one?
Pfsense forked from monowall so that it could provide the extra functionality that you need, so why not embrace it and make the switch? ;D -
Of course one single box would be nice :) But I'm not sure if pfSense can serve all the requirements. Attached you will find a picture showing what I'm planing. I need to disable NAT between the transfer net (62.x) and the public IP net (213.x). But I need NAT between the public IP net and my private VLANs.
For example: Our mailserver's private LAN IP is 10.1.0.5 and the public IP of mail.company.com is 213.x.x.139, which the provider is routing via the transfer net 62.x.x.152 to us. For outgoing mails I need to use the IP 213.x.x.139 also.
-
Yes pfSense can do this.
You can even take your existing m0n0wall config and import it on the pfSense.Regarding disabling NAT/firewall:
While you can disable them completly i wouldn't do that. Rather enable manual NAT rule generation and delete all NAT entries. Effectively creating a routing only platform.
To "disable" the firewall, just set on all interfaces an "allow all" rule.If you'd go with a singlebox solution:
you can specify very granularly what you want to NAT from where to where, and what not. -
I want to try pfSense and test the single box option and the transfer router option. Which image should I chose when installing on CF card on Alix 2D13 board (no VGA)?
Thank you!
-
Use the image with the size of your CF card.
If you want to go with 1.2.3 then one of these images:
- pfSense-2.0-RC3-512mb-i386-20110621-1821-nanobsd.img.gz
- pfSense-1.2.3-RELEASE-1g-nanobsd.img.gz
- pfSense-1.2.3-RELEASE-2g-nanobsd.img.gz
- pfSense-1.2.3-RELEASE-4g-nanobsd.img.gz
If you want to go with 2.0 one these images:
- pfSense-2.0-RC3-512mb-i386-20110621-1821-nanobsd.img.gz
- pfSense-2.0-RC3-1g-i386-20110621-1821-nanobsd.img.gz
- pfSense-2.0-RC3-2g-i386-20110621-1821-nanobsd.img.gz
- pfSense-2.0-RC3-4g-i386-20110621-1821-nanobsd.img.gz
I would recommend to use the 2.0 image, even if it's still RC3.
-
It depends the size of your cf card
-
Thanks, it's actually writing on CF card ;-)
-
One more question: Later in production use I want to run pfSense on old IBM Server hardware (Xeon CPU, 2 GB RAM, GBit NICs). What is more recommended a) installing pfSense on hard disk, which could become damaged or b) to install the nanoBSD version on USB memory stick?
Thanks!