Aliases in 2.3 and Aliases in General
-
Hi to All,
I began my adventure into PfSense with 2.2 but about a 1/4 of the way through I saw that 2.3 was now stable and decided that as I was not particularly happy with my first attempts, I might as well just do a clean install of 2.3.
I also decided to buy a Gold Membership so that I would get the latest up-to-date instructions manual.After getting WANs, LANs and other NICs configured I set about creating aliases as I knew that in the long run that would save me time and ensure consistency. I created an alias for each device and assigned an IP address??? I had assumed a device alias would be linked / referenced by a MAC address rather than by just an IP address. So after I had list all my devices I went to the dhcp server for the LAN to setup fixed / reserved IP addresses. This required me to link a MAC address to an IP address as expected but to again enter device details with no connection to the alias list. So now if I change the IP of a device I have to change the alias detail and also the static address detail. More than being a waste of time it is also a probable disaster area if one forgets to change both records. Also the device can have 2 descriptions, 2 hostnames etc…
I then set about configuring the port aliases. For example I created HTTP and HTTPS then re-aliased them as an alias group called Web. Now the Manual and everything else I read about pfSense tells me that an aliasable field will turn red. No it doesn't it stays white. I have to guess then if it is an aliasable field or auto-complete data being shown in the drop-off list. After a couple I was pleased to see it was previous alias data being displayed and I could make my aggregate aliases, but still no red.
I appreciate that themes change, but I feel there must be some means of differentiating between alias and non alias fields. Maybe a thin red border around the field would be nice?
Lastly whilst on the subject of themes, I am disabled and partially sighted, sometimes needing to use a screen reader etc. Could the next update of pfSense include WAI and 508 compliance?
I am now moving on today to setting up some much needed rules and the DMZ. Also trying to overcome any Double NAT issues thrust upon me by my ISP.
So far I am very happy with my pfSense server and hope to put it into the live environment within the next few days.
I have also directly connected 2 Raspberry Pi, one acts as my network time server, the other as a Tor proxy, a third yet to be configured will be a VPN proxy to enable watching UK TV etc. I have 4 NIC stack on the motherboard and an extra Dell / Broadcom 4 NIC expansion card so connectivity is not an issue.Any advice on overcoming the alias issues, would be appreciated.
Thanks and kind regards,
jB 8)
-
Aliases are nicely integrated into Firewall Rules and NAT - stuff that ends up in the pf rule set.
But they could be extended elsewhere. As you say, to DHCP static mapping. In that case I think it would be nice to be able to check a box on the static mapping to auto-create a single-host alias from the static mapping data, using the name in the static mapping as the default alias name, and giving an optional box to put an alias name. Then show these "auto-aliases" on the Firewall-Aliases page (and of course check validation across auto and ordinary aliases to prevent duplicate names).
Alias features could also be added to OpenVPN settings areas where addresses, networks or lists of networks need to be input.
And probably a bunch of other places.
-
I think it would be nice to be able to check a box on the static mapping to auto-create a single-host alias from the static mapping data, using the name in the static mapping as the default alias name, and giving an optional box to put an alias name.
Nice idea! I second this. In my home setup I make use of IP aliases to define certain hosts on the LAN so I can easily change IP's if I want to without re-doing the rules. But I also want these to be available in DNS so I wind up doing double entries for most- 1 alias and 1 static DHCP mapping.
-
I appreciate that themes change, but I feel there must be some means of differentiating between alias and non alias fields. Maybe a thin red border around the field would be nice?
This! :) I very much growed accustomed to the form field indicating the use of aliases in the right places. I also cheered at the new UI and things like those comment lines in rules - really great! - but I miss the fields indicating the use of aliases, too. Now it simply isn't clear where you can or can't use aliases. Also, I didn't understand, why you can use aliases in Port Forwards or even Outgoing NAT rules, but not in 1:1 BiNat mappings. Doesn't make sense, as PF uses very similar rules to create those mappings where you can indeed use aliases. As for DHCPD, OVPN et al, that sure would require a little bit more programming though, but inside the same "application" (like PF) it shouldn't be a great deal to consistently use them.
Greets and thanks to the devs!
Jens