New pfsense user looking for feedback/help on network setup
-
This is sort of a follow up to my post (http://forum.pfsense.org/index.php/topic,12983.0.html) I ended up just going strictly embedded because I want to get a working network first and can do so not needing package support.
I got pfsense installed fine and the initial configuration is done as well my problem is that I can't seem to get much further than that. Below is a diagram of my network how it stands now and how I would like to get things working (sorry for the scribbles). Other than the inital configuration and the addition of the extra interfaces I have reverted all changes that I made when trying to figure things out myself.
My goal is to get my entire network operating behind my net5501-70 such that any device can see another with no fancy tricks doing so. These devices range from other wired desktops, wirless notebooks/tablets, wireless routers, my iphone, tivo, as well as gaming systems (PS3,xbox360,Wii). After that is accomplished I would like to get a VPN going so that I can easily access any one of these devices from a location where I have internet access. I have done home networks in the past but they mostly involved getting a router setup and that is the extent of it.
My problem is now is that I can't seem to get anything past the initial configuration working. I plug a notebook straight into OPT1 (vr2) and not matter which configurations of interfaces and firewall rules I can't even get the device to get a damn IP. I think that would be the first step I need help with.
The second step is adding the 1st Linksys WRT54GS to the network. I would like this router to essentially act as a switch (not provide DHCP) because that way I can link two separate groups of devices through the built in WDS (Wireless Distribution System) of the tomato firmware. This box would also act as a wireless access point for all wireless devices. Like I said before I would like all these devices to see one another (same subnet, correct?), is this possible?
Can anyone help me along? I have spent quite a few days trying to get this working on my own but as much as I've googled and looked around on the forums I can't find the answers I was looking for.
-
If all you want is all your devices on your LAN and OPT devices to communicate without any firewalling, why not just move them all to the same port on a switch running on the same subnet?
The only reason you'd want to use the OPT ports is that you want to segregate your network more to restrict access, but this seems to be an unnecessary complication for what you want to do.
-
My problem is now is that I can't seem to get anything past the initial configuration working. I plug a notebook straight into OPT1 (vr2) and not matter which configurations of interfaces and firewall rules I can't even get the device to get a damn IP. I think that would be the first step I need help with.
Is LAN bridged with the OPT1 interface? (Given that you have said you want everything to communicate with everything else you may chosen bridging as a way of doing that.) If so and you are using some variant of pfSense 1.2.1, you may need to add firewall rules to pass DHCP traffic on the OPT1 interface.
For some reason, which I have never seen explained anywhere, a change was made during 1.2.1 development so that DHCP traffic on some (all?) bridged interfaces is blocked by the firewall. On my pfSense box LAN is bridged with WLAN (OPT1) but the DHCP server has no option for enabling DHCP on OPT1 and the firewall blocks DHCP on OPT1.
You could look in the firewall log (from the web GUI, Status -> System logs, click on the firewall tab) for blocked packets from OPT1.
If you don't have LAN bridged with OPT1 have you enabled the DHCP server on OPT1?
-
For the moment while I'm still getting used pfsense I will just use eth0 and eth1. What don't know how to do is make it so that psfsense on my net5501 handles all DHCP and port forwarding, even from those devices connected to my WRT54GS routers, any idea how to go about that?
-
Disable the DHCP server on your WRT53GS routers, and plug the routers into your pfSense box using the LAN ports. Give the LAN IP of the routers a unique IP on the LAN. Don't use the WAN ports on the routers at all.
-
Wow it worked no problems what so ever, thank you for the help!
-
I am having (what I think, at least) to be a very similiar problem.
DHCP just doesn't seem to work on OPT1 for me. I have checked the firewall logs as mentioned above and see no mention of OPT1.
I have tried with a switch, a AP and a laptop plugged in directly and none received an IP.
I am trying to seperate OPT1 from LAN (it wll be my wireless), and I have not bridged them. Is there a firewall required as mentioned above?
-
Stupid question: did you enable the DHCP server on the OPT interface?
-
Yes I did, I also tried turning it off and then back on again - no change.
-
Post the rules of your OPT1 interface and the settings at DHCP OPT1 tab.
When plugging a switch in the OPT1 IF, did the link lights show up? Otherwise try another cable. -
Girbot, perhaps you need a cross over cable on OPT1. (Depends on the interfaces at each end.)
-
Willing to try, but would I should I need one between an onboard nic and an AP?
Link to the mobo/case:
http://www.asus.com/products.aspx?l1=1&l2=3&l3=409&l4=0&model=2072&modelmenu=2Also attached two screenshots of the web gui settings incase I am being blonde…
-
LAN interfaces generally have associated LEDs that show Link Status (On/Off, link speed: 10 Mbps or 100 Mbps etc) and Activity. When you plug your cable into OPT1 does the Link Status LED come on within a few seconds? If so, your cable is good and you don't need a cross over cable. If not, your cable might be broken or you might need a cross over cable.
LAN cables are normally "straight through": pin 1 to pin 1, 2 to 2 etc. This means if you connect two NICs together with a straight through cable you connect the receiver of one NIC to the receiver of the other NIC and the transmitter of one NIC to the transmitter of the other. Therefore neither can hear the other (the receiver of each needs to be connected to the transmitter of the other). LAN sockets on switches are normally wired differently to sockets on NIC cards and motherboards so this "cross over" happens automatically. If you connect two NIC sockets that normally connect to a switch (e.g. two NIC cards) you will need a cross over cable to provide the cross over that would normally be provided by the switch. (Some recent NICs have polarity sensing and can provide their own cross over when required. If you have one of them you won't need a cross over cable. Its less likely you will find this facility on equipment built down to a price, e.g. motherboard LAN interfaces, cheap routers etc).
-
I will double check when I get home this evening, but I am fairly sure that both the OPT1 nic and the attached device (Laptop/Switch/AP) were all lit.
-
Sorry to bump such an old thread, not had the time to look at this until last weekend.
I am now pretty certain that the issue is with the NIC, or Pfsense, and the AP and DHCP works fine through the LAN interface. I've tested different cables and all work fine through the LAN interface.
DHCP just isn't server through the OPT1 interface. I am going to try swapping the interfaces to try to pinpoint what the issue may….
OK swapping had no impact, and the NIC only had an amber light not green light. I am fairly certain the NIC is ok, pretty sure I used it with Fedora before I installed Pfsense on this box.
So now I'm thinking the onboard and Pfsense don't play well together - is there a way to get them to play nice?!
