Initial setup network configuration
-
I imagine this has been discussed, but I’m not having much luck finding any info.
I will be receiving my hardware for my first pfSense router in a few weeks and I’m pretty much a noob at this. Was thinking that when I connect the box initially I would just have a WAN connection to my existing local network and a LAN connection to one desktop to be used for configuring the new router. That way my network won’t have much down time, since it will still be managed by the old router, and I can take my time with the configuration.
Not sure if this is a good idea or a noob mistake. I think this will setup a double nag with both routers running. I’ve always heard that’s bad, but since I don’t have any background with network design I could use some input from more experienced users.
Is this a good plan?
Is there a better way to accomplish the initial setup?
I’m using an AirPort Extreme for routing right now and I don’t see any way to export dhcp reservations and network settings to the new pfSense box. Maybe I’m missing something. Would really appreciate any advice.
-
For learning about pfSense, I don't think the double NAT is going to do any harm. You may run into trouble if you intend to configure and test something NAT sensitive, like a VPN server.
As far a DHCP reservations, you don't have to worry about the dynamic reservations in general. If you have some static MAC to IP mappings, for say a server, then those need to be addressed. The dynamic ones will expire and the client will request the same address from pfSense after you transition, which it should give it, if it's free. In the mean time the new DHCP server should test to see if an address that it doesn't know is assigned, is in use, before issuing it to a new client.
If you use the AirPort Extreme to provide a guest network, then later you may want to move those services off the Extreme to the pfSense, this will allow you to have different rules for the Main and Guest networks. You set the AirPort Router Mode to Off(bridge mode). Then on the pfSense you create VLAN 1003 on the port wired to the Extreme. The native interface (non VLAN) will carry the Main WiFi traffic and VLAN 1003 will have the Guest network. You then set up DHCP on pfSense for those two interfaces. You can then treat the Guest network more like a DMZ with its own rules in pfSense. Even if you don't use the guest network, if you leave the Extreme in router mode and put it behind the pfSense, it will complain about a double NAT, but for simple situations that can be ignored (been there).
-
Thanks. This will only be a temporary setup just to give me time to get the basics configured. Then I’ll be connecting the pfSense box directly to the cable modem.
Since I am using DHCP reservations for all the desktops and servers on my home network now I’ll probably keep doing that. I think they’re probably all configured to use dhcp rather than a static IP.
All my IOT devices are probably set the same way. Not sure if I’ll keep doing that or not. Probably not since I’m planning on setting up a vlan for them.
Thanks for the info re AE and guest network. At some point I’ll likely upgrade my AP’s to something better and the AE’s aren’t being really maintained by Apple any more but at least this way I can make the best use of them in the meantime.
-
PfSense doesnt support DHCP reservations. Assign static IP’s outside the dhcp range for anything you want the IP address to remain the same.
You could always spin up a vm in vitualbox or some other hypervisor and use that to play around and familliarize yourself before you deploy your installation.
-
I’ve been trying to get an instance working on my MacPro in Parallels but somethings not right yet. Keep losing connection to the webUI from the host machine every time I save the initial setup. It’ll be 4 to 6 weeks before I get my new hardware so hopefully I’ll get the VM up and running by then.
This double nat will only be just a short term setup though. I figure it’ll take me a couple or 3 hours to get a basic setup running but my family isn’t that patient. I think things will go much more smoothly if I can minimize the network outage.
Maybe if I get the VM working I can just export the setup to the new hardware? Not sure what settings might be tied directly to the hardware and not exportable?
-
PfSense doesnt support DHCP reservations. Assign static IP’s outside the dhcp range for anything you want the IP address to remain the same.
Since when?? I have IPv4 addresses mapped to MAC addresses on my network.