• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Help need: how to setup CP - with one or two pfSense boxes?

Scheduled Pinned Locked Moved Captive Portal
3 Posts 2 Posters 2.3k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • U
    unguzov
    last edited by Dec 2, 2008, 6:52 PM

    I have these requirements to build my network setup:

    1. Internet uses only one WAN (static IP).
    2. Users from office LAN needs to connect without restrictions to Internet. Traffic shaper must be active.
    3. Guests can access only internet via access point and can't see LAN users. All guests must be limited (shaped) and will get only part of the internet traffic (WAN is only one and shared for office and guest users).

    So what is the most stable configuration? Use one pfSense box with one WAN and two LAN interfaces or two pfSense boxes (one for router and second just for CP)? I do not want to run in problems with traffic shaping and complicated NAT and firewall rules just to save money for second pfSense box….

    Option 1:

    INTERNET ---> (WAN) pfSense ------> (LAN) ---> office users
                                        |
                                        +----->(OPT1) -->(CP)---> Access point (internet only, do not access LAN)

    Option 2:

    INTERNET ---> (WAN) pfSense 1 ------> (LAN) ---> office users
                                        |
                                        +--> (OPT1)---->(WAN) pfSense 2 ---> (LAN) -->(CP)---> Access point (internet only, do not access LAN)

    1 Reply Last reply Reply Quote 0
    • M
      Monoecus
      last edited by Dec 2, 2008, 7:28 PM

      I think that the first version is fine for you. The drawback with both versions is that you do not have any traffic shaping on the OPT with pfSense 1.2.1. However, as you need Shaping only on the LAN for now, that first version is safe. In case you need Shaping on all Interfaces, wait for the version 2.0.

      For the access points. Just make sure that they cannot connect to LAN, by blocking access to LAN.

      1 Reply Last reply Reply Quote 0
      • U
        unguzov
        last edited by Dec 2, 2008, 7:43 PM

        @Monoecus:

        I think that the first version is fine for you. The drawback with both versions is that you do not have any traffic shaping on the OPT with pfSense 1.2.1. However, as you need Shaping only on the LAN for now, that first version is safe. In case you need Shaping on all Interfaces, wait for the version 2.0.

        For the access points. Just make sure that they cannot connect to LAN, by blocking access to LAN.

        It is important to use traffic shaping for LAN and guest users. I need to limit guests to 30% from total bandwith AND use traffic shaper to distrubute fair these 30% to all guest users.

        So I will use Option 2 until version 2.0 comes out.

        Thanks for the help!

        1 Reply Last reply Reply Quote 0
        3 out of 3
        • First post
          3/3
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received