Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    New to pfSense - help me strategise?

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    3 Posts 3 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      ConanMan
      last edited by

      Hi I am new to pfSense.

      I have an office with a netgear modem router running wifi and DHCP on the 192.168.0.1/24 IP range (0-100 are reserved, 101-254 are leased) and has some basic port forwarding rules and a small set of MAC address locked IP's.

      What has happened is that I need to log all internal traffic by type and IP address. The netgear router doesn't do this. SO I need to add a "box" and I thought of pfSense. What I would like to do is this:

      • buy a mini-pc (does it need 2 network cards?)

      • put pfSense on it

      • disable DHCP on the router

      • give the router it's own static IP of 192.168.2.2

      • use pfSense for the netgear wifi DHCP leases (?! how ?!)

      • create a new pfSense gateway with  2 ( ?do I need 2 or can I bridge a virtual network connection?) ethernet connections (giving it an IP of 192.168.2.1 and an of 192.168.0.254) and use that to hand out the DHCP leases in the 192.168.0.1/24 range (101-253)

      • do this is such a way that the router on 192.168.2.2 is the gateway for pfSense

      • do nothing to the static IP addresses in the 192.168.0.1/24 range because they will still work

      • lock down the small number of DHCP leases that stay locked to MAC address, also on the 192.168.0.1/2 range

      • add ntop (for traffic logging) and configure pfSense into some traffic shaping for the 192.168.0.1 /24 range

      • re-apply the port forwarding rules

      my question is - will this even work? If so what are my main things to look at? How can I assure the network that the wifi will still work, or that the modem will be ok.

      my minimum baseline is … a world where wifi works... current static ips are able to stay as they are... everything is logged and managed by pfSense but the netgear is doing all the peripheral interconnecting at both ends (i.e. ISP and wifi, even perhaps a physical switch when needs be, with pfSense in the middle doing DHCP and being a gateway) - ISP -> modem ->  pfSense (DHCP) < - wifi < - LAN

      1 Reply Last reply Reply Quote 0
      • marcellocM
        marcelloc
        last edited by

        Usually, ISP -> modem(bridge mode) -> pfsense –> LAN is a good setup.

        Pfsense is able to be a wifi router too if you buy a compatible device.

        Disable net gear wifi before enabling bridge mode.

        If you have a switch that supports vlans, pfsense box can work with one interface only.

        Treinamentos de Elite: http://sys-squad.com

        Help a community developer! ;D

        1 Reply Last reply Reply Quote 0
        • E
          Erjen
          last edited by

          Hi,

          If I don't use VLAN, then how should the pfSense server be configured? One networkcard with two interfaces? So one for incoming network and the other one for filtered network?

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.