Installing on a Firebox X700
-
Yes im trying tpo replace the whole ISP and run my static and my 192.168.1 on my lan
-
Ok, well what exactly are you struggling with?
How have you setup your different interfaces so far?What are you hoping to achieve as the final network setup?
Steve
-
my wan has a static of 108 X X X and can go up to 110 but i have a staic and my email server so it can be accessed publicly everything else has a 192 x x x address beside that one email server
-
ok i want to have my wan set to the static and then be able to plug the server in using another 108 x x x address and then plug a switch to connect all the lan devices like other servers and computers and so forth . Then be able to set up a vpn to access stuff and add another public email server!!!!
-
Ah ok.
You can do this in the traditional way using port forwarding as you would have with your old router.
http://doc.pfsense.org/index.php/How_can_I_forward_ports_with_pfSense%3FOr, because you have 5 interfaces available you can use a public IP on one of those directly. However this is far more complex.
You cannot have public and private IPs on the same interface:
http://doc.pfsense.org/index.php/Can_I_have_public_and_private_IPs_on_my_LAN_interface%3FI recommend you use port forwarding for now and get more pfSense experience before attempting a complex configuration.
Steve
-
Steve,
Im still having a hell of a time trying to get this to work!! sorry im a newbeeOK so all i want to do is configure this pfsense box this what im trying to do!
PFSENSE BOX WITH WAN PUBLIC IP>FIREBOX PORT 2 WITH ANOTHER PUBLIC STATIC FOR EMAIL SERVER/WEBSERVER>THEN A SWITCH FOR THE LAN THAT WILL HAVE 4 OTHER SERVERS RUNNING, WIFI, PRINTER AND THE STUFF I USE ON THE WAN.
I'm just sorts of confused is this how you would do it????
IF not let me know like i said i was using my ISP given router but go sick of all the problems this is something new for me~~~
Thanks for helping me out!!!!
-
Ok, so you want to have one of your public IPs for the firebox and another for your mail server. This is fairly common.
It's possible to pass the public IP to your mail server directly but I've never tried that. You can always change things later.
This is what I would do.Enable and assign an extra interface on the firebox. E.g. re2 as OPT1. Rename it as LAN2 (entirely optional).
Set it as static IP, say 192.168.2.1/24, and enable a DHCP server on it.
Add a firewall rule on the new interface to allow traffic out from it to the internet.
Connect your mail/web server to LAN2 and ensure that in receives an IP and you can access it.Now in order to assign a different public IP to it you need to add a virtual IP to the WAN interface.
Go to Firewall: Virtual IPs: and add a new one with type 'IP alias' on your WAN interface. Give it one of your public IP addresses.Now you can either add port forwarding rules to your server if you just need a few services or use 1:1 NAT for all services. Use your new virtual IP as the destination.
As I write this I realise I'm a bit vague on the details here. You may want to search the forum for other explanations.
Steve
-
Steve ,
Still cant get a ip on the lan, from the new lan 2 i can ping the wan but cant get a ip when i plug in a device
-
You need to leave the gateway as 'none' in the interface config (gateways are only used on WAN interfaces).
Then setup a dhcp server on the interface in Services: DHCP Server: LAN2.Steve
-
Ok i just tried what ou said took all the gateways off and reconfigured the dhcp server on LAN2 and still nothing? what should i do give up? ???
-
What else could i be missing?
-
Are you getting a phsical connection on the LAN2 interface?(the leds lighting up when you plug in the client). I only ask because on my box I had to put a switch in between the firebox and any client computers. Hard to beleive but I think the X-Core may be old enough that it doesn't has auto MDIX.
Dont give up now after 5 pages! :D
Steve
-
this is weird to me so i tried using 192.168.2.0 for the lan it didnt work and used the 192.168.1.1 and i can plug stuff in and it works do you know why? also by using the 192.168.1.0 range when i install wifi is this gonna cause problems?
-
Each interface must use a different subnet. The usual subnet is /24 (subnet mask 255.255.255.0). If you are using a /24 (you are) then 192.168.1.1 and 192.168.1.0 both in the same subnet.
You can add you access point to the LAN, just connect it to the switch, and that will be no problem. However you may want it on a separate interface for better security.
Adding an extra interface should be relatively easy.
Steve
-
yes sorrry typed wrong why would the 192.168.1.1 allow me to the internet but not the 192.168.2.1? aloso when i log in it says unable to update? Did the name change for the update site?
-
was playing with it AGAIN tonight and trying to get wifi set up, no luck i thinks its because it overlaps with the 192.168.1 X network so i need to figure out how to configure another lan for wifi and use the 192.168.1.X for stuff that doesnt need a public ip? AM I correct?
-
I'm not sure how you have your wifi access point connected and configured but yes you need it on a different subnet if you are connecting it to a different interface. It doesn't matter which subnet you give to each interface as long as they are different.
yes sorrry typed wrong why would the 192.168.1.1 allow me to the internet but not the 192.168.2.1?
If when you connect your client to the new interface you receive an IP but can't get internet access it's very likely that you have not configured a firewall rule on that interface to allow it.
Look at the default rule on the LAN interface. Copy that rule to LAN2 but change references to LAN to LAN2.
This will give a very permissive connection (everything is allowed out) but you can always change that later.Steve
-
Steve,
Thank you so much for kindly helping a newbie!! Things are up and running great thanks to your help!!!Now time to do some learning!!! -
ohhh, :D
one more quick question is there a fix for the led lights mine are orange and red?Thanks
-
just noticed this error when trying to update
""""Downloading new version information…done
Unable to check for updates.
Could not contact pfSense update server http://updates.pfsense.org/FreeBSD_RELENG_8_1/i386/pfSense_RELENG_2_0/.updaters/""Is there a fix for this?
