Doing it all on same subnet?



  • Hello,
    I have been experimenting with PFSense and really enjoy the features.
    I have one DSL modem/router (to use as DSL only) with ip 192.168.2.1
    I have an older box with PFSense and three nics (one for DSL from modem, one for SBS 2003 and one for client XP Pro).
    I have one Small Business Server 2003 with one nic and 192.168.2.subnet.
    I have one client PC with XP Pro using SBS server as primary DNS (192.168.2.10).
    I have one dynamically assigned IP.
    What is the best solution to link it all up on the same 192.168.2.subnet?
    AND, to allow access to PFSense AND the DSL modem/router (two gateways) from the client?
    Right now. the server and client are linked and working flawlessly.
    Just wish to add the PFSense box to use as firewall/router.



  • Read about firewall bridge in docs.pfsense.com.


  • LAYER 8 Global Moderator

    'AND, to allow access to PFSense AND the DSL modem/router (two gateways) from the client?"

    Why? would you want this?

    If me, I would either just turn your current gateway into just a modem, bridge mode so that your pfsense could get a public IP on its wan interface.  Then buy a switch and plug the lan of pfsense into the switch = done.

    Now pfsense is you firewall/nat device.. If you want to firewall between devices then put them on different segments connected to your pfsense sure.

    But since you say you want everything on one segment you have no need of more than 2 interfaces on the pfsense box and a switch for other devices.  If you can not turn off the nat on your current dsl device, then you could use pfsense as a bridging firewall.


  • Netgate Administrator

    Why do you want it all on the same subnet?
    There is no need to use only one subnet you're just making things hard for yourself. pfSense will route between subnets so you would still have access from each one.
    If you just need access to the modem, to check it's connection speed for example, have a look here:
    http://doc.pfsense.org/index.php/Accessing_modem_from_inside_firewall#For_2.0

    Steve



  • Thanks for the response.
    The subnet on the sbs server and client is 192.168.2.subnet
    I have remote desktop configured and all works well.
    I want to have the sbs server configure ppoe and dhcp. Not PfSense.
    When I add the pfsense box, I must be able to change the ip from 192.168.1.1 to a 192.168.2.X.
    Why should this be so difficult?

    After doing this, I cannot access pfsense. It seems that pfsense wants to assign a 192.168.1.XXX to the server. I'm not sure what to do at this point. All works well with my original modem/router but not with PFsense.
    I have the sbs and client plugged into a 3com switch and can talk to each other. But, no internet access unless I allow Pfsense to take over and assign 192.168.1.XXX.
    I like PFsense features but it seems sooo difficult to set up the way that I need it to be.



  • what is pfsense's static ip-address?


  • Netgate Administrator

    You can set the pfSense LAN IP to be whatever you want it to be.
    You can disable the DHCP server in pfSense if you want to use the SBS box to do that instead or use static IP addresses.
    However you cannot normally have SBS server control the PPPoE connection. Doing this would mean that traffic is tunnelled through the firewall (which it would not allow by default) and enters your network via the SBS box. Just thinking about how you might do this is making my head hurt!  :(
    The whole point of a firewall box is that it is the first device seen by outside packets.

    You almost certainly don't need to do this. You could, for instance, setup 1:1 NAT to your SBS allowing it to appear to be directly connected but still having pfSense filter traffic.

    Steve



  • I have tried to change the LAN ip in PFsense from 192.168.1.1 to 192.168.2.2.
    Then, in the sbs server, using router with ip option, configure router/gateway with ip address 192.168.2.2 (PFsense) and my isp dns addresses as I obviously cannot use the server address here.
    However, When I type 192.168.2.2 in the browser, I cannot access the pfsense box.
    I have set ppoe using PFsense and disabled dhcp in pfsense earlier when I was connected using 192.168.1.X. I just assumed that this would work. I was wrong.



  • @T:

    When I add the pfsense box, I must be able to change the ip from 192.168.1.1 to a 192.168.2.X.
    Why should this be so difficult?

    I presume you have found the console option to change the IP address of an interface.

    I have observed a couple of times that a reboot seems to be needed for major changes in pfSense interface address to take effect.

    In some cases, I have found it sufficient to restart the pfSense web GUI from the console menu after changing IP address.



  • OMG…
    I'm sooo embarrased.
    Somehow, I had the nic configuration reversed.
    I've set this so many times that I guess I wasn't paying close attention when configuring the nics.
    Strangely, it worked on the 192.168.1.X and I didn't change anything other than the lan IP.
    But after rebooting, I noticed that the IP's were reversed.
    Of course it wouldn't work.
    Sheese!
    Working like a charm now!!
    Thanks for all your help!!


Log in to reply