Basic Network Topology for Newbie
-
Hi All,
I'm a PC 'Hobbist' and would like to set up a VPN server at my home mostly for the fun and challenge of it and to allow me to connect to my internal network to Remote Desktop to my PCs.
I successfully installed pfSense using 2 NICs without any trouble but don't really understand how all my network parts and pieces should be connected. At this time I don't have the new server connected and have not done any configuration to set any rules. (Those questions will no doubt be in future posts …)
I've attached a .JPG of what my new topology might look like along with some questions I'm hoping someone can help me with.
I currently have a cable modem from my ISP which is attached to the WAN port on my USRobotics 5461 router.
The router is currently my DHCP server and it also has a built-in wireless access point that I'm using.
One of the LAN ports on the router is connected to a 16 port Netgear switch and all my PCs are plugged into the switch. I have a few wireless devices connecting through the wireless access point on the router.
Everything works pretty well in this configuration but now I need to insert the new pfSense server somewhere in here.
Here are some of my initial questions around how to connect everything:
-
Will the pfSense server become my DHCP server for my LAN connected PCs ?
-
Can I use the built-in wireless point inside my LAN as I do today ? If so, how should I set it up ?
-
What is the next step after I get things properly connected ?
Thanks in advance for any help.
Jay
 -
-
Its is not clear to me why you have a pfSense. Do you want it to be your VPN server? Do you want the additional security of a firewall? Something else?
Will the pfSense server become my DHCP server for my LAN connected PCs ?
If you want it to.
Can I use the built-in wireless point inside my LAN as I do today ? If so, how should I set it up ?
Probably (don't know the capabilities of your router). For setup, see your router manual/documentation.
Another option worth considering, is to get a suitable wireless interface and use your pfSense box as the access point so you have one less box to configure and manage.
What is the next step after I get things properly connected ?
Use it :) Depends what you want it to do.
-
ok Im gonna be straight forward on this and some what blunt but you wish to learn so I will teach you :)
your connection set up is good, but on your wireless router dump the DHCP junk, let the PFSense box deal with that, set the router to be a wireless AP (access Point), if you have a wireless nic already in the PF box that is fine but the wireless router set to AP mode will work a bit better IMO…but that depends on where you want to use it and if you need to cover a large area (if large enough you may want both the PFbox with the wireless nic and the wireless AP to provide the coverage you need)
other then that your diagram seems to be good to go...
as for using PFsence to serve DHCP no you really don't have to but it would make you life that much simpler
as for the three nics, I have two on my box and its just fine, my wireless AP is on a switch and fits my needs perfictly
as for the correct "way" as long as your network has the modem as the starting piece to the interwebs your good, but most common set up is similar to the following
__wireless AP (usually off the device located here)
/
/
modem -> router/PFbox/DHCP -> switch/hub/router (non-DHCP) -> your other equipment (switche(s), PC, ect) -
ok Im gonna be straight forward on this and some what blunt but you wish to learn so I will teach you :)
your connection set up is good, but on your wireless router dump the DHCP junk, let the PFSense box deal with that, set the router to be a wireless AP (access Point), if you have a wireless nic already in the PF box that is fine but the wireless router set to AP mode will work a bit better IMO…but that depends on where you want to use it and if you need to cover a large area (if large enough you may want both the PFbox with the wireless nic and the wireless AP to provide the coverage you need)
other then that your diagram seems to be good to go...
as for using PFsence to serve DHCP no you really don't have to but it would make you life that much simpler
as for the three nics, I have two on my box and its just fine, my wireless AP is on a switch and fits my needs perfictly
Haaa !!! You call that blunt !!! ? :)
Thanks for the quick reply and sharing your knowledge Jaime.
I went ahead and connected the new pfSense server pretty much as you suggested. It's now acting as both my Firewall and my DHCP Server. My original router is now plugged directly into the 16 port switch and is only functioning as a wireless point.
I wasn't sure what IP address I was supposed to assign the wireless router internally so I set it to a static address on the same subnet as my pfSense server at a address above the 192.168.1.245 default range I found in the pfSense Web configuration file. (The wireless point is set to 192.168.1.250 but I haven't had a chance to verify it's working yet.)
I left the default firewall settings 'as-is' and was able to connect to my local network and get out to the Internet without any problems. (Actually, www.speedtest.net was able to do the 'Download' test successfully but 3 out of 4 times it gave an error when trying to load the file to do the 'Upload' test. Not sure if it was due to my PC, pfSense, or their website. Will do some more test tonight.)
Just before I finished for the night I decided to try a quick attempt at getting the VPN going. I intend to eventually install and configure OpenVPN but for this test I just poked around the menues and enabled 'PPTP' and created an account. Not sure if it was necessary or if I did it correctly but I also made some type of 'Rule' change to allow PPTP.
Whatever I did, I was able to successfully connect to the VPN using both my TREO smart phone running Windows Mobile and from my work PC running Windows XP.
Questions
-
Are the default firewall settings generally a good secure starting point or are there some items I should immediate change to protect my system ?
-
At some point in one of the configuration files I had to assign an IP Address to some internal server. (It was late and I don't recall the name it used.) It would not allow me to enter 192.168.1.1 stating this was the address of my pfSense server. I wasn't sure what it was looking for so I assigned it 192.168.1.100. Do you know what it was looking for and what I should have assigned it ?
Thanks again for your help.
Jay
-
-
I ment "blunt" as in "straight to the point" lol…but yea your AP will need to be a different IP which you already did, and as long as its on the same subnet it should be just fine (been working with my AP in same set up and its still goin)
default settings should be fine for you but I personally set my firewalls up to block (deny) every thing then I usually will poke holes in the firewall for what I need...that way I got more control on things lol...as for that server that may have been the DHCP you set up but im not 100% sure but maybe another person here will shed light on that :)
-
I ment "blunt" as in "straight to the point" lol…but yea your AP will need to be a different IP which you already did, and as long as its on the same subnet it should be just fine (been working with my AP in same set up and its still goin)
default settings should be fine for you but I personally set my firewalls up to block (deny) every thing then I usually will poke holes in the firewall for what I need...that way I got more control on things lol...as for that server that may have been the DHCP you set up but im not 100% sure but maybe another person here will shed light on that :)
Thanks again for your help jaime.
I finally got a chance to test my wireless point last night and it's working great. I also logged into the speedtest website from a different computer and everything worked correctly so assuming the problem I mentioned was either my other PC or their website that night.
I went back into the configuration file I had questions about. It was the VPN PPTP Configuration area and there were a few options regarding 'Enable PPTP server' and assigning a server address. I am able to establish a VPN connection from both inside and outside my home network. I can also Remote Desktop to one of my computers from inside my network. However, I haven't been able to do this from outside.
Still not sure what to do here but will read up on this and post any questions under a new topic.
Have to say, this whole thing is very impressive ! The extremely powerful software, the GUI interface, and the documentation and the support the forum members provide. Very cool.
Have a gooder.
Jay
-
glad I could help out!