Newbie question

scarr

Hi all,

I Installed smoothwall about a week ago and to be honest I'm not impressed here is my wish list.

1. have DHCP with static IP's (if I'm saying this correctly)
2. Have timed access so I can block IP's at certain times (my son)
3. Port forwarding and if possible to multiple devices (a game and the knidle want port 443 forwarding to them)
4. Usage charts by IP
5. web proxy so I can trace where people have been
6. I have a wifi router, this has build in SSID and passwords this will be part of my network
7. virgin media cable router -> pfSense -> switch, hanging off this switch downstairs will be wifi router
8. Web interface

I know i have probably said a lot of things that are "Doh" but didn't want to miss anything, so will pfSense do all this?

Thanks

Steve

milanojs

Hi scar

1. have DHCP with static IP's (if I'm saying this correctly)
   yes, have to put mac address and reserve the static ip
2. Have timed access so I can block IP's at certain times (my son)
   squid acl time based rule
3. Port forwarding and if possible to multiple devices (a game and the knidle want port 443 forwarding to them)
   Yes, Nat rules could it be nat 1:1 or port forwarding
4. Usage charts by IP
   squid with sarg, pftop
5. web proxy so I can trace where people have been
   squid again doing the job
6. I have a wifi router, this has build in SSID and passwords this will be part of my network
   connect direct to wan port or lan port will do the job in companion with squid
7. virgin media cable router -> pfSense -> switch, hanging off this switch downstairs will be wifi router
   Web interface
   dont ge it! but pfsense has a web interface to work with it

stephenw10

Additionally:

2. You could also use scheduled firewall rules.

3. Yes but you can't forward incoming port 443 requests to two places. Are you sure they want, the very common and already used for HTTPS, port 443?

Steve

rjcrowder

Just to add a little bit…

1. have DHCP with static IP's (if I'm saying this correctly)
   yes, have to put mac address and reserve the static ip
   RJC - if necessary, you can also startup IPFW and create rules to make sure that no tries to manually switch their IP address (layer 2/3 rules). Good idea if anyone on your network is smart enough to figure out how to change their IP (for example - to one that doesn't have time restrictions or filtering).
2. Have timed access so I can block IP's at certain times (my son)
   squid acl time based rule
   RJC - Time based firewall rules work great for this.
3. Port forwarding and if possible to multiple devices (a game and the knidle want port 443 forwarding to them)
   Yes, Nat rules could it be nat 1:1 or port forwarding
4. Usage charts by IP
   squid with sarg, pftop
5. web proxy so I can trace where people have been
   squid again doing the job
   RJC - Highly recommend Dansguardian in conjunction with Squid if you have children accessing the internet. It will give you content based filtering and nice logging features. There's no great reporting package for it, but Webmin can be added and it works well. Also consider using the OpenDNS servers for DNS. Then configure the dynamic DNS update within pfSense.
6. I have a wifi router, this has build in SSID and passwords this will be part of my network
   connect direct to wan port or lan port will do the job in companion with squid
7. virgin media cable router -> pfSense -> switch, hanging off this switch downstairs will be wifi router
   Web interface
   RJC - Sounds like exactly what I have: modem -> pfsense -> switch -> wifi router configured as access point.

scarr

WOW, thanks a lot guys really helpfull, will install at the weekend and keep you all posted, thanks again.

Steve