What should i do??



  • hi guys.. before i'm implementing PFsense in my company
    i want to make a simple implementation
    like the picture above
    but it cannot go to internet
    i already setup the firewall to make it pass like tutorial said
    have u any idea how to solve this problem?
    plz help me
    ![pfsense dummy.JPG](/public/imported_attachments/1/pfsense dummy.JPG)
    ![pfsense dummy.JPG_thumb](/public/imported_attachments/1/pfsense dummy.JPG_thumb)



  • Is your pfSense box doing routing or NAT?  Can it reach the Internet?



  • i have 4 interface, and i name it
    -LAN
    -WAN
    -BRIDGE LAN
    -BRIDGE WiFI

    i connect my pc to pf sense box with LAN interface
    and i bridge "LAN interface" with "bridge LAN interface"
    but it can't connect through internet

    FYI my company using public IP so i don't need NAT
    my company using OSPF for routing protocol

    so can u solve my problem ?



  • You're failing to answer the questions…

    Can the pfSense host reach the Internet?

    Have you connected the WAN interface to the outbound link?  Have you configured pfSense's WAN interface by DHCP or manually?  If manually did you configure a default gateway?  It sounds like you're failing to understand basic routing.



  • i'm not connecting WAN interface at all.. i juz leave it behind..
    do you mean that WAN interface for connecting to internet??

    i'm connecting like this..
    A.)  my comp –---- LAN interface(pfsense) ----- LAN BRIDGE(pfsense) ------- Switch------- ROuter
    my comp can connect to PF sense through LAN interface
    but when i ping from PF sense it cannot ping to router
    i configure the firewall LANbridge and LAN interface to make it pass all packet from my subnet

    and do you think i need to configure PF sense like this..
    B.)  my comp ------ LAN interface(PFsense) ----- WAN interface(pf sense)----- switch ----- router

    @cry havok: do you think i must change the topology based on option B ?
    or i should take the option A and configure the firewall??



  • I'm utterly confused as to what you're trying to do.  You need to configure pfSense with a default gateway, so it knows how to reach other networks.  The normal approach to this is to connect the WAN interface to your untrusted network and leave the WAN interface configured with DHCP.  You haven't posted enough information to recommend what you need to do.  Without knowing what you're trying to achieve there's no way to make recommendations.

    I'd suggest that you appear to be trying to fly before you've learned to crawl ;)



  • ok let me explain it again.. 1st look at the picture below..
    i want to the PF sense box like topology B
    before i'm implementing like topology B.. i want to implementing like topoloy A
    it's just for make sure that the firewall is working and reliable..

    there is a reason why i'm not using WAN interface.. since internet on building B is depend on building A..
    u can see the picture Building A and Building B connect through fiber optic.. i already put on LAN interface the default gateway of my router building.. but it won't connect through internet..
    can u solve my problem ?

    tq again cry havok

    ![A or B.JPG](/public/imported_attachments/1/A or B.JPG)
    ![A or B.JPG_thumb](/public/imported_attachments/1/A or B.JPG_thumb)



  • Iamthed, may I ask you about what position you have at this company please?
    Just out of curiosity…
    Thanks.



  • To be blunt, can I strongly suggest you hire a professional who understands networking.  It's pretty obvious that you're very far out of your depth.

    If you want to carry on then:

    1. Use a default install of pfSense
    2. Connect the WAN interface to the Cisco switch
      2a) If you're not using DHCP, manually configure the IP, netmask, default gateway and DNS servers correctly
      2b) Ensure that the LAN interface uses a different IP range to the WAN interface
    3. Confirm that your pfSense host can perform DNS queries and reach the Internet
    4. Connect your test PC to the LAN interface
    5. Configure the firewall rules on the LAN interface to match your business needs

    When that works and you can access the Internet from the test PC:

    1. Configure the OPT1 interface with an appropriate IP range, different from that in use on the WAN and LAN
    2. Configure appropriate firewall rules to allow your chosen traffic through
    3. Connect the Wireless subnet to the OPT1 interface


  • @Eugene:

    Iamthed, may I ask you about what position you have at this company please?
    Just out of curiosity…
    Thanks.

    i'm just a new network engineer in my company.. why do you ask?



  • @iamthed:

    @Eugene:

    Iamthed, may I ask you about what position you have at this company please?
    Just out of curiosity…
    Thanks.

    i'm just a new network engineer in my company.. why do you ask?

    As I said - out of curiosity… Thanks for your answer.
    Network engineer... Hmm... and why did you decide to redesign your network? What is wrong with it you think?



  • actually i'm not redesign it.. but i'm improving it.. since the router act as a router+firewall.. it has a bad effect of QoS.. so i'm thinking to split the firewall and router.. because PFsense very low cost why i didn't changing it to improve my QoS..

    are u a fan of PFsense? why u don't tell me the good and bad sides of PFsense..
    since i'm new using PFsense



  • @cry havok
    i already setup PFsense like ur suggestion but i have a trouble with the bridge LAN interface and WAN interface
    see the picture above..
    it's listening not established.. i'm gettin frustated !!

    the topology is like this

    my PC –--- Interface LAN(bridge to WAN) ----- WAN( where is the bridge option?) ------ switch ---- router
    LAN interface can ping to google
    but WAN interface can't ping to anywhere
    can u fix it? tq




  • Why are you bridging?  Why aren't you using routing?



  • because i think bridging is the simpilest method..
    ok let put some routing in pfsense..
    is static or RIP do u suggest for routing like this?



  • I think the amount of problems you're having to get the basics working should have told you by now that if you don't know what you're doing bridging isn't the simplest method ;)

    I've already provided my advice earlier in this thread, and I'll quote it here for you:

    @Cry:

    1. Use a default install of pfSense
    2. Connect the WAN interface to the Cisco switch
      2a) If you're not using DHCP, manually configure the IP, netmask, default gateway and DNS servers correctly
      2b) Ensure that the LAN interface uses a different IP range to the WAN interface
    3. Confirm that your pfSense host can perform DNS queries and reach the Internet
    4. Connect your test PC to the LAN interface
    5. Configure the firewall rules on the LAN interface to match your business needs

    When that works and you can access the Internet from the test PC:

    1. Configure the OPT1 interface with an appropriate IP range, different from that in use on the WAN and LAN
    2. Configure appropriate firewall rules to allow your chosen traffic through
    3. Connect the Wireless subnet to the OPT1 interface

    So, yes, static routing - one single entry for the default gateway (on the WAN interface).  Stop trying to run when you haven't even learned to crawl yet.  I'd also suggest you talk with the experienced network techs in your company.



  • thx again to cry havok..
    i'm not using static route.. because the pfsense crash after i using static route
    then i'm using bridge.. and it works now..
    lol

    however thx cry havok.. regards


Log in to reply