Can pfSense help me do this?



  • Hi Guys/Girls.
    I'm new to pfSense, I've read a lot regarding the can's and cant's… but I still have a couple of questions... I’m hoping someone would be kind enough to help.

    Background
    I have two networks, two servers and two set of switches and 2 ADSL links.
    Lan 1 Staff. 
    Lan 2 Students.

    [I}Server Setup[/I]
    Both servers have run windows 2003 R2, both have two network cards.  Network Card A, goes to ADSL link, Network Card B, goes to internal LAN.  Using a basic firewall (routing and remote access) which allows PCAnywhere, VNC and VPN in on both LAN 1 and LAN2.

    Both servers provide users with DHCP/DNS/File share/Print share/Internet.

    **Requirements
    I am currently looking to get a 2Mb upload/download connection, however all providers only offer me with 1 RJ45 connection (as you can see I need two from above).  Unfortunately the cost is too high to purchase two links.

    I need pfSense to split the 2mb link into two so;

    I am able to limit Internet access to LAN2, stop access to streaming, adult content, etc.  Look at reports showing me who is accessing what, using Windows Active Directory (if possible).

    LAN1, need to limit access to some sites and content, but provide priority to three external website, again control by Active directory if possible.

    Wifi will be provided to LAN1 via MAC address and if possible Active Directory for authentication.
    Wifi will be provided to LAN2 via Key and maybe Active Directory.

    Allow LAN1 – VPN, PCAnywhere and VNC access
    Allow LAN2 – PCAnywhere and VNC access.

    Can someone be kind enough to let me know how this can be done with pfSense if at all.
    Many thanks for your help,
    NotSoSmart ;)**



  • Mostly, you can do what you want with pfSense.

    *) Splitting the bandwidth:  traffic shaper

    *) Monitoring content: yes, packages available to do that

    *) Who's accessing what tied to Active Directory:  I don't think so.

    *) Wifi via MAC address: MAC addresses are trivial to change, so access via MAC address is about as effective a security strategy as posting signs saying "Please don't hack me"

    *) Other Wifi stuff: Yeah, you can do Radius authentication to an Active Directory

    *) PCAnywhere from out in the Internet - yes, you'll probably want to look at OpenVPN

    For more details, RTFM.  (Or spend some time reading the individual tech forums (EG: OpenVPN, Traffic Shaper, etc)

    Good luck.


Locked