General questions about PFSense

podilarius

People are talking about VM because they have super powerful machines and they find that dedicating that kind of box would be a waste, so they virualize the machine so that they can run several different VMs off it.
If its an old box, its better to dedicate the machine to pfsense by just installing it. This is how I have is in all my deployments except the LAB which is also a super powerful machine and runs many VMs. I put pfsense on it to limit access into the VM network.

magdiel1975

I was able to install PFSense on my old junkie and I installed another ethernet adapter.. I was able to ping www.google.com after the installation while I was still on the menu..but I am stuck.. I am unable to pull the dashboard up.. I set my LAN 192.168.2.2 and the WAN was automatically set it to 192.168.1.106…where do i connect the modem/router?  - I have a modem which connects to the router..so do I connect just the modem to one ethernet on the back of the computer and then connect the router to the other ethernet adapter Installed? -  I probably have this wrong, can you please tell me how do I connect the modem and router? and does it matter which ethernet adapter I use? - Do I need to put the modem on bridge mode?

I know Im just missing one simple step, but I can't figure it out. So just to make sure I understand the way this is supposed to work...
I connected the modem to the top ethernet adapter which is on the back of the computer which in theory could be seen as INTERNET CONNECTION IN...then on the bottom there is another ethernet adapter..is this ethernet adapter the one responsible for INTERNET CONNECTION OUT, which is where the router would be connected?

Metu69salemi

| Use this: | Internet | -> | Modem | ->(WAN)PfSense(LAN) | ->Switch | Computers |
| Don't use: | Internet | -> | Modem | -> | (WAN)PfSense(LAN) |
|   |   |   |   | -> | Computers |

wallabybob

@magdiel1975:

I know Im just missing one simple step, but I can't figure it out. So just to make sure I understand the way this is supposed to work…
I connected the modem to the top ethernet adapter which is on the back of the computer which in theory could be seen as INTERNET CONNECTION IN...then on the bottom there is another ethernet adapter..is this ethernet adapter the one responsible for INTERNET CONNECTION OUT, which is where the router would be connected?

I'm not sure what router you mean. I also don't know what roles you assigned in pfSense to the "top" ethernet adapter and what roles you assigned to the "bottom" ethernet adapter.

The pfSense WAN adapter (top?) should connect to your modem that connects to the Internet. The pfSense LAN adapter should connect to your single computer OR the switch connecting your computers.

If you previously used a modem (cable modem? xDSL modem?)  AND a router then pfSense can take the place of your old router. If you want to keep your old router operational for a while during the time you are learning pfSense then you should give us more details of your configuration so we can help you appropriately configure pfSense.

magdiel1975

Hi.. thanks for the reply..
I have a DSL modem and yes, I would like to keep using my wireless router (Cisco e2000 with DD WRT Firmware) in order to provide internet to the rest of the computers in my house, which are wireless. When I was  using PFSense on VMWare, I was able to pull the console using the IP address, but now that I installed PFSense on its own, I can't.. now let me ask you this.. I a bit confused.. on which web browser am I supposed to pull the console from?..After the installation, all I see on PFSense is a black screen with white letters..Am I missing something here? - Am I suppose to be able to bring up a web browser while in PFSense? - All the instructions I have been reading about say open a web browser and input the IP address, but it does not specify where the web browser is located..do they mean on another computer? - sorry for the noob question, but I think the instructions I have found to do this have not been clear..maybe they are meant for people that have had experience doing and not for guys like myself that know very little about using this type of connections.

Now, I'll tell you this.. after the installation, I press 7 to ping.. only when I connect the ethernet cable to the "TOP" ethernet adapter (which is the one off of the motherboard), I can ping www.google.com, but if does not ping anything if I connect the cable to the "BOTTOM" ethernet adapter. I believe the DSL modem is in bridge mode right now, this is the way I have been using it all along. So, I connect the modem to the TOP adapter and the router to the bottom one? - At least I'm getting closer..slowly but surely..haha.. please be patient with me.. it only takes for me to do it once, then I will know what to do in the future.

stephenw10

The pfSense CLI, which is what you're seeing on a monitor connected directly to the box, is supposed to be text only. No web browser is available directly from the box.
Most of the configuration of pfSense is done via it's web based interface, exactly as you would do with dd-wrt. Once the box is up and running you should be able to access the webgui via the LAN interface on it's IP, 192.168.2.2 in your case. If you connect a client machine to the LAN interface it should receive an IP (as long as you enabled the DHCP server in the initial pfSense setup) and you are good to go. Depending on your NICs in both pfSense and the client you may need a crossover cable to connect them directly. Commonly you would have a switch in between the LAN interface and your clients as others have said.

Steve

magdiel1975

@stephenw10:

The pfSense CLI, which is what you're seeing on a monitor connected directly to the box, is supposed to be text only. No web browser is available directly from the box.
Most of the configuration of pfSense is done via it's web based interface, exactly as you would do with dd-wrt. Once the box is up and running you should be able to access the webgui via the LAN interface on it's IP, 192.168.2.2 in your case. If you connect a client machine to the LAN interface it should receive an IP (as long as you enabled the DHCP server in the initial pfSense setup) and you are good to go. Depending on your NICs in both pfSense and the client you may need a crossover cable to connect them directly. Commonly you would have a switch in between the LAN interface and your clients as others have said.

Steve

Ok.. i think I'm getting it a bit more… so i will need a crossover cable if I want to connect a client PC to the Box, but If I don't have a crossover cable then I can use a switch (which is like using a crossover cable?) to connect both computers? - OK, so I got that part... now, I guess what is getting my confused is the WAN and LAN - how come I can only ping using the ethernet adapter from the motherboard and not the other one connected to the PCI slot? - is this normal? - while in the setup, do i need to set an IP for the WAN or just the LAN or both?

podilarius

Well, you almost have the cable part. For a switch, you need to use a regular patch cable. To hook up a PC, you need a crossover.
As far a the ping, look at the this way. There is a protected side (the LAN) and a public side that is unprotected (WAN).
The modem goes on the WAN or the unprotected side. This is where your PPPoE is handled or DHCP happens. This is why when you plug it into WAN it works. When it is in the LAN, LAN has a static IP already and thus does nothing with the modem. Now, on you wireless router, there is a WAN and LAN (or LAN switch). DD-WRT sees all the LAN interfaces as one and bridges them (software switch). So, what you would need to do is leave WAN configured as default (or with PPPoE settings from ISP), which is DHCP, and configure LAN with an IP address. Turn off DHCP in the DD-WRT box and enable it in the pfsense box. Then plug any of the LAN ports of the wifi router into the LAN side of pfsense.

Then try from a PC connected to the LAN to access the internet.

magdiel1975

@podilarius:

Well, you almost have the cable part. For a switch, you need to use a regular patch cable. To hook up a PC, you need a crossover.
As far a the ping, look at the this way. There is a protected side (the LAN) and a public side that is unprotected (WAN).
The modem goes on the WAN or the unprotected side. This is where your PPPoE is handled or DHCP happens. This is why when you plug it into WAN it works. When it is in the LAN, LAN has a static IP already and thus does nothing with the modem. Now, on you wireless router, there is a WAN and LAN (or LAN switch). DD-WRT sees all the LAN interfaces as one and bridges them (software switch). So, what you would need to do is leave WAN configured as default (or with PPPoE settings from ISP), which is DHCP, and configure LAN with an IP address. Turn off DHCP in the DD-WRT box and enable it in the pfsense box. Then plug any of the LAN ports of the wifi router into the LAN side of pfsense.

Then try from a PC connected to the LAN to access the internet.

Yeah.. once I can get into the GUI I can probably set the settings to get internet access.. the problem I have not is I am not able to get in to the PFSense GUI.. Once I get home I will try hooking up a switch and see if I can pull the gui.

podilarius

Thought you were further along than that. You might want to disconnect the wireless for now. The DHCP server on it will not allow the one on pfsense to start and would cause problems.

magdiel1975

@podilarius:

Thought you were further along than that. You might want to disconnect the wireless for now. The DHCP server on it will not allow the one on pfsense to start and would cause problems.

Nope still with the same problem..but I will try using a switch.. I think I have one laying around. I was just stuck on how to connect the modem and the router..so I think I now have an idea on how it needs to be connected.. The modem goes on the Ethernet adapter from the motherboard and the switch connects to the 2nd ethernet adapter I installed..then the wireless router connects to the switch..Am I on the right track?

podilarius

That is a loaded question as you can assign the role to either NICs. If you determined that the onboard NIC is the WAN, then yes, that is how you connect.

magdiel1975

@podilarius:

That is a loaded question as you can assign the role to either NICs. If you determined that the onboard NIC is the WAN, then yes, that is how you connect.

I guess before I continue with this let me explain why I even started trying to do this..

I want to block porn sites because i have kids which includes a teenager. I have tried programs like K9, etc.. but they are easily bypassed. I currently use OpenDns and have been using them for years now..I even block port 53 so that my savvy son doesn't use any other DNS…the problem with OpenDns is that it doesn't filter words..for example, if you type "boobs" in google images, you will get some nasty results and if you type "porn", wow, it's like, wow..there is not blocking that. I know that I can block all images from all search engines through OpenDns, but I don't want to do that.

I also use DD wrt keyword filtering and it does a good job for the most part, but it has it's downsides.. for example.. it I block the word "breast"..it will not only block the porn sites, but it will also block any site that has that word in it, such as cooking sites (chicken breast)..or breast cancer sites.

what I am looking for is for an intelligent keyword filter or firewall that would identify pornsites and not a cooking website that has the word breast in it.
Is this something I would be able to achieve with PFsense along with an additional package or add-on? - if not, then there is no sense for me to continue.

podilarius

well, with a combo of snort and squidguard/dansguardian it is probably achievable. Snort can get IPs commonaly associated with porn dropped and one of the other 2 can content filter the rest. I have not really used squidguard or dansguardian, so I cannot really say anything out their effectiveness. Cannot be to bad, there are a lot of pple using one of them. This is something I have to look at in the next year or 2 for my own brood.

stephenw10

@podilarius:

DD-WRT sees all the LAN interfaces as one and bridges them (software switch).

Just for information and maybe you simplified this for ease of understanding if so then forget this!
The LAN interfaces in almost all soho modem/routers are in fact connected to a real hardware switch internally. Most have 2 real interfaces and are able to address the ports on the back separately by using VLANs internally. Complex but cheap.

Carry on…

Steve

webdawg

@magdiel1975:

@podilarius:

Thought you were further along than that. You might want to disconnect the wireless for now. The DHCP server on it will not allow the one on pfsense to start and would cause problems.

Nope still with the same problem..but I will try using a switch.. I think I have one laying around. I was just stuck on how to connect the modem and the router..so I think I now have an idea on how it needs to be connected.. The modem goes on the Ethernet adapter from the motherboard and the switch connects to the 2nd ethernet adapter I installed..then the wireless router connects to the switch..Am I on the right track?

It is apparent that you do not know a lot about networking.  Some things you are doing are going to work but they are not supposed to be hooked up like this.

Your internet comes in and it looks it comes into an ISP router box.  From this router box you need to connect the WAN interface of pfSense to it.  After that you need to connect the LAN interface of the pfSense computer to a switch.  This switch is where all your devices are going to be plugged into.

You WAN interface will attain an IP automatically via DHCP.  Your LAN interface should be something like 192.168.44.1/24.  This means that your router will be at 192.168.44.1 with a subnet mask of 255.255.255.0 .  Your WAN interface should not be the same as the LAN interface.  You cannot have a network that is 192.168.1.1 and have another network that is 192.168.1.2.  The third digit has to be different. (Look up subnetting if you want to know more.)

You want to make your LAN wireless?  You can connect the WAN of a router to the LAN of your network but the wireless clients will not be on the same network.  You really should have an ACCESS POINT or configure your routing device to be that.  You plug the access point into the switch.

magdiel1975

@webdawg:

@magdiel1975:

@podilarius:

Thought you were further along than that. You might want to disconnect the wireless for now. The DHCP server on it will not allow the one on pfsense to start and would cause problems.

Nope still with the same problem..but I will try using a switch.. I think I have one laying around. I was just stuck on how to connect the modem and the router..so I think I now have an idea on how it needs to be connected.. The modem goes on the Ethernet adapter from the motherboard and the switch connects to the 2nd ethernet adapter I installed..then the wireless router connects to the switch..Am I on the right track?

It is apparent that you do not know a lot about networking.  Some things you are doing are going to work but they are not supposed to be hooked up like this.

Your internet comes in and it looks it comes into an ISP router box.  From this router box you need to connect the WAN interface of pfSense to it.  After that you need to connect the LAN interface of the pfSense computer to a switch.  This switch is where all your devices are going to be plugged into.

You WAN interface will attain an IP automatically via DHCP.  Your LAN interface should be something like 192.168.44.1/24.  This means that your router will be at 192.168.44.1 with a subnet mask of 255.255.255.0 .  Your WAN interface should not be the same as the LAN interface.  You cannot have a network that is 192.168.1.1 and have another network that is 192.168.1.2.  The third digit has to be different. (Look up subnetting if you want to know more.)

You want to make your LAN wireless?  You can connect the WAN of a router to the LAN of your network but the wireless clients will not be on the same network.  You really should have an ACCESS POINT or configure your routing device to be that.  You plug the access point into the switch.

Well.. I wouldn't say it's apparent I do not know a lot about networking…It's pretty clear.. lol - But thank you for taking the time and explaining it the way you did on your last post.. I understand it better now, I think..haha.. I will try and get back as soon as get this going...thank you all for taking the time and for all your patience