Need Help First Config



  • Hi, im new with pfsense currently testing it… whats the best configuration for two nic cards.

    1. Nic1 will use the WAN
    2. Nic2 will use the LAN

    Objectives for 100 hosts.

    1. 40 host will have internet access
    2. 60 will be block for internet access but not in LAN, will have to see the
         a) File Server
        b) Local Email Server
        c) Print server

    Any help will be much appreciated. Thanks :)



  • Let's say you're using 192.168.1.0/24 for your network.  Put the hosts you want to allow access in the range 192.168.1.1-192.168.1.127 (192.168.1.0/25).  Put the hosts you want to block in the range 192.168.1.128-192.168.1.254 (192.168.1.128/25).  Create a rule that allows 192.168.1.0/25 Internet access and you're done.

    Access to other hosts on the LAN won't be affected by your firewall rules as pfSense will never be involved.



  • Thank you for the reply, is subnetting the following address better? And, is having 1 NIC acceptable, do I have to install NICs for the LAN?



  • What address?

    Unless you're using VLANs you must have 2 or more NICs to make a firewall work.



  • Can 1 nic handle all traffic and connections of 100 host?



  • Those questions have been asked, and answered, many times before.  There's even a page on the pfSense site giving information.  I'd suggest you search the forum if you want the details.

    The short answer is - "it depends" and you've provided far too little information for anybody to be able to say.



  • I would say you want 3 NICs for this, or at least 1 fast NIC and managed switches for all your hosts. Split your broadcast domains either physically or with VLANs and use pfSense to route between them. Cry Havok's solution will work, sort of (if users can change their IP address it's trivial to circumvent), but actually routing the traffic will give you much greater control and security. You lose some performance and need a beefier pfSense box in return.



  • Or, bridge the 2 networks.  That way it doesn't matter if people change their IPs, it's where they are connected to that matters.

    Either way, you'll need higher spec hardware.  The nature depends largely on your network profile.



  • Currently Im  using a Pentium 4 2.4 ghz with 512 RAM with two 100mb nics 1 for wan and 1 for lan, will that do? if not any hardware recommendations for 100 host?



  • Can I suggest you actually perform those searches I suggested and look at that page.  The hardware that happily supports 100 users in one network may not be enough to support 10 users in a different network.

    Here's a bunch of things mentioned elsewhere that affect the answer:

    • Type of NICs - server grade NICs have a lower performance impact than desktop NICs.  Some cards are known to be a bad choice.
    • Traffic profile - of that 100 Mb/s how much do you actually use?  How much would you be pushing through pfSense?  What does that traffic look like, is it all long sessions, short sessions, UDP, TCP, little packets, big packets, what?
    • What kind of Internet bandwidth do you have, 512 Kb/s, 50 Mb/s?
    • What services are you running on the pfSense host?

    And so on, and so on, and so on.  As I said, this has been asked and answered many times before.  I'm not going to repeat the answers for everybody who can't be bothered to search.


Log in to reply