cyberstudent with basic questions about interface configurations
-
hey guys im lost and my professors aren't helping me cause i dont think they know pfsense. I have a appliancet and am trying different configurations and need help. I tried figuring out by researching but ive hit a brick wall cause i cant grasp the terminology because of the way its being taught to me. This post could be a mile long so ill try to keep short questions as the network I'm trying to configure is really complicated to me.
for now the appliance Ive got the WAN interface set to dhcp and LAN interface set to static ipv4 with an address of 20.20.17.10.
ok that network works fine.NOW
What happens if i enable OPT1 interface and set the IPv4 configuration type to "none" and plug into it an ubiquity edge router x with a network already attached to it? will it act as a straight through from my modem?
No communication needed or wanted to communicate with the LAN interface, by the way.
I guess i'm trying to configure it like my modem had two WAN outputs and i wanted one to go into my appliance with pfsense and the other port to the ubuiquite edge router x.is that possible? and am i on the right track on how to configure the pfsense interfaces?
or do i have assign it a static and add a gateway? -
I doubt anything will pass through pfSense, as you haven't enabled anything. BTW, I don't know about yours, but my cable modem supports 2 separate connections. I have pfSense connected and occasionally plug in my laptop directly into the modem.
-
thanks for the reply, my modem only has one output. :(
so if i enabled it on pfsense what would happen?
sorry i should have said its a "before i try it what would happen question".
So lets say its enables and saved...what then? (OPT1 interface) -
@cyberstudentnewbie said in cyberstudent with basic questions about interface configurations:
What happens if i enable OPT1 interface and set the IPv4 configuration type to "none" and plug into it an ubiquity edge router x with a network already attached to it? will it act as a straight through from my modem?
No. It will do nothing at all if you just set it to 'none' and do not bridge it.
Is your 'modem' actually a router? Is the pfSense WAN receiving a public IP address from the ISP directly or a private IP address from the 'modem'?
If pfSense is receiving a public IP from the ISP it's likely you would need to add the OPT interface as a new subnet and route to it because the ISP probably won't give you more than one IP address.
If it's coming from the modem then that restriction won't exist so you could bridge OPT to WAN. Generally it's better to avoid bridges if you can. But as a learning exercise it could be useful.
20.20.17.10 is a public IP address that you should not use internally like that. You should choose a subnet from one of the private IP address ranges available.
https://docs.netgate.com/pfsense/en/latest/network/addresses.htmlSteve
-
@stephenw10
the modem is just a plain old cable modem. i wanted to learn component to component.
i think the wan is recieving a public address from the modem as my public address is listed on the pfsense console next to "wan". this pic is of my vm but where it says 10.0.2.15 it has my public ip address. See pic
So in order to "bridge OPT1 to WAN" what setting do do i put in the ipv4 configuration) ?
-
@cyberstudentnewbie
sorry i got it reversed...
I am getting it directly from the ISP which means i would need to create a new subnet and route to it.
So that means i just set up a static ip adress for the OPT and set that address in my ubiquity edge router x as my gateway? -
Yes exactly just create a new subnet for the OPT interface and use that for the Ubiquity gateway.
Note there are no firewall rules added automatically on a new interface so you have to add appropriate rules yourself before you will see any connectivity.
-
@stephenw10
thanks for the help!
When you say connectivity...do you mean internet connectivity? -
I mean any connectivity. There will be no pass rules on the OPT interface by default so all traffic coming into it will be dropped.
-
You probably want rules something like:
That would still alllow hosts on OPT1 to access the firewall itself (webgui, ssh, ntp, dns etc) so you might want to also block or reject that.
-
@stephenw10
Oh great.. okay ill try to figure out how to write rules...
So two more questions to confirm....
On the ubiquity router i can keep the dhcp enabled on it since it will be a different broadcast subnet ?
Is the config on the picture below correct for OPT1?
And i use the gateway ip 168.45.19.20 for the ubuiquity or the static ip 192.168.50.20?
-
You should not have a gateway set on the pfSense OPT1 interface. You would normally only ever set a gateway on WAN interfaces.
The ubiquity should use the pfSense OPT1 interface IP address as it's gateway, so
192.168.50.20. -
@stephenw10
thank you for the rules!!!
havent wrote any yet ever...
Firewall class next semester.
Thanks!
awesome..ill fix it and try it out! -
Ah also you'll need to uncheck 'Block private networks' there. All traffic entering OPT1 will come from a private subnet. That's also a setting you' only use on a WAN.
-
-
The server or the client?
The ubiquity would still need to run a DHCP server for the client devices behind it. The pfSense DHCP server is not in the same layer2 segment so it would not see any requests from those clients.
The ubiquity WAN can be configured statically so no dhcp client needs to be run there.
-
@stephenw10
okay ill give it a shot...
a thousand thanks.. -
When I was doing my AA in cyber security and our Professor fully covered pfSense, plus Palo Alto have you done your firewall class yet? I would recommend you take that class next semester
-
@JonathanLee
Oh that's great to hear! I just registered for it.
Maybe with my limited experience so far with Pfsense and my experimenting will make it a little easier for me to understand.
I pray my professor will be capable of answering specific questions as my current ones are not. I like researching things on my own, but why cant they answer simple questions that i ask? If they knew the answers they would happily explain as have professors i had a couple semesters ago. It doesn't help that they have their Doctorates in education instead of computer science. :( -
If you have somewhere "60" minutes left : Sending digital information over a wire.
When finish watching the 13 episodes, let it sink in for a while. Then, when needed, get back to each of them (this is called the learning phase).
In the nineties, last century, knowing all that, it would have brought you close to a "network engineering degree". These days : it's just "network basics" but as it is used by one of world's most widely used infrastructures, known as the Internet, it should be made mandatory knowledge - IMHO. After all, all it takes is is just a couple of hours .....edit : if you can follow the Eater guy, look at his other other videos : he made a fully working "micro" (maxi ?!) processor using just off the shelves old school TTL chips (each less the a $). You can even make your own ! "Look, Mam, I execute my own micro code !"
Now you have enough knowledge to start to understand what's going on in a I9Intel core. And yes, things are as easy as he showed it.
