Network config help



  • Now i finally boot my pfsense is time to make network config!And…..Nothing is working! :P
    here is a drawing of my network:
    ROUTER–---------------FIREWALL–---------------SWITCH–---------------PC1
                                                                                  |–------------------PC2
    And now i have this problems?What is lan and what is wan?Differences?
    Router
    My router has 192.168.1.1
    PfSense
    My wan(dhcp) has 192.168.1.100 –-------> em0
    My lan has 192.168.1.49 with netmask 255.255.255.0 ---------> rl0
    My Computer (pc1)
    My pc1 has 192.168.1.4 with netmask 255.255.255.0 –-------> re0

    On boot pfsense shows em0 active but rl0 no carrier and interface is down!And no webgui,internet,etc.
    What i am doing wrong?Really networking is one of the things that are really to hard for me to understand :(



  • @sk8harddiefast:

    My wan(dhcp) has 192.168.1.100 –-------> em0
    My lan has 192.168.1.49 with netmask 255.255.255.0 ---------> rl0

    You need to have the WAN and LAN on different subnets.

    Where is the lan getting it's address from.  Try running the lan as 10.0.0.x.

    Cheers.



  • 10.0.0.5/16 or 10.0.0.5/24?



  • /24 unless you expect to have more than 254 devices on it.



  • Worked and now i have wegui!
    BUT NO INTERNET CONNECTION YET :(
    Why?All seems to be fine :(



  • On pfSense box you get a ping response from the router?

    You can access the router's web GUI (if it has one)? That says the internet link is up?



  • What firewall rules do you have?

    Did you configure the default gateway in the pfSense server (192.168.1.1 based on your first post)?



  • default gateway in the pfSense is changed on 192.168.0.102 because conflicts with default gateway of my router (192.168.1.1)
    No.I cannot ping my router from my pc but em0 is up



  • Set gateway to your router.  192.168.1.1

    :P



  • My router's gateway is 192.168.1.1 by default!



  • Gateway = the address your client product is to go to for its internet (outside of your lan)

    If your router is pointed at itself then you will never get internet…

    Then WAN port of your pfSense box should be in the subnet of your router and show your router as its gateway.

    Your router should point at your ISP gateway.

    What is your routers lan address?  That is the gateway your pfSense box should point at.



  • you mean dns?my dns is 195.170.0.1
    My router 192.168.1.1
    my em0 192.168.1.102 (dhcp)
    my rl0 192.168.1.49
    my re0 (pc1) 192.168.1.4
    router–----------X–----------em0–-rl0–----------------------re0
                             |
                             |–------------here is the problem.Between router & em0

    there is connection on rl0 & re0 because i can get webgui on my pc.
    But when i write 192.168.1.1 i cannot get into my router!That means that between router & em0 there is no connection :(
    Also no internet :(

    But on pfsense i see dns & routers ip 192.168.1.1 both of them!
    I must change dns to 195.170.0.1.Write?
    Sorry but i dont know a lot of things about networks :(



  • could be a double natting issue.
    do you need the router before pfsense or can you get rid of it?



  • Is impossible.I have ADSL.My phone line go to phone and to router with a split!So no router,no Internet!

    ISP–--------phone/internet----------MYHOME–--------phone/internet----------SPLIT–--------internet----------ROUTER–---------->[…]
                                                                                                                       |–--------phone----------PHONE



  • my em0 192.168.1.102 (dhcp)
    my rl0 192.168.1.49
    my re0 (pc1) 192.168.1.4

    These are all on the same subnet.

    If your pfSense box is not bridged…  and if you dont know what I mean its not...  this wont work.

    You may be able to put your modem in bridge mode and set up your pfSense box for pppoe on the em0 interface...



  • i try that.Also i enable pppoe.Didn't work :(
    But on interfaces wan say that has ip address  is 85.73.174.114,default gateway 192.168.1.1 & dns 195.170.0.1
    when i try to login into modem (192.168.1.1) something is going to do but finally is not login



  • OK but

    You can not share any address in the same subnet on both the wan and the lan of the pfSense box…

    192.168.1.1 - 192.168.1.254

    You have not posted that you have fixed that yet.

    Good Luck!



  • so i must change subnet mask?But on witch of 2 interfaces? on rl0 or on em0?



  • On both rl0 and em0.  At the moment you're using the same subnet on every interface.

    Change rl0 to 172.30.1.0/24 and em0 to 172.30.2.0/24.



  • ok.I made changes but now i have not even webgui :(
    On my firewall machine it says:
    LAN*    –-> rl0 --->  172.30.1.0
    WAN*  ---> em0 --->  172.30.2.0
    on browser i am going to get into  172.30.2.0 but is not responding at all :(
    Also both of them are /24



  • Then change it for re0.



  • As I've watched this thread develop it seems to me that you (sk8harddiefast) don't yet have the necessary knowledge to be trying to configure your pfSense box and I haven't yet fully decided whether my time would be better spent searching for a suitable article to point you to OR writing up something myself. I'm currently leaning towards a hybrid approach.

    I suggest you read http://en.wikipedia.org/wiki/IP_address and http://en.wikipedia.org/wiki/Subnetwork ignoring anything relating to IP v6. It would probably also be worthwhile reading some of the linked papers and articles especially http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800a67f5.shtml (IP Addressing and Subnetting for New Users).

    Then: configure your pfSense box so every interface is on a distinct subnetwork. Then configure your client systems to get their IP address and default gateway from the pfSense system (DHCP). Then configure DHCP server on each pfSense interface (except WAN) interface. Then restart client systems.

    If you get that much done correctly the client on your LAN interface should be able to access the internet (unless there are configuration problems in your modem). Then we can discuss what you want to do with clients on other interfaces.



  • My knowledge about networking is really low.I know some things on theory and practical simple things just what is dhcp,How to config network on my bsd machine or connect 2 computers together.The reason i start pfsense is because i want to learn about firewalls,networks and because i really like pfsense and more general because i like computers very much and allways trying to learn more things setting projects on my self.Is not only to set up a firewall.Is to learn from this experience.But is really to hard for me to understand all this at this point.So to read some things before i start,i think is really good idea :)
    Thanks for the urls.I will start reading immediately :)

    George


Locked