Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Quick questions about ip ranges and pfsense

    Scheduled Pinned Locked Moved Firewalling
    3 Posts 2 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      j0emv
      last edited by

      For the life of me I cant figure out how to get IP ranges working for firewall rules.  Basically, i'm using m0n0wall in front of a Citrix server because the old firewall we had died (Sonicwall).  Its been working great, much better than the Sonicwall actually.

      So basically we rule out Citrix users by static IP addresses.  We allow some users to specify a small range of IP addresses but most of our users provide us with 1 static IP.  For the users that provide us with ranges, I cant figure out how that works.  I've read up on CIDR and tested it with one of our users that has a range and it just doesnt work for some reason.  Does anyone know if i'm doing it right?  I went in and created a new rule, I specify the source to be a Network, enter the CIDR and the starting address, correct?  Maybe i'm not doing the CIDR calculations correct but for this particular range everything I come up with says it's correct, yet the user still wasnt able to login until I changed it to his current IP within that range and he was about to log right in.

      Also, i'm wondering if I would be able to import a m0n0wall backup into pfsense?  Basically once i'm done configuring the m0n0wall the way we want, i'm then gonna switch over to pfsense.  I figure since pfsense is so closely related to m0n0wall that could work?

      Thanks guys!

      1 Reply Last reply Reply Quote 0
      • H
        hoba
        last edited by

        Maybe a subnetcalculator can help you like http://www.subnet-calculator.com/ (you need the subnet ID in the rules).

        Btw, you might want to move to pfSense before completely configuring this in m0n0. pfSense features hosts (group of hosts) and networks (group of networks) aliases. By using this you can reduce your rules to just 2 firewallrules for what you mentioned.

        You can import a m0n0 config. Most items will be applied, however some items will be skipped (like traffic shaper) as they are completely different from m0n0.

        1 Reply Last reply Reply Quote 0
        • J
          j0emv
          last edited by

          Ok I know this is a late response but I figured out why the CIDR masks werent working.  It was because the users werent giving me the correct ranges or subnet masks so I was using the wrong CIDR masks.  I just tested it with our range and it works great.  I'll be moving us to pfsense in the next few weeks as a permanent solution.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.