Installation confirmation
-
Good morning all.
just after a bit of confirmation when coming to setup pfsense. As it stands this is how i understand how it should be setup:
WAN --> NETGEAR --> DHCP (WAN) | pfsense |192.168.1.1 (LAN) --> 192.168.1.2 | CISCO RTR | VLAN Address --> clients
The netgear is a cable modem and solely the go between the ISP and my Cisco router.
Have i understood the above correctly?
TIA -
@gherkin12, Ok do you have a problem with the installation?
-
@silence not as such, I was just a confidence check (to make sure that i've understood correctly) really before I pull my network apart and get the wrath of my wife lol
-
If the Netgear is just a modem and passing a public IP to the pfSense WAN then that is a good setup.
You might consider using a different subnet for the LAN since 192.168.1.X is very common. Much easier to change it now than some way down the road when you find it conflicts over a VPN or similar.Steve
-
@stephenw10
thanks, yes the netgear does just pass a public IP address to the Cisco. At the moment I it seems I can ping 8.8.8.8 from the pfSense box but not from the LAN. my clients can ping the LAN address but no further, no rules have been implemented - ie other than the interfaces I have done no configuration. -
The default firewall rules should pass traffic from LAN.
The default automatic outbound NAT rules should NAT it to the public IP but only if the WAN interface is defined with a gateway on it. It's a DHCP WAN connection yes?
Go to Firewall > NAT > Outbound NAT and make sire the automatic rules there look correct.
Steve
-
@stephenw10 yes its a DHCP connection for the WAN interface.
Looking at NAT under outbound its configured as:
Mode: Automatic rule generation
nothing under Mappings or Automatic rules -
Hmm, nothing under automatic rules there implies there is no gateway on WAN so pfSense has not added any. Except that should not normally be possible for a DHCP connection where the gateway is passed to it.
Check Status > Gateways
Check System > Routing > Gateways.
You should see a WAN_DHCP gateway and it should be the default.
Steve
-
Apart from that, what is the cisco router for?
Do you really need two routers? -
@stephenw10 my bad I rebooted the server and it appears the gateways are now showing. Done some further pinging from the pfsense server and I can ping the Lan interface on thr cisco side of things but not the vlan that my client is on.
I'm response to the router question its because I was utilising pfsense for its firewall capability and I'm using the cisco 4331 on my home lab setup so that I can play around with firewalls as I've had very little exposure to them other than checkpoint back in 1998
-
Do you have a route to the VLAN subnet via the Cisco? Assuming it's not NAT'd in the Cisco that is, otherwise you'd only expect to be able to connect the other way.
-
@stephenw10 i've not actually specified any routes on the cisco. I believe its utilizing NAT though as I have used the command ip NAT outside on the interface connected to the pfsense server. I'll do a bit more playing around on cisco side of the house :)
-
Ok, in that case pfSense would not be expected to be able to ping anything on that VLAN. It has no way to reach it.
-
@stephenw10 yeah thats what i thought, don't know why i didn't ping the whole route initially so apologies for that, i'll play on the cisco side now lol
