PfSense Newbie MAC Problem
-
Hope you guys can help
I have a NEW pfsense 2.01 Server running at a customers site.
My WAN Interface is on an ADSL Router (PPOE)
My Lan Interface is 192.168.1.2
My DNS for the PC are 192.168.1.2I have a Linux File Server running on IP 192.168.1.10
I have a situation where i have 30 Windowz PC on a DHCP Range is 192.168.1.20 - 100
They can see and use the services from the Linux Server 192.168.1.10This is my problem
I have a Few MACS (10 MACS) on a Range of 192.34.43.10 - 19 on the same LAN SWITCHWhat do i do to get the MACS to use the pfsense as a Proxy Server so that they can Browse the Web and also use the Services from the Linux Server 192.168.1.10
Any help greatly appreciated
Sorry for the noob questions ;D
-
What do i do to get the MACS to use the pfsense as a Proxy Server so that they can Browse the Web and also use the Services from the Linux Server 192.168.1.10
Change the MACs to use DHCP for their network configuration.
-
wallabybob thanks for your reply
Yep i understand that however it's not that simple, let me try to explain.
they are currently using another proxy distro on the network and i have had to replace their old linux file server with a new updated system
i now have to replace their old proxy server with a new one hence pfsense (captive portal is what got me interested in it - i normally use ipcop or ipfire)
so their current old proxy server gives the macs access to web and they also used to be able to access the old linux file server web applications
the new linux server ip = 192.168.1.2
dhcp for the pc's are 192.168.1.20 -100the macs are on 192.34.43.10 - 19
this is because there are big printers on the lan that the macs print to including scanners and other mac hardware. all the printers have specialized software that are configured with the mac ip address range so if i place the macs on the 192.168.1.20 - 100 ip range via dhcp none of the printers etc. will function with the macs which will create chaos :osurly all i need to do is place the mac ip range in pfsense including the new linux server ip for internet and web application access??
any help greatly appreciated ;D
-
Since you haven't qualified "proxy", from the context I take it you mean firewall and default gateway.
192.34.43.10 - 19 is a public IP address range. Is there a spare IP address on the same subnet? If so you could add a Virtual IP address (Firewall -> Virtual IPs, IP alias) on that subnet to the pfSense LAN interface so the pfSense LAN interface has an IP address on the same subnet as the MACs.
Then you will need to tweak the MACs so they have a route to 192.168.1.x through the pfSense LAN interface virtual IP address.
If you completely replace your old gateway by the new one you might reuse the old gateway's IP address on pfSense, but it might be prudent to have parallel operation for at least a little while, especially if you can't do the changeover outside "normal" hours.
Do the MACs use DHCP to get their network configuration or is it statically configured? If DHCP, will the DHCP server need to change as well?
-
wallabybob thanks for your reply
i do apologise, i meant to inform that i need to replace the old firewall/proxy server - ip: 192.168.1.2 with a pfsense firewall/proxy server for both the pc's and macs etc. The Windowz pc's are utilising dhcp.
I have used the same ip for the new updated Linux File Server 192.168.1.10 (this is a CentOS Server) as the old outdated server was a very old Novell 5 Server - IP: 192.168.1.10) The gateway for the new CentOS Linux Server will be 192.168.1.2i have configured an adsl router (netgear) in bridge mode. this will be connected to the wan port of pfsense (ip: 10.0.0.2)
my lan port in pfsense is 192.168.1.2
dhcp on pfsense is 192.168.1.10 - 100all the macs and other hardware for the macs have static ip addresses 192.168.34.43.10 -19
the "current" gateway ip on the mac's is 192.168.34.43.254.
your answer " 192.34.43.10 - 19 is a public IP address range. Is there a spare IP address on the same subnet? If so you could add a Virtual IP address (Firewall -> Virtual IPs, IP alias) on that subnet to the pfSense LAN interface so the pfSense LAN interface has an IP address on the same subnet as the MAC's."
do i only add "one" virtual ip address to pfsense ie: 192.168.34.43.254 or must i add all the mac ip addresses as virtual addresses in pfsense as per your example?
thanks for your help :)
-
do i only add "one" virtual ip address to pfsense ie: 192.168.34.43.254
Yes.
or must i add all the mac ip addresses as virtual addresses in pfsense as per your example?
[/quote
No.The idea is that you add to the appropriate pfSense interface an additional IP address on the same subnet as the MACs so the MACs can get to pfSense directly.
If you can afford some disruption you could turn off the existing gateway, add the virtual IP address to the pfSense interface, reboot (probably not necessary) and then try it. I have never had to do what I've described and I don't have any MACs so it quite likely there are some nuances I have glossed over. One which immediately comes to mind is the firewall rules may need tweaking to allow traffic from the MACs - I don't know if the virtual IP subnet will treated as part of the interface subnet as far as the firewall rules are concerned.
-
"Range of 192.34.43.10 - 19 on the same LAN SWITCH"
Why don't you just put this server and pfsense lan and clients on this same network? Where did you come up with that 192.34.43 btw, isn't the whole 192/8 kind of special use? I can not find any info on 192.34.43?? Its not in the private range for sure.
http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xml
192/8 Administered by ARINDoes this switch actually support vlans, and you have different vlans setup for these different segments? If so put an interface on pfsense in the same vlan.
If your just running 2 different networks on the same wire (not really a desired setup) - ie switch is just dumb switch without vlan support. Why don't you just run everything on 1 network?
-
If your just running 2 different networks on the same wire (not really a desired setup) - ie switch is just dumb switch without vlan support. Why don't you just run everything on 1 network?
This. Why people steal other people's public IP space like it's RFC1918 is beyond me, can't believe how much I see that. Don't do it, it'll break your ability to connect to the part of the Internet that's really assigned that IP space, and is just wrong. It's also pointless to put those devices on a different subnet in that scenario.