Behind another firewall
-
and sir I always see this pop up message on my pfsense box: DC0 TX underrun – increasing TX threshold .. what is the meaning of this?
Not sure about this … perhaps a driver or NIC issue. Perhaps there is a tweak in the advanced options you can do to prevent that ... search the forums and google.
The 9 VLANs you have on the Zyxell has to go somewhere. I assumed they are on the same NIC as the LAN port. If you are putting the pfsense box inline, the VLAN tag must survive the traversal of the pfsense machine. If you are assigning each VLAN its own nic, then perhaps you really don't need VLANs. You can have many VLAN on one physical NIC. Please see docs server for info on how to setup VLANS in pfsense.
So in pfsense, you are going to create a VLAN on WAN and a matching one on LAN (opt2 and opt3) then you are going to assign them to opt4 as a bridge. So for each VLAN on the Zyxell, you will have 2 on the pfsense machine. This is to pass the VLAN traffic on. If you are hooking it up in parallel with the VLANs and you are only wanting to block traffic on the default VLAN, then don't worry about the setup, you already have it working. -
I create alieases for the VLAN's
-
rule for bridge
-
Rule for LAN
-
rule for OPT1
-
rule for WAN
-
Sir I dont know it is correct but my Network is working fine i can access Zyxell and PFSense, i Have my internet..
Please check,,
How can i use bandwith limiter for every network and transparent proxy + dansguardian
Thanks sir,,
-
All of your VLAN are able to pass through the bridge and are able to get to the internet?
I am not familiar with the limiter or dansguardian, I use the squid3 package for proxying. It is easy to setup and you would only need to tell it what subnets you want to proxy on and it will do that.
-
Yes sir all of the VLAN's able to ping each other and has internet.
I want to ask you if this setup is ok? this were I come up, because its different from your setup..
I can't understand your concept, on how to set up my network,we successfully setup pfsense in transparent bridge mode behind my Zyxell firewall,,
the problem is with this set as my WAN=rl0 and LAN=dc0 was bridge in opt1. I cant imagine how can i assign this 3 NIC's because its already in use… -
If it is working, you don't need to do anything. I didn't think that VLAN ids would be kept intact when passing over the bridge much less be able to see any subnets in it. If you remove a VLAN subnet from your alias, does that VLAN no longer work? how is your network connected?
-
when i removed one VLAN subnet on my aliase. and i use that VLAN port on my Layaer 2 switch, icant ping my pfsense, my zywall even i cant get ip from dhcp server..
-
This would mean that filtering is working as expected. Just install the packages you want and configure them to allow all your subnets. Once everything is working, you can start restricting if you want.
-
In this st up I want to limit download and upload in my network,, example i want to limit download and upload in VLAN 2 with the network of 192.168.1.1/24, how can i dothis
thanks,, -
You can do this with limiter, traffic shaper, or squid … The best way depends on what you want to limit as in, all traffic, traffic on certain ports, or just web based download and upload. I am most familiar with the shaper and you can do this with that using a penalty setup. Just run the wizard and when you see penalty ip, put in the entire VLAN2 subnet. You can then create other penalty queues for other subnets. If you want to just have a physical cap, you would use the limiter, but I am not sure how to set that up as I have never used it. (Something for me to learn soon)
-
sir how can i use transparent proxy in transparent bridge mode
thankas,,,
-
I have not done this before, but I would speculate that you just need to install squid3, set is to listen on WAN and LAN, and check the option to be transparent.
-
ok sir thank I'll try the squid3..
-
how to use this squid3 sir?
-
Where are you having trouble? Perhaps some questions. Search, there is probably a doc or a forum write up for a simple starter config.
-
hi si this is what i get in my setup using squid3, i cant access my pfsense box,
