Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Need Help First Config

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    10 Posts 3 Posters 3.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jaydjss
      last edited by

      Hi, im new with pfsense currently testing it… whats the best configuration for two nic cards.

      1. Nic1 will use the WAN
      2. Nic2 will use the LAN

      Objectives for 100 hosts.

      1. 40 host will have internet access
      2. 60 will be block for internet access but not in LAN, will have to see the
           a) File Server
          b) Local Email Server
          c) Print server

      Any help will be much appreciated. Thanks :)

      1 Reply Last reply Reply Quote 0
      • Cry HavokC
        Cry Havok
        last edited by

        Let's say you're using 192.168.1.0/24 for your network.  Put the hosts you want to allow access in the range 192.168.1.1-192.168.1.127 (192.168.1.0/25).  Put the hosts you want to block in the range 192.168.1.128-192.168.1.254 (192.168.1.128/25).  Create a rule that allows 192.168.1.0/25 Internet access and you're done.

        Access to other hosts on the LAN won't be affected by your firewall rules as pfSense will never be involved.

        1 Reply Last reply Reply Quote 0
        • J
          jaydjss
          last edited by

          Thank you for the reply, is subnetting the following address better? And, is having 1 NIC acceptable, do I have to install NICs for the LAN?

          1 Reply Last reply Reply Quote 0
          • Cry HavokC
            Cry Havok
            last edited by

            What address?

            Unless you're using VLANs you must have 2 or more NICs to make a firewall work.

            1 Reply Last reply Reply Quote 0
            • J
              jaydjss
              last edited by

              Can 1 nic handle all traffic and connections of 100 host?

              1 Reply Last reply Reply Quote 0
              • Cry HavokC
                Cry Havok
                last edited by

                Those questions have been asked, and answered, many times before.  There's even a page on the pfSense site giving information.  I'd suggest you search the forum if you want the details.

                The short answer is - "it depends" and you've provided far too little information for anybody to be able to say.

                1 Reply Last reply Reply Quote 0
                • K
                  ktims
                  last edited by

                  I would say you want 3 NICs for this, or at least 1 fast NIC and managed switches for all your hosts. Split your broadcast domains either physically or with VLANs and use pfSense to route between them. Cry Havok's solution will work, sort of (if users can change their IP address it's trivial to circumvent), but actually routing the traffic will give you much greater control and security. You lose some performance and need a beefier pfSense box in return.

                  1 Reply Last reply Reply Quote 0
                  • Cry HavokC
                    Cry Havok
                    last edited by

                    Or, bridge the 2 networks.  That way it doesn't matter if people change their IPs, it's where they are connected to that matters.

                    Either way, you'll need higher spec hardware.  The nature depends largely on your network profile.

                    1 Reply Last reply Reply Quote 0
                    • J
                      jaydjss
                      last edited by

                      Currently Im  using a Pentium 4 2.4 ghz with 512 RAM with two 100mb nics 1 for wan and 1 for lan, will that do? if not any hardware recommendations for 100 host?

                      1 Reply Last reply Reply Quote 0
                      • Cry HavokC
                        Cry Havok
                        last edited by

                        Can I suggest you actually perform those searches I suggested and look at that page.  The hardware that happily supports 100 users in one network may not be enough to support 10 users in a different network.

                        Here's a bunch of things mentioned elsewhere that affect the answer:

                        • Type of NICs - server grade NICs have a lower performance impact than desktop NICs.  Some cards are known to be a bad choice.
                        • Traffic profile - of that 100 Mb/s how much do you actually use?  How much would you be pushing through pfSense?  What does that traffic look like, is it all long sessions, short sessions, UDP, TCP, little packets, big packets, what?
                        • What kind of Internet bandwidth do you have, 512 Kb/s, 50 Mb/s?
                        • What services are you running on the pfSense host?

                        And so on, and so on, and so on.  As I said, this has been asked and answered many times before.  I'm not going to repeat the answers for everybody who can't be bothered to search.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.