New setup



  • Hi

    I am new to firewall/networking so apologies in advance for any stupid questions – I have just inherited a setup where the original guy has left with no notice.

    We have currently a hosted server site where I have set up
    1.SQL server
    2. Domain Controller
    3. Remote Desktop server
    4. PFSense box

    The PFSense box is set up and appears to have connection to LAN and WAN

    The 3 servers can all see each other and ping the PFsense box.

    I would like all the servers to access the internet via the PFsense – my simple question is how do these servers need to be configured to that.

    Thank you in advance


  • Rebel Alliance Global Moderator

    They need to point to the IP address of pfsense LAN ip as the gateway.

    This is a hosted server site.. So your in some DC or Colo.. So your servers behind pfsense are using the rfc1918 address behind pfsense (pfsense lan?)



  • Hi Johnpoz

    Thank you for taking the time to reply to this.

    Previous to posting -

    I static IP's on the servers and put the local IP of the PFsense in the default gateway settings of the server.

    I have a domain set up which the servers are members of.

    The ip's in that set up are

    192.68.0.1 etc

    The PFsense has an external IP and an internal IP

    195.157.14.56 etc external
    192.168.0.3 internal

    I suspect I have set up something incorrectly on the PFsense box if all you need to do is populate the server Gateways with the local PFsense Ip address.

    I followed the standard wizard set up and the LAN/WAN are both showing green in the dashboard.

    Other than that I am confused  :o


  • Rebel Alliance Global Moderator

    Out of the box pfsense works with really almost no config..

    Why did you change its IP to 192.168.0.3?  You didn't set a gateway on the pfsense LAN interface did you?  Did you mess with any of the outbound nat rules?  Your devices behind are not dhcp from pfsense but static setup.  Its possible you messed up the mask or something?

    If your lan network on pfsense is 192.168.0/24 and pfsense IP is 192.168.0.3/24 pfsense LAN interface should not have a gateway set.

    Your clients would then be

    192.168.0.X/24
    gateway 192.168.0.3

    Did you mess with the lan rules on pfsense?  They default to any any.. Are you local to these machines?  How are accessing them if they are in some DC or colo?  How are they wired/connected exactly..

    should go like this
    internet – wan (pfsense) lan --- switch - other devices.



  • Thanks again John for your very prompt reply

    I can redo the wizard - I guess that will undo any fiddling? or I can reinstall from fresh - that is no problem either.

    the Servers are on a hosted platform = x cores, x GB ram, X storage - split and made 3 virtual machines, assigned static ip's, 1 server being the domain Controller sets up the domain and lets the other servers join the domain.

    a fourth virtual machine added and PFsense loaded - as I type it prompts the question should the PFsense  virtual machine be added to the domain or is it seen as a device rather than a domain member?

    I notice you have –switch--- in your data flow

    currently I have

    internet --- wan (external ip 195.157.etc)pfsence(internal ip 192.168)  lan---  servers


  • Rebel Alliance Global Moderator

    In your virtual setup you would have switches too - they would would just be "virtual"

    So in your virtual setup pfsense wan would be connected to the "wan" virtual switch that is connected to the physical nic that connects the wan to the real world.  Then its lan would be connected to a different virtual switch or port group on virtual switch so its isolated from the wan network.  Pfsense lan virtual nic would be connected to this vswitch, and all your vms would have their vnics connected to this same lan vswitch..



  • Hi JohnPoz

    I reinstalled the PFsense and configured the servers as you outlined - success!

    Thank you for your help - I obviously changed something post set up.  Your outlining of the way it was to work has made the process much clearer - once again thank you for taking the time to help me.