Is pfSense the right product for my requirements

newtofirewalls

Hi cmb, your reply is exactly what my original question is about–the requirements. I have been going through some of the functions in 'untangled' and I am wondering if that does what I want as well. But here is the thing, I installed 'untangled' without any dramas. It only took a half hour to get my software router running and within a few minutes of that I had a computer running behind a firewall. Yet after several days of struggling with pfSense the computer behind the firewall could not see the internet. So what is better? A system that people can not get to running but which has all the bells and whistles? Or a system that only has half the features but at least you can run it?

Perhaps the answer is in what you wrote...'...more of a Cisco ASA... etc etc...'
I am sure you know what you are talking about but I have no idea, and it isn't like I don't understand technology either.

Venlaw

You didn't even get past the first step. Your lack of knowledge was the problem, not pF. Sorry.  :-\

dhatz

pfSense really isn't hard at all to initially get up and running, especially if you're simply NATing traffic between LAN and WAN. I'm inclined to think the OP might have hit a hardware issue (pfsense being based on FreeBSD is more picky, whereas UT being based on Linux might have dealt with it better).

Beyond the basics UT and pfsense are quite different beasts, e.g. last time I checked UT didn't support VLANs, which is a prerequisite for certain deployments.

newtofirewalls

Venlaw, thanks for your reply, but simply insisting that I have a 'problem' and pf does not have a 'problem' neither helps me nor those working on pfSense. I can guarantee you that for every question like mine there are 30 others who download software don't get past first base and move on without saying anything. So perhaps you might come down from your seat of perceived superior 'knowledge' and tell me what 'knowledge' I require to get me past the "first step" and I will go out and acquire that 'knowledge'.

Metu69salemi

Can you draw your current network topology?
Do you have another dhcp server in your network?

newtofirewalls

Here is my attempt at drawing the topology:

Cable -> (modem/wireless router) –-->PC
                  .              .            |
                  .              .            |-->Printer
                  .              .
several wireless PCs        .
                                  .
                                  Wireless-Bridge--->pfSensePC-->UbuntuPC

I hope that diagram makes sense.  The '-->' indicates ethernet connections, while the '.  .  .' indicates wireless connections.

I can configure the wireless bridge so that I can connect the UbuntuPC directly to the wireless bridge and the UbuntuPC can succesfuly connect to the internet.
I have also hooked up the pfSensePC to the wireless bridge and after configuring the uplinks to the wireless bridge and the UbuntuPC pfSense also indicates that it can see both. The UbuntuPC also indicates that it has connected to the pfSensePC. However, attempting to see the internet with a web-browser from the UbuntuPC does not work.

Now--the point about 'Untangle' is that--I can replace 'pfSense' with 'Untangle' and the UbuntuPC can then see the internet through the 'Untangle' firewall. So the point that others in this thread seem to miss is that the rest of the network appears to be functioning properly. Clearly there is something about the installation process with pfSense that is creating the issue.

Regarding 'dhcp', yes, both the modem/router and the wireless bridge both allocate addresses using dhcp. Again, 'Untangle' operates with 'dhcp' without any problems, so I suspect that is not the issue either, but I am open to suggestions.
Hope that helps define the problem more clearly.

Metu69salemi

Do you have removed your first firewall rule on wan tab?
I think that you have inside IP-subnet after your modem, and RFC1918 subnets  are blocked by default in wan tab

newtofirewalls

Metu69salemi, not sure what you mean by the 'wan tab'; are you referring to the pfSense control panel? If that is what you are talking about, the problem is that the UbuntuPC cannot see the pfSense control panel. From memory I think I tried 192.168.1.1 and a couple of other common addresses e.g. 192.168.0.1 etc and there is nothing there.

Metu69salemi

Go to pfsense console and check what is the pfsense lan ip and subnet.
After that check ubuntupc's ip, subnet and gw.

PFSENSE -- UBUNTU
ip      --  gw
subnet  --  subnet
        --  !gw

| pfsense | – | Ubuntu |
| ip: 192.168.0.1 | – | gw: 192.168.0.1 |
| subnet: 24 | – | 255.255.255.0 or /24 |
| N/A | – | IP: between 192.168.0.2 and 192.168.0.254 |

You can also use dhcp-server

wallabybob

@newtofirewalls:

the problem is that the UbuntuPC cannot see the pfSense control panel. From memory I think I tried 192.168.1.1 and a couple of other common addresses e.g. 192.168.0.1 etc and there is nothing there.

Why did you try "192.168.1.1 and a couple of other common addresses e.g. 192.168.0.1 etc"?

Why didn't you try the pfSense LAN interface IP address?

Did you fix the configuration errors I previously pointed out?

The configuration information you posted earlier differs from the documented initial configuration (http://doc.pfsense.org/index.php/Installing_pfSense) so it seems like you have meddled with the initial configuration without knowing what you were doing.

Seems like you don't know what you are doing.

newtofirewalls

Thanks, I'll try that as soon as I can.