Haiti emergency



  • I am in charge of setting up the network/communications system for one of the main medical team coordination centers in Port-au-Prince, Haiti. We only have Linksys wireless access point routers available at the moment and are having great difficulty with stability. I would like to know if it is possible to set up pfSense to handle 4 Internet connections. If possible this would allow us to segregate the various users of the system and also monitor the use of this critical bandwidth limited resourse. Then, if it is possible, could someone assist in setting it up. I have set up a couple of simple pfSense systems and we have a slightly older server available which has either 5 or 6 PCI slots available. Any assistance would be greatly appreciated in this emergency situation.
    David Farquharson



  • yes, it has multi wan capabilities.
    define assist: remotely or in person?



  • Remotely. Both myself and Sean Blesh have all the necessary abilities but we don't have ANY time to experiment. We have several thousand people per day dieing because they are not getting the correct medical attention in time. Every time we have a network glitch we lose total Internet connection until we get it up again and the frustration is absolutely intense



  • are the aps using the same Internet connection?
    what type of Interenet connection?



  • We have a 2 megabit iDirect satellite link with 5 IP addresses. WE have a need to use 4 seperate connections - 1) Quisqueya Christian School Earthquake center 2) Crisis Response International center 3) & 4) 'Pulic' access frm 2 seperate areas for use of the medical personnel when they are on campus (particularly in the evening when they come in from the various operating theaters. We have approximately 2 dozen computers and half a dozen IP phones hooked up semipermanently plus up to a hundred or so laptops, Iphones, Blackberries, etc in simultaneous use in the public areas. Mostly they are used for communications of all sorts but htere is some data gathering and mapping going on. All of this changes as we progress into this disaster.



  • easiest would be to use 1 ip and 1 wan connection and have 4 seperate "LANs" that way each LAN is seperate (cant see eachother) from one another yet they all share the same connection. does this work? or is using 4/5 ips a requirement as well?



  • We have only one wire hooking the various sectors of the campus, and don't have the time or energy to run more of that. We have all been running on 2 to 4 hours sleep per night for 12 days now, with no end in sight. In order to run seperate LANS we need seperate routers which is what we have been doing so far, but the traffic is completely overloading the 'home' type routers we have available. We have put in an order for some Cisco routers but do not know how long it will take for anything to arrive. We could set up a pfSense box immediately (have a lightly older server with 5 or 6 free PCI slots and lots of network cards). pfSense would also solve our problems with traffic shaping, filtering and monitoring



  • pf would be the router, meaning it would if you wanted replace the "home" routers.

    pf would seperate the different lans. i currently have a pf install seperating 4 LANs, its the router for all 4, all 4 have INternet access but only a 1 can access all LANs and 2 can access each other, the 4th can access Internet only.



  • What we need is for the LANs to be seperated (could combine the 2 'public' ones fairly easily, but we would want all of them to have Internet access. All these LANS come in on the same wire so my idea is to use the multiple IPs we have available from the iDirect a seperate Gateways for each of the areas. One NIC for each gateway in the server and a seperate router for each handing out DHCP for that LAN. We have enough decent 24 port switches available to handle any sort of complexity needed there.

    The main advantages of the pfSense solution is that we could set it up immediately and it would give us an immediate handle on the traffic flow. We would initially use the small Linksys - Dlink routers we have. The load on each would be lessened so they would not heat up so badly, and if one does lock up it would only take out that segment. The only single point of failure would be the pfSense box and both the hardware and software are of the most reliable tye. Then when the Cisco routers arrive they can be programmed, tested and do a one minute swap for the home units.



  • LANs would still  be seperated using pf with 1 public IP. its also easier to set up 1 WAN connection to 4 LAN connections and would  be up the fastest.

    set it up to have 1 WAN and 4 LANs set each connection to the type you want, enable them all set them up so that it does what you want (DHCP,DNS, etc) then just pass some rules on each interface so that they have Internet  access only, but cant touch the pf box to mess with its settings, should be up and running in 15-30 min.



  • If you say so then I'll believe you. But I would still need help in configuring it as our time is critical. Would you be available to assist in that task tomorrow. I'm at home right now, supposed to be getting some rest. What version should I download (I think I already have 1.2.2, 1.2.3 and a Dec31 version of 2 Beta already on CD)



  • if its as critical as you say, dont use 2.0 its still in beta, use 1.2.3 its the current stable release.

    what time tomorrow? I think you are 2 hours ahead of me. I am MST



  • I expect to get down there between 6:30 and 7 AM but road conditions and traffic are even more unpredictable than usual. We are on Eastern Standart Time at the moment
    I'll be there all day
    My Skpe ID is dfarquharson and I try to monitor that as often as possible as I'm also an amateur radio op
    (just had about a 10 second shaking - but Idon't think it was over about a 2.5)
    operator and am in contact with the emergency net controllers through skype more often than on the radio.



  • get 1.2.3 its the most stable, will contact you via skype &/or your email tomorrow with a time frame that i will be availalbe (probably in the afternoon)



  • Hi!  Mr. Farquharson,
    I can tell you from my experience with pfSense it is the simplest and yet powerful routing/server setup available.  I will say that if you have a box that isn't too old, then you will be set.  I would recommend that you start off installing 1.2.2, from my experience it has been the most reliable overall, but have the 1.2.3 cdrom available just in case you have issues.  You'll need enough network adapters for each of the separate networks on hand, just in case, wifi or ethernet.  I don't know how the school campus network is setup, but if you happen to have any older linksys routers (they have a list of supported brand/model routers on their site) you might want to consider checking out www.dd-wrt.com and see if they can be flashed to use that firmware; it's more robust and reliable, and you can set them up as repeaters for where you don't have time to run wires.  I'll try to monitor the forums and see if there is anyway that I can help too.
    You should have quick success.  I wish there was a way for me to come and help, but having a family and job makes it hard.  I still remember being in your wife's 5th grade class.
    My prayers are with you all.



  • Would you have any use for a 24 and 48 port VLAN capable 10/100/100 switch?  Two Cisco 1231ag access points?  PCI NICs?  Cables of any kind?  Two 1u Dell 1750 servers (dual xeon 2.8, 2gb ram)?  Anything else?  I can put together a care package today and get it sent out today, although I have no idea how quick 'overnight' would actually be.



  • Let us know if you need any spare equipment you might need. I would be willing to overnight some items to you if needed. I have an Extra Linksys router/AP. I have an extra computer with linux and some extra HDD's for other computers.



  • Hey dfarquharson,

    Did it work out OK? Would be nice to get some feedback on system used, obstacles, etc…if you're still around...


Log in to reply