Basic NAT Firewall First Step with Belkin Router: F5D7231-4



  • Hi there, really am getting confused about what to do here.

    I have an old computer I want to use PF Sense on, I know this installs fine etc, but really finding this hard to understand, I will explain my current setup before I go on.

    I have a working computer, that I work on day to day, this is selecting its own IP say 192.168.0.2 right?

    This connects to a router with its DHCP server turned off (thats the belkin router in the description sorry).

    This then connect to my ISP via a modem with an ethernet cable going into the WAN port on the router that gives the network connection.

    As with this type of Belkin router, would I need to set this up as an access point? Just when I do I have to select a static IP address for it, say for now as its currently using 192.168.0.254, right at the end of the 24bit system.

    What is the best method for making my router the old PC please?

    I am struggling to get this working, but as you can tell probably I am very determined about this.

    Any helps appreciated, I dont want anything complex for now just so's I can get this working.

    Thanks and I look foward to any replies (apologies as I suspect this has been asked of before, if so please refer me to the appropriate thread).

    Jeremy.



  • First off, if you use this computer daily when you turn it into a pfSense host, what are you going to use instead?

    Very simply, you'd be replacing your existing Belkin with the pfSense host.  That means that it needs to have 2 network interfaces - one for connecting to the ISP's modem and one for connecting to your other devices. A default install should be functional for you, though it may not have wireless support if your PC doesn't have a wireless card.  In that case you may want to look at re-purposing your Belkin as an access point.



  • @Cry:

    First off, if you use this computer daily when you turn it into a pfSense host, what are you going to use instead?

    Very simply, you'd be replacing your existing Belkin with the pfSense host.  That means that it needs to have 2 network interfaces - one for connecting to the ISP's modem and one for connecting to your other devices. A default install should be functional for you, though it may not have wireless support if your PC doesn't have a wireless card.  In that case you may want to look at re-purposing your Belkin as an access point.

    No I dont think your understanding what I am trying to say, or maybe I didnt make it quite as clear as I should have (which ever I do apologise I was very tired last night).

    Let me start off with by saying that this computer I am setting up PF Sense on (or want to rather), is incapable of running Windows XP (to make it a pleasant experience), as it barely has the min amount of RAM, this is a really old Celeron processor with 1Ghz clock speed processor, this already has 2 network ethernet cards NIC's.

    My working software projects machine is a 2.4Ghz dual core Athlon +4400, with 4GB of ram, runs both Windows (infact 2 versions of it), then a Centos Client to the server below as my fileshare for projects for clients, (as I have a server setup, but I also do some Linux software development also), this as does the below, plugs directly into the router, as it as at the moment, where the router is the NAT firewall etc.

    The server is an old DC7100 HP computer, this is going to be my fileshare system, using it primarily for my webserver applications (as I used to be a web developer and want this to be operating on a static IP, which ever network configs I decide upon on a later date etc), this will plug directly into the router as a static IP on the dhcp server in PF sense, or at least want it to!

    Sorry I am no expert (though am getting significantly better with sysadmin over time), but as my routers config menu suggests, I go to the web page for my Belkin router (forget PF Sense for now please).

    When I go to set the Belkin router up as an access point (so it wont be a router as of when I turn it into an access point), it asks me for an IP address for it, as a node as such wouldnt it?

    Would I need to then get PF Sense to use that IP address for the gateway? I mean this is the part I am finding confusing as its just not simply working, I believe this to be the large part of why the configs I have been going through (done network management at University but when it comes to actually setting this sort of stuff up, I find it very confusing).

    Thanks and I look foward to your reply in advance (should be really interesting to see if I can get this working!),
    Jeremy.



  • When you turn the Belkin router into an access point it is no longer a router. You'll simply connect a single cable from it to your LAN and wireless clients will use it to access your network (and from it the Internet).

    Your pfSense host will be the one that is then connected to your ISP and your LAN.  To put in simple diagram terms:

    Now:
    Internet <–--> Belkin <----> Wired LAN
                      ^
                      |--------> Wireless LAN

    With pfSense:
    Internet <–--> pfSense <----> Wired LAN
                                    ^
                                    |
                                    v
                                  Belkin <----> Wireless LAN



  • The problem I am having though I believe to be that the dhcp server in pfSense is trying to give the router an IP address of say I don't know say 192.168.1.2 say right?

    But then the Belkin router, when you set it up as an access point to make it a switch (as I understand it, no longer a router but a switch), is you must give it an IP address as per its configuration settings.

    I have seen this in the dhcp server activity in the pfSense system, but its conflicting I think.

    (I wont be concerned with wifi at this point in time at all, as the only wifi I use is my phones, but I dont mind using my networks one, then I can work out how to do the wifi for the connection at a later date, once I have the wired solution sorted, one step at a time lol)

    I have even tried not entering anything in this and it won't accept the input for that setting (in the access point settings for the Belkin router that is), so would I have to set this node (as that's what the switch will be won't it?) a static IP address from pfSense's dhcp server?

    Like input the MAC address of switch then allocate it say the switch IP of say 192.168.1.254 (or which ever IP address I gave the switch when I changed it to an access point?)

    Any helps appreciated,
    Jeremy.



  • Give the Belkin an IP address outside of the DHCP range from pfSense, there there shouldn't be a problem. Of course, you don't say what you think the DHCP server in pfSense is conflicting with.

    Just note that you may find that the Belkin is just an access point, and not a switch. How each model behaves is different - some models work as switches, some disable all but their WAN interface (and use the WAN interface to connect to the LAN).

    In your case, given that you say you don't want to make much use of DHCP, I'd suggest you:

    a) Allocate 10.200.187.1/24 to the pfSense LAN interface
    b) Configure 10.200.187.200 to 10.200.187.250 for your DHCP range
    c) Allocate 10.200.187.254 to the Belkin

    That will leave you 10.200.187.2 through 10.200.187.199 for static allocation.



  • Ok thats great will see how that works.

    But before I even attempt this, sorry not to ignore what you have helped me with you 2, really appreciate the replies of you going through this with me.

    Aparently these brand of Belkin routers are a pain in the backside for setting up the way I want it to, so what I am suggesting I should do for now.

    Is get it working ex the switch at all, no port hub at all for now (just my net connection, my pfsense firewall on my old PC, my decent machine and no hub or switch), get that working basically first, install it to the HD right?

    Then I will try a few settings on getting it working with the router later on, a few hours later, see how it fairs.

    I mean I am probably going for the end result at the start, which in my experience with Software development is going to be a real pain in the backside again lol.

    I mean I always try something out once I have developed a feature of a software and then try it out and then go and see what happens if it goes wrong and find a way of fixing it, so setting up the new PC based router asif it was connecting to the Belkin router, trying a no of configurations to try and get this working and post back my results.

    Should be really interesting.

    Thanks
    Jeremy



  • Ok I cannot get this working must be because Belkins routers arent very good or this series of routers is useless as a switch.

    Ok so is there any good purpose switches I can use on a strict budget please?

    I was wondering if it would be possible to use WifFi with this also?

    I just dont see the point in wasting your time or mine for that matter with a problem that simply will not work.

    I thank you massively for your replies and look forward to any replies in advance.

    Bearing in mind that I live in the UK, so a switch would have to be in the UK.

    Thanks again,
    Jeremy.



  • There are no shortage of cheap unmanaged switches out there, just use your favourite computer store. PCWorld or Maplin stock plenty of them, or you can get them online from the likes of Dabs.com, Amazon.co.uk etc. Just don't pay more than £40 for an unmanaged 5 port Gbit switch - or get a RouterBoard 250GS managed switch for about £30.

    As I said, putting many wireless routers into AP mode often disables the switch function. That said, you don't have to do anything fancy to turn the Belkin into an AP, just configure it's LAN IP, disable DHCP in it and don't plug a cable into the WAN port. That'll work. You could even install DD-WRT onto it to make it easy to turn into an access point and keep the switch function.

    There's nothing particularly impossible in what you're trying to do. I use a separate WiFi access point (a D-Link DIR-825) with a switch and pfSense (well, I did before my pfSense box died). Even your Belkin can be put into AP mode with a little effort



  • I will just go for that one in the link you put.

    I am really not fussed at all, should be interesting to try to have to use my existing router (whether it be a switch or whatever to actually use for my wifi soley).

    Hmmm just an idea.

    But I will see how much money I can actually afford to pay, yes £30 was going to be around about my max, £40 is definately my max budget for this sort of stuff (I didn't like having to pay £79 for my new refurb computer but its working impressively well, for what I had before, very little in the space of memory), that is what I am going to be using for PF sense as I have stated on this thread.

    The new ones really good, means I can use Centos 5.5 (what I was ideally wanting soo much! as allot of things I had to get around or fiddle with to get things working, now its just direct and straightforward).

    Will assess how much I have to spend this month and just buy it.

    Thanks,
    Jeremy.



  • I have just discovered this in my Belkin node (not to give it a type of network device, as I find that just A confuses you the most lol).

    But I came across this when using my Belkin router (as a router as it where).

    In connection type (ultimately what would be for the Internet right?)

    Usually when I go for virgin media's connection it will always be dynamic, but wouldnt it be static if it was using the dhcp server from my new gateway with pf sense controlling it?

    Therefore, if I go into that and set these:

    To enter your Static IP settings, type in your information below and click "Apply changes". More Info

    IP Address >

    . . .

    Subnet Mask >

    . . .

    ISP Gateway Address >

    What would I put in the above fields?

    Might just work, if I think about this logically.

    Just wanted to give this at least 1 more stab just to see if I can get this working, dont want to fork out extra money and find out I could have done this with what I already have, save some money so to speak.

    Any helps appreciated.

    Jeremy


Locked