Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Installing on a Firebox X700

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    108 Posts 7 Posters 45.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G Offline
      GOBIGRED
      last edited by

      Yes im trying tpo replace the whole ISP and run my static and my 192.168.1 on my lan

      1 Reply Last reply Reply Quote 0
      • stephenw10S Offline
        stephenw10 Netgate Administrator
        last edited by

        Ok, well what exactly are you struggling with?
        How have you setup your different interfaces so far?

        What are you hoping to achieve as the final network setup?

        Steve

        1 Reply Last reply Reply Quote 0
        • G Offline
          GOBIGRED
          last edited by

          my wan has a static of 108 X X X and can go up to 110 but i have a staic and my email server so it can be accessed publicly everything else has a 192 x x x address beside that one email server

          1 Reply Last reply Reply Quote 0
          • G Offline
            GOBIGRED
            last edited by

            ok i want to have my wan set to the static and then be able to plug the server in using another 108 x x x address and then plug a switch to connect all the lan devices like other servers and computers and so forth . Then be able to set up a vpn to access stuff and add another public email server!!!!

            1 Reply Last reply Reply Quote 0
            • stephenw10S Offline
              stephenw10 Netgate Administrator
              last edited by

              Ah ok.
              You can do this in the traditional way using port forwarding as you would have with your old router.
              http://doc.pfsense.org/index.php/How_can_I_forward_ports_with_pfSense%3F

              Or, because you have 5 interfaces available you can use a public IP on one of those directly. However this is far more complex.

              You cannot have public and private IPs on the same interface:
              http://doc.pfsense.org/index.php/Can_I_have_public_and_private_IPs_on_my_LAN_interface%3F

              I recommend you use port forwarding for now and get more pfSense experience before attempting a complex configuration.

              Steve

              1 Reply Last reply Reply Quote 0
              • G Offline
                GOBIGRED
                last edited by

                Steve,
                Im still having a hell of a time trying to get this to work!! sorry im a newbee

                OK so all i want to do is configure this pfsense box this what im trying to do!

                PFSENSE BOX WITH WAN PUBLIC IP>FIREBOX PORT 2 WITH ANOTHER PUBLIC STATIC FOR EMAIL SERVER/WEBSERVER>THEN A SWITCH FOR THE LAN THAT WILL HAVE 4 OTHER SERVERS RUNNING, WIFI, PRINTER AND THE STUFF I USE ON THE WAN.

                I'm just sorts of confused is this how you would do it????

                IF not let me know like i said i was using my ISP given router but go sick of all the problems this is something new for me~~~

                Thanks for helping me out!!!!

                1 Reply Last reply Reply Quote 0
                • stephenw10S Offline
                  stephenw10 Netgate Administrator
                  last edited by

                  Ok, so you want to have one of your public IPs for the firebox and another for your mail server. This is fairly common.

                  It's possible to pass the public IP to your mail server directly but I've never tried that. You can always change things later.
                  This is what I would do.

                  Enable and assign an extra interface on the firebox. E.g. re2 as OPT1. Rename it as LAN2 (entirely optional).
                  Set it as static IP, say 192.168.2.1/24, and enable a DHCP server on it.
                  Add a firewall rule on the new interface to allow traffic out from it to the internet.
                  Connect your mail/web server to LAN2 and ensure that in receives an IP and you can access it.

                  Now in order to assign a different public IP to it you need to add a virtual IP to the WAN interface.
                  Go to Firewall: Virtual IPs: and add a new one with type 'IP alias' on your WAN interface. Give it one of your public IP addresses.

                  Now you can either add port forwarding rules to your server if you just need a few services or use 1:1 NAT for all services. Use your new virtual IP as the destination.

                  As I write this I realise I'm a bit vague on the details here. You may want to search the forum for other explanations.

                  Steve

                  1 Reply Last reply Reply Quote 0
                  • G Offline
                    GOBIGRED
                    last edited by

                    Steve ,

                    Still cant get a ip on the lan, from the new lan 2 i can ping the wan but cant get a ip when i plug in a device

                    1 Reply Last reply Reply Quote 0
                    • stephenw10S Offline
                      stephenw10 Netgate Administrator
                      last edited by

                      You need to leave the gateway as 'none' in the interface config (gateways are only used on WAN interfaces).
                      Then setup a dhcp server on the interface in Services: DHCP Server: LAN2.

                      Steve

                      1 Reply Last reply Reply Quote 0
                      • G Offline
                        GOBIGRED
                        last edited by

                        Ok i just tried what ou said took all the gateways off and reconfigured the dhcp server on LAN2 and still nothing? what should i do give up? ???

                        1 Reply Last reply Reply Quote 0
                        • G Offline
                          GOBIGRED
                          last edited by

                          What else could i be missing?

                          1 Reply Last reply Reply Quote 0
                          • stephenw10S Offline
                            stephenw10 Netgate Administrator
                            last edited by

                            Are you getting a phsical connection on the LAN2 interface?(the leds lighting up when you plug in the client). I only ask because on my box I had to put a switch in between the firebox and any client computers. Hard to beleive but I think the X-Core may be old enough that it doesn't has auto MDIX.

                            Dont give up now after 5 pages!  :D

                            Steve

                            1 Reply Last reply Reply Quote 0
                            • G Offline
                              GOBIGRED
                              last edited by

                              this is weird to me so i tried using 192.168.2.0 for the lan it didnt work and used the 192.168.1.1 and i can plug stuff in and it works do you know why? also by using the 192.168.1.0 range when i install wifi is this gonna cause problems?

                              1 Reply Last reply Reply Quote 0
                              • stephenw10S Offline
                                stephenw10 Netgate Administrator
                                last edited by

                                Each interface must use a different subnet. The usual subnet is /24 (subnet mask 255.255.255.0). If you are using a /24 (you are) then 192.168.1.1 and 192.168.1.0 both in the same subnet.

                                You can add you access point to the LAN, just connect it to the switch, and that will be no problem. However you may want it on a separate interface for better security.

                                Adding an extra interface should be relatively easy.

                                Steve

                                1 Reply Last reply Reply Quote 0
                                • G Offline
                                  GOBIGRED
                                  last edited by

                                  yes sorrry typed wrong why would the 192.168.1.1 allow me to the internet but not the 192.168.2.1? aloso when i log in it says unable to update? Did the name change for the update site?

                                  1 Reply Last reply Reply Quote 0
                                  • G Offline
                                    GOBIGRED
                                    last edited by

                                    was playing with it AGAIN tonight and trying to get wifi set up, no luck i thinks its because it overlaps with the 192.168.1 X network so i need to figure out how to configure another lan for wifi and use the 192.168.1.X for stuff that doesnt need a public ip? AM I correct?

                                    1 Reply Last reply Reply Quote 0
                                    • stephenw10S Offline
                                      stephenw10 Netgate Administrator
                                      last edited by

                                      I'm not sure how you have your wifi access point connected and configured but yes you need it on a different subnet if you are connecting it to a different interface. It doesn't matter which subnet you give to each interface as long as they are different.

                                      @GOBIGRED:

                                      yes sorrry typed wrong why would the 192.168.1.1 allow me to the internet but not the 192.168.2.1?

                                      If when you connect your client to the new interface you receive an IP but can't get internet access it's very likely that you have not configured a firewall rule on that interface to allow it.
                                      Look at the default rule on the LAN interface. Copy that rule to LAN2 but change references to LAN to LAN2.
                                      This will give a very permissive connection (everything is allowed out) but you can always change that later.

                                      Steve

                                      1 Reply Last reply Reply Quote 0
                                      • G Offline
                                        GOBIGRED
                                        last edited by

                                        Steve,
                                        Thank you so much for kindly helping a newbie!! Things are up and running great thanks to your help!!!Now time to do some learning!!!

                                        1 Reply Last reply Reply Quote 0
                                        • G Offline
                                          GOBIGRED
                                          last edited by

                                          ohhh,  :D
                                          one more quick question is there a fix for the led lights mine are orange and red?

                                          Thanks

                                          1 Reply Last reply Reply Quote 0
                                          • G Offline
                                            GOBIGRED
                                            last edited by

                                            just noticed this error when trying to update
                                            """"Downloading new version information…done
                                            Unable to check for updates.
                                            Could not contact pfSense update server http://updates.pfsense.org/FreeBSD_RELENG_8_1/i386/pfSense_RELENG_2_0/.updaters/""

                                            Is there a fix for this?

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.