Help with Planning Setup

  • Hello all,

    About a year ago, I set up and used pfSense, but it was more of a test setup (two NICs and wifi), and when hardware failed, I just switched back to my ISP router. Since then I have acquired some more hardware and have more features I am looking to add. Can someone give me advice on the hardware configuration and where to go to find out the software configuration for the services I would need. Thanks in advance.

    Required Features

    1. Firewall
    2. DHCP Server
    3. Port Forwarding

    Desired Feature

    1. VPN (way to securely connect to friend's local network easily and without us both having to be there to connect, if possible)

    Required Network Components

    1. Local Desktops (protected, able to access local network, with a few ports forwarded for remote mgmt)
    2. Local Laptops (protected, able to access local network)
    3. "Public" Desktops (not necessarily protected, NOT able to access local network, with a few ports forwarded for web and database servers)
    4. "Public" Laptops (not necessarily protected, NOT able to access local network)

    ISP is Verizon FiOS 20MB/5MB with dynamic IP (could get static if needed)
    Connection to ONT is ethernet (not the later coax installs).

    Available Hardware

    1. pfSense-puter (~2ghz cpu, 1-2gb ram)
    2. lots of 100baseT NICs (two intel)
    3. lots of 1000baseT NICs (Realtek mostly)
    4. 2-port gigabit intel PCIe NIC (currently used in a server, but could swap out if absolutely necessary)
    5. wireless G PCI card (possibly use in pfsenseputer instead of using standalone wifi (eg two listed below)
    6. Actiontec Wireless Router (Verizon-issued, required to be on the local network to grab TV guide info) (maybe used for local wifi?)
    7. Linksys WRT54G Wireless Router (maybe used for public wifi?)
    8. 8port gigabit switch
    9. two 5 port switches

    I'm thinking a DMZ sounds like what i need for the "public" stuff, but I'm not sure how that works. Would I need a third NIC in the pfsense-puter or if that is all handled in some other way? Any help or ideas are greatly appreciated.

  • Nobody has any ideas? Any clarification on if a DMZ is what I should do to keep my servers out of the intranet? Do I need to have a third NIC in the pfsense box? Is it easier or recommended to use a wifi card, or connect a standalone wireless router for both public and protected networks? Or suggestions on how I could set up a secure connection to a friend? Anything?

  • What you need is pretty much a basic setup.

    Your publicly available computers indeed should be setup in a DMZ. That is a third interface (originally called OPT1 unless you rename it) with a proper rule set.
    If one of your switches is manageable you could use VLANs but the logical layout will be the same. Only physical layout would be different.
    Avoid Realtek NICs if possible and go with Intels. If you need to troubleshoot something you know where not to look…

    Depending on your friend's router is the choice of VPN. It probably does not support OpenVPN, otherwise give it a try. IPsec is not an alternative as long as both ends use dynamic IPs.

    Since you have the hardware just go ahead and play around a bit. It's not that difficult.