• Hi all, my first post here and my first time with pfsense. From what I have played with it seems to be an awesome bit of kit. (that's what she said! 😂)
    Seriously though, I want to set up a complete system and for it to be reliable and secure. Unfortunately I don't know what I'm doing to ensure that happens.
    So the set up I have is as follows:
    HP Proliant ml110 g7 tower server
    3 desktop pc
    3 laptops
    1 imac
    HTPC
    Dedicated pfsense machine (old pc)
    16port managed switch
    2 smart home hubs, hue and hive
    7 alexa devices
    Smart tvs
    3 xbox
    3 wifi cameras
    DM200 dsl modem
    X6 r8000 wireless router
    And I think that's it.
    The pfsense has a 4port pci express card in it and my plan is as follows:
    Dsl>wan
    Lan>SWITCH (all ethernet devices)
    Port 3/opt1>wireless AP ((X6 R8000) all wireless devices)
    On the switch will be the desktops, server and smart hubs, possibly a camera.
    My intension is to hardwire as much as possible and leave WiFi for mobiles, tablets and the alexa devices.

    Can someone help me achieve this please as I have a reasonable amount of tec capability but not alot of experience and knowledge. I've learnt alot in the past few weeks but I know my limits.

    Massive thanks in advance and I look forward to hearing from people.


  • @DrJon Congratulations on choosing pfSense ... you have made a wise decision; however, please do expect a steep learn curve that will take time. I hope your four port NIC is an Intel especially if you plan IDS/IPS. It seems that, from the list of toys, you're already familiar with networking and is improving your network skills. If this is for a home environment, please remember have a separate WIFI for guest who must be completely not connected to your main network, example a different IP address

    At this point, I would say start connecting your toys ... ISP box > pfSense box > managed switch > clients (desktop and other wired connections such as your HTPC) as well as switch > WIFI router in bridge mode > laptops, cameras, and other smart devices.

    Sources for you: https://www.netgate.com/videos/ ... https://docs.netgate.com/pfsense/en/latest/general/index.html ... you can also check out Lawrence systems videos on YouTube such as https://www.youtube.com/watch?v=9kSZ1oM-4ZM ... https://www.youtube.com/watch?v=7WVUtzYwLio

    Of course, you can also come here when you need further help ... good luck!


  • @NollipfSense Hi, thankyou for your reply. I think I am confused due to the overwhelming amount of information. A lot of the information I have come across, assumes you are savvy with what pfsense is or what the different parts of it does, settings etc. I would love to find a complete idiots guide to having your component parts through to a working pfsense on the network, albeit it a generic basic set up. I think that because there is so much information out there and because pfsense can do so much that is where the problems occur. I have seen some of the Lawrence systems, very handy, but again no step by step process for setting up a generic working pfsense.


  • i have a few questions...
    starting at the beginning...

    when i install pfsense how much if any do i need to or have to configure from the terminal window displayed on the VGA connection from the pfsense machine. (i have already installed and played, however more than happy to do a fresh install and completely start fresh...CORRECTLY)

    when i set up my DM200 DSL modem (default ip of 192.168.5.1 or router login.net), i have set it to run as modem mode and created the connection to BT. Internet connection works. I have then connected the LAN port on the DM200 to the pfsense WAN connection (em0). I have configured this (via webconfig) as connect PPPoe with the BT information used to establish the connection of the DM200 initially. the connection shows my external ip address and from what i can tell works.
    is this the correct method?

    I have configured the LAN (em1) 192.168.1.1
    does this need to be static?
    (I am also not interested in using ipV6 as from experience its caused more problems than i need. if i can make it work or it is advantageous then i will use it but have not really a clue how it works)
    can i change the LAN and OPT1 ip to fit my current network? currently my system runs via BT Complete wifi (the black hub and discs) with router ip 192.168.1.254 (gateway) therefore my server is 192.168.1.253 and the DNS on the server is also 192.168.1.253. I have NIC teaming set up on the server to have a 2gbps connection to/from the server as a result.

    In my mind i wanted to have the Wireless AP (netgear x6 r8000) connected to the pfsense too to the OPT1 port (em2) or other on the pfsense as a dedicated wifi port. all wired devices will connect via the switch connected to the LAN port (em1)
    re the R8000, i in playing, have configured it as AP Mode with no DHCP. i connected this to the YELLOW 'Internet' port to the pfsense wifi port (em2) with a static ip of 192.168.2.1 and 192.168.2.2 as the R8000 ip address this way all wifi devices will have a separate set of ip addresses to the wired network.
    is this ok? is this correct? how do i make everything talk to everything correctly?! i seemed to have some success but this is where i start to get lost a bit.
    I am happy to use teamviewer if anyone can help or to follow instructions if anyone can help.

    thankyou for any assistance you can offer.
    i hope that this made sense....


  • @DrJon It seems that you're doing okay so far from what I am reading, and glad to see your NIC is EM so you shouldn't have problems when you're ready for IDS/IPS. Since you had already correctly installed pfSense, you should not need to freshly install again unless for confidence building. However, if you had installed pfSense 2.4.4, I recommend upgrading to version 2.4.5.


  • @DrJon

    I may have missed something here so just checking to make sure we all have all information to best help you.

    My understanding is as follow;

    • PFSense is up and running
    • Wired devices are connected to LAN (em1), I'm assuming using 192.168.1.x with DHCP Enabled
    • Wireless Network (AP Connected to OPT1 (em2) with PFSense IP of 192.168.2.1 and 192.168.2.2 for AP)

    Now come the questions...

    Have you configured a DHCP Server for OPT1?
    Are you able to connect a wireless device to the AP and obtain and IP?

    What else other than this are you looking to achieve with this setup?

    Regards,
    Tom


  • @NollipfSense thanks, i have 2.4.5 installed.
    what i have said above, is that correct for settings?
    how do i get wifi devices on 192.168.2.xxx to communicate to LAN devices 192.168.1.xxx


  • @tompark
    as far as i can tell pfsense is up and running, i have done a lot of fiddling so planning to do a fresh install for the 'build' rather than give myself issues with going forward. in Services>DHCP>Wifi(OPT1) the enable box is ticked.
    when i had the AP fiddling about last night wifi devices did have ip addresses. i did get internet to work but it wasn't fully working, ie my alexa devices wouldn't connect.
    i want to be able to have my whole set up covered by the pfsense firewall and security. i want all my devices to be able to communicate with each other where necessary and be able to have my server network working across server and clients as well as externally, id like to set up VPN to allow logging into the network externally and id like to also use by Cyber ghost VPN connection on the pfsense which i believe is possible as it uses OpenVPN. id like to have restrictions such as parental filtering to protect my kids online etc, tbh that's just a few things i can think of but im sure i will discover more as i learn pfsense and needs change etc.


  • @NollipfSense @tompark
    ok so here are the results of my efforts last night until 0130!
    I am currently unable to get my plex to work.
    the plex server is on the server 192.168.1.251 and I am trying to access it via the tv firestick. can anyone help?

    Skynet.jpg