2 ISP + Pfsense (2 Wan & 1 Lan) + Layer 3 Switch Help..
-
Thank you for the assistance. I am trying to configure now.
-
Hey guy's I have 2 other questions?
1. If I wanted wireless where would I put it on PfSense or my switch? I need it to give out address DHCP and I need to access my network for shares and AD.
2. I am learning how to do IP but want to know my isp gives me a 192.168.x.x address for my router, can I set up my internal network on a 10.10.10.1 scheme and still access the internet?
thanks
-
1. If I wanted wireless where would I put it on PfSense or my switch? I need it to give out address DHCP and I need to access my network for shares and AD.
It goes on the switch, as just another device on the LAN. Then the wireless clients appear on the LAN like any other wired devices and can see LAN file shares… (which is what I think you want).
If you have a Windows Server with AD Domain and there are wireless devices joining the domain, then you probably want to have DHCP from a domain controller/server - but that is a windows question.
If the Wireless AP is really the ONLY place that you want to give out DHCP addresses then you could use it for DHCP, but you have to be able to specify the pfSense LAN IP as the default gateway (i.e. some APs are also routers with a WAN port on them... and will default to make themselves the gateway...). Really I would not do this - when your network expands you will have the DHCP in an odd place on the side.
I do what Tim does - put DHCP on pfSense. It keeps the various network services managed in 1 place. Personally, I would just have my AD server with a real static IP, and have other known devices given static-mapped IPs from pfSense DHCP, and "unknown" guests given IPs from the pfSense DHCP pool. Then in future you can change your IP addresses as you wish from pfSense DHCP server with the minimum of fuss. (Make sure to turn off DHCP on the wireless AP, l3 switch and any other box that feels the urge to be a DHCP server)2. I am learning how to do IP but want to know my isp gives me a 192.168.x.x address for my router, can I set up my internal network on a 10.10.10.1 scheme and still access the internet?
You can leave that like it is - your front-end modem/router might be 192.168.1.1 and you do DHCP client on pfSense WAN and it gets 192.168.1.2 - that works but the front-end device will also be doing NAT, so 2 layers of NAT messing with the packets out and in.
Most people would change the front-end device to be just a bridge modem - pass through the real internet to pfSense. Then setup the pppoe or whatever ISP connection on the pfSense WAN.
And yes, definitely use a LAN subnet like 10.10.10.0/24 away from the over-used 192.168.[0|1].0/24 -
@ phil.davis Thank you for your response.
1. thanks that makes sense i will have to look on windows forum in regards to AD and wireless..
2. ok to make sure I understand. I would put my isp modem into bridge mode and what this does is let the wan on the pfsense get the 192.168.x.x address correct?
3. Then I make the LAN on the PfSense 10.10.x.x correct?
4. So once i set up DHCP on the PfSense it will keep my network in the 10.10.x.x scheme?
5. Also do I setup my WAN as DHCP or static?
6. Also I have 2 ISP do I put both into bridge mode?
Thank you.
-
also…..
7. can you load balance, Failover and divide traffic at the same time? Meaning I want to do load balance and fail over with both ISP but I have 1 VM that I only want traffic running on a specific ISP and not both. -
@ phil.davis Thank you for your response.
1. thanks that makes sense i will have to look on windows forum in regards to AD and wireless..
2. ok to make sure I understand. I would put my isp modem into bridge mode and what this does is let the wan on the pfsense get the 192.168.x.x address correct?
3. Then I make the LAN on the PfSense 10.10.x.x correct?
4. So once i set up DHCP on the PfSense it will keep my network in the 10.10.x.x scheme?
5. Also do I setup my WAN as DHCP or static?
6. Also I have 2 ISP do I put both into bridge mode?
Thank you.
2. Bridge mode lets the real public IP "get through" to the pfSense. You won't see any 192.168 on the WAN side any more. Usually you have setup pppoe on the ISP modem, with a username/password given by the ISP. When the modem goes to bridge mode, then you need to put that username/password into pfSense pppoe settings. The particulars of selecting bridge mode depends on the modem.
3. Yes - e.g. pfSense LAN IP is 10.10.0.1/24
4. Yes - enable DHCP on pfSense, give it some reasonable (for you) range of addresses to use (you know how many devices there might be) - e.g. 10.10.0.100-199 - whatever.
5. You WAN will end up being pppoe I suspect.
6. Each ISP would be on a different port (NIC), so you will have an ISP on WAN and an ISP on OPT1 (which you can give another name like WAN2). Once you get one running in bridge mode and working, then do the same sort of thing for the other, on the other port - setup 1 at a time, don't "burn all your bridges" (couldn't resist the pun).
7. You can make gateway groups that load balance (equal priority/tier gateways) or that prefer one WAN and failover to the other. Load balance effectively "fails over" because it load balances only among the members that are up. Then you add firewall rules to select the traffic you want and policy-route it into a gateway group, or a particular WAN (if you don't want failover/load-balance for that traffic).
I'm sure there is a doc describing the process of setting up WAN/pppoe with a front-end device in bridge mode - can someone give a link to it?
-
Thanks for the info. thats what I did. I put both my IPS router into bridge mode. time warner and ATT Uverse. But the problem I am having is the LAN it only works with 192.168.1.1. Is there a doc on setting up the 10.10.x.x scheme that i am trying to do?
-
also both ISP is always on so I am not sure about using PPPoe. If am not mistaken that is use for ISP thatr need a user name and password correct?
-
pppoe - you only need that if your ISP does it that way with username/password. It sounds like you get a direct connection that is "just there" when you plug it in, good that it is easy.
You can set the pfSense LAN side to be any private IP subnet that you want. e.g. set LAN to static IP 10.10.42.1/24 Set the DHCP range to 10.10.42.100-199 or whatever you need/want within the LAN subnet.
With just 1 LAN, you don't really use the layer3 switch functionality. Give the L3 switch an IP address in 10.10.42.0/24 so you can access it and manage it if needed. Set static IPs in 10.10.42.0/24 on any special devices (e.g. a server) that might need to have a real static IP. Let other devices get DHCP from pfSense, if you want them to get the same IP every time, then make static mapping entries for them.But maybe I am missing something behind your question? Because I don't really understand why you would say "LAN it only works with 192.168.1.1".
-
@ Phil.davis Thanks for the info I got it up and running. set both my isp to bridge then the lan to a 10.x.x.x scheme.
I was having trouble with the lan 192.168.1.1 for some reason, (most like because I did not know what I was doing). :)
Thanks for all the help I got the basic up and running now it time to do some testing with the firewalls rule and loadbalancing…..Thanks again