Help with my network setup



  • Hello,

    I am new to the forums so sorry if this is in the wrong area. I am looking into setting up a firewall/router for my home however I have some questions about how I can get my setup to work.

    So for a computer I am probably going to use a old computer with 2-4GB of ram. I might put in a 500GB hard drive for chcade. My modem is also a router but I guess I will just disable the wireless features on my modem so everything will go through pfSense (Please correct me if I'm wrong)?

    So for my setup I would like to have a Home network and a Guest network however I am not sure how I will go about setting this up. Form watching videos and learning about this stuff I do have a plan but please tell me if it's wrong or if there is a better way:

    Home Network:
    Modem -> pfSense Box -> Switch -> Ubiquiti Access point

    Guest Network:
    Modem -> pfSense Box -> Linksys Wireless-G 2.4Ghz Router (I will have all router features turned off so it will just be broadcasting a access point)

    What I also will like to know is what network cards should I get? I probably will get a old desktop with 1 ethernet port attached to the motherboard. So I would guess I will need to buy 2 more network cards. Modem will go into the motherboard, and then the 1st network card will be for the home network and the 2nd network card will go for the guest network.

    Would this setup work or is there a better way? I want guest to be limited to the things they can access and how much bandwidth they can use. I also don't want any thing on the network to be able to communicate with anything on the home network.

    Thanks



  • Hi,

    buy a dual port network adapter, so it only occupies one PCI slot.
    Here you can find a list of supported hardware: https://www.freebsd.org/releases/10.3R/hardware.html
    In common Intel network cards have a good reputation with pfSense.

    Yes, to have better control over network traffic, it's recommended to deactivate the WLAN of the router and connect the access points to pfSense.

    If one of your access points is available to handle multiple SSIDs an VLANs, you can also achieve your intend with just one additional network interface on pfSense. So you can run your home WLAN and guest WLAN on just one AP and assign different VLANs to them, which are controlled by pfSense.

    pfSense has assinged two interfaces by default, WAN and LAN. On LAN interface there is a default rule allowing any traffic to anywhere, however, you can edit this rule. On additional interfaces you have to add rules by yourself, otherwise pfSense block all traffic.

    The access from guest net to your home net can be prohibited by a firewall rule allowing access to anywhere but your home net. Further limitations can be achieved with squid and squidGuard.
    For bandwith limitation pfSense has the Traffic shaper implemented.



  • Well basically it's a solid plan although I personally wouldn't do it like that.

    I would get a little VLAN capable switch for your home network. That way you could solve both needs with the following:

    Router -> PFsense -> Switch -> Ubiquty AP

    Basically what happens is you only need one additional NIC for your pfsense, and your Home LAN comes out as usual on that. But inside PFSense you create a VLAN (ex: 2) and make that your Guest network. This is then "tagged" on the link to the switch in which you also create VLAN 2.
    Likewise you can "tag" VLAN 2 along to the AP, and that will be capable of broadcasting both your home network and guest network (each on isolated WLAN's).

    That way you save the extra NIC, the crappy guest AP solution using an old Linksys router, and you get the opportunity to create wired guest ports in the switch for wired devices.

    Also, it saves on the electricity bill :-)

    That's how I would do it. The ubiquty AP supports VLAN's so it's only the switch you need to make sure support VLAN's

    I would get a proper Intel Desktop PCIe NIC adapter. They are soooo much better than all the realtek and atheros crap out there.



  • Ok thanks guys for the help however I will need to change my plan up a bit since the PC I got might not work with my setup. So I got a Dell Optiplex 755 and it only has 1 PCI express port.

    The Network car I got was the TEG-PCITXRL (http://www.amazon.com/TRENDnet-Gigabit-Profile-Adapter-TEG-PCITXRL/dp/B003QXGXOA?ie=UTF8&psc=1&redirect=true&ref_=oh_aui_detailpage_o00_s00)

    I am guessing this switch board will work with the VLAN? http://www.amazon.com/TP-LINK-8-Port-Gigabit-Ethernet-TL-SG108E/dp/B00K4DS5KU?ie=UTF8&keywords=VLAN switch&qid=1465344342&ref_=sr_1_1&sr=8-1

    So from my understanding on the setup is:
    Home:
    Router -> PFsense -> Switch -> Ubiquty AP

    Guest
    Router -> PFsense -> Switch -> Linksys

    Thanks



  • @keyser:

    Well basically it's a solid plan although I personally wouldn't do it like that.

    I would get a little VLAN capable switch for your home network. That way you could solve both needs with the following:

    Router -> PFsense -> Switch -> Ubiquty AP

    Basically what happens is you only need one additional NIC for your pfsense, and your Home LAN comes out as usual on that. But inside PFSense you create a VLAN (ex: 2) and make that your Guest network. This is then "tagged" on the link to the switch in which you also create VLAN 2.
    Likewise you can "tag" VLAN 2 along to the AP, and that will be capable of broadcasting both your home network and guest network (each on isolated WLAN's).

    That way you save the extra NIC, the crappy guest AP solution using an old Linksys router, and you get the opportunity to create wired guest ports in the switch for wired devices.

    Also, it saves on the electricity bill :-)

    That's how I would do it. The ubiquty AP supports VLAN's so it's only the switch you need to make sure support VLAN's

    I would get a proper Intel Desktop PCIe NIC adapter. They are soooo much better than all the realtek and atheros crap out there.

    Ignore my post before this one. I see what your saying now. So now my next question what AP should I get? I heard Ubiquty is a good and found this one off of amazon (http://www.amazon.com/Enterprise-System-UBIQUITI-NETWORKS-UAP-LR/product-reviews/B00HXT8S9G/ref=dpx_acr_txt?showViewpoints=1). I am a bit of a noob to this stuff but I do have a understanding on how it works. Down below I will list the system I got:

    pfSense Computer: Dell Optiplex 755 (got)
    Network Card: Dell Optiplex 755 (http://www.amazon.com/TRENDnet-Gigabit-Profile-Adapter-TEG-PCITXRL/dp/B003QXGXOA?ie=UTF8&psc=1&redirect=true&ref_=oh_aui_detailpage_o00_s00) (got)
    Switch: http://www.amazon.com/TP-LINK-8-Port-Gigabit-Ethernet-TL-SG108E/dp/B00K4DS5KU?ie=UTF8&psc=1&redirect=true&ref_=ox_sc_act_title_1&smid=ATVPDKIKX0DER (Don't have yet)
    Access Point: With the access point I see mutiple Ubiquiti ones out there. The two I am thinking of getting are (http://www.amazon.com/Ubiquiti-Networks-Enterprise-AP-Unifi/dp/B00HXT8R2O?ie=UTF8&keywords=ubiquiti access point&qid=1465346666&ref_=sr_1_2&s=pc&sr=1-2) and (http://www.amazon.com/Enterprise-System-UBIQUITI-NETWORKS-UAP-LR/dp/B00HXT8S9G/ref=pd_sim_147_3?ie=UTF8&dpID=31ZYZ9bvX-L&dpSrc=sims&preST=AC_UL160_SR160%2C160&refRID=0Y9M5J73KYCW03G92DSA)

    I am not sure which one I should get. If you guys can post a suggestion that will be great :D

    Thanks also guys for the help :)



  • Well after looking more in-depth on how VLAN's work and what I need to buy I made up my mind :)

    I got the D-Link DGS-1100-08 (https://www.amazon.com/gp/product/B008ABLU2I/ref=oh_aui_detailpage_o00_s00?ie=UTF8&psc=1) The reason I did not go with the T-Link is because people were complaining of a high pitch noise.

    For the access point I got the UniFi UAP-LR (https://www.amazon.com/gp/product/B00HXT8S9G/ref=oh_aui_detailpage_o01_s00?ie=UTF8&psc=1). I got this since it had good reviews and supported what I need. I also see it does have a guest option for logins which will work great for my needs. I have plans to make a guest VLAN with pfSense and then setup the VLAN on the UniFi AP and use that for the guest network.

    This is what I have a idea on from how I understand on how this all works. If I am wrong please do explain since I am new to this.

    Also another thing I would like to ask is for my modem I got the Q1000. I am guessing I will put the WAN into Transparent Bridging and put the PPPoE info on my pfSense router? (If Im right or wrong please let me know  :))

    My new chart on the plan is this:
    Home:
    Modem -> Router(LAN) -> Switch -> AP (Home Network)

    Guest:
    Modem -> Router(VLAN) -> Switch - AP (Guest Network)

    Thanks


Log in to reply