Pfsense and 2networks
-
Hello all ;D (Move to where this topic needs to go If need to be moved?)
I have pfsense 2.0.2 on a box but i am having a hard time setting up 2 networks, I have the pfsense (10.10.10.1) box talking to the WWW (ping google YES) , network 1 (10.10.10.2) and network 2 (10.10.10.3)
but now i need a way to get from network 1 in too network 2 BUT not have the out side world (WWW) to see network 1, Anyone have any good ways i should go bout doing this whit out a opening holes in my security
and no lines from 1 - 2 I DO NOT HAVE THE SPACE/PORTS to do so. ????What i have to work whit
LIST:
2x linksys wrt54g x4 ports-1=3ports
8 port switch
5 Server
6 Users / 3 hard line | 3 WIFI
–----------------------------------------------------------
/* */maybe this will help?
My setup:
http://247computerguy.com/img/000.jpgwhat i am trying to do:
http://247computerguy.com/img/002.jpg-Thanks
-
Your explanation gibes no clue why you should use two separate LANs. One single LAN would do the job.
If you have to use two separate LANs, use different subnets.
-
Your explanation gibes no clue why you should use two separate LANs. One single LAN would do the job.
If you have to use two separate LANs, use different subnets.
Well this is at my home and i am running test servers so i am trying to make it so if someone hacks in to my server network AKA network2 then my home network AKA netowk1 will not be on the same network or the same lan IPs and subnet now that you say that! , I mean if all on the same LAN would be ok?
All n all i am asking what is the best way to go bout setting up a network like this? I am a bit of a n00b :-[ on the best way of doing things
-
" network 1 (10.10.10.2) and network 2 (10.10.10.3) "
These are not different networks
Are those the WAN IPs of your linksys wireless routers? So your double natting to the internet for any specific client?
Or are you using the routers as Accesspoints and those IPs you give are just the lan IPs of linksys.
What is a client IP be it wireless or wired on what your calling network 1 and network 2?
If you want to isolate traffic between segments then create other segments. How many network cards does your pfsense box have?
You would use your wireless routers as ether Acesspoints or just switches and create 2 lan segments in pfsense.
-
I have pfsense 2.0.2 on a box but i am having a hard time setting up 2 networks, I have the pfsense (10.10.10.1) box talking to the WWW (ping google YES) , network 1 (10.10.10.2) and network 2 (10.10.10.3)
Just to clarify: Do you mean your three pfSense interfaces have IP addresses 10.10.10.1, 10.10.10.2 and 10.10.10.3?
(If so, this is an invalid configuration; the interfaces all need to be on distinct IP subnets.)
Please post the IP address and subnet mask of each of the pfSense interfaces. The easiest way to get this is probably to capture the output of pfSense shell command```
/etc/rc.banner -
Sorry i see i need to post more info! new here lol ill post the real ip's this time
pfsense = 10.3.3.3
linksys1 = 10.1.1.1
linksys2 = 10.2.2.2
8_port_switch = hooked in to linksys2BTW i am running dd-wrt on both liksys
–-------[modem]+–------+NICK1{WAN}+[pfsense(10.3.3.3)]+NICK2(10.3.3.3){LAN}+–-------+LAN[linksys(10.1.1.1)]LAN+–----------------------+COMPUTER(10.1.1.10)
+NICK3(10.3.3.4)LAN2+
|
|
|
+
LAN
[linksys(10.2.2.2)]–---------------------+[8_port_switch]+–-------------------+[Server(10.2.2.10)]johnpoz
Are those the WAN IPs of your linksys wireless routers?
No
So your double natting to the internet for any specific client?
I don't know what you mean?
Or are you using the routers as Accesspoints and those IPs you give are just the lan IPs of linksys.
Yes more or less i think (i try to use the WAN nick on the linksys but could not get DHCP/DNS or the net to work)
/***************************************************************************************/wallabybob
Just to clarify: Do you mean your three pfSense interfaces have IP addresses 10.10.10.1, 10.10.10.2 and 10.10.10.3?
(If so, this is an invalid configuration; the interfaces all need to be on distinct IP subnets.)Yes and so i need to fix that ok got it, will this be good? ( 10.1.1.1 , 10.10.1.1 , 10.10.10.1 ) or what should i use?
Please post the IP address and subnet mask of each of the pfSense interfaces. The easiest way to get this is probably to capture the output of pfSense shell command
WAN (wan) -> sis0 -> xx.xxx.xx.xxx (DHCP)
LAN (lan) -> rl0 -> 10.3.3.3
LAN2 (opt1) -> rl1 -> 10.3.3.4Ok sorry bout that i try not to give out all my ips and info but maybe if i do this will help?
-
And what is your mask? And those are on the same network.
WAN (wan) -> sis0 -> xx.xxx.xx.xxx (DHCP)
LAN (lan) -> rl0 -> 10.3.3.3
LAN2 (opt1) -> rl1 -> 10.3.3.4And what is this
pfsense = 10.3.3.3
linksys1 = 10.1.1.1
linksys2 = 10.2.2.2So are you on a /8 ?? Having a Hard time understanding your line drawing.
Here this is How you would setup a 2 segment network and using your linksys as accesspoints
So
Pfsense
Wan dhcp = public IP from your ISP
LAN1 (lan) = rl0 10.0.1.1/24
LAN2 (opt1) = rl1 10.0.2.1/24Connected to LAN Ports of your linksys boxes, who have their dhcp servers TURNED OFF!!!
linksys lan 1 10.0.1.2/24
linksys lan 2 10.0.2.2/24Now devices on lan 1 would be say 10.0.1.42 and would point to 10.0.1.1 as gateway (pfsense IP on this network)
Devices on lan 2 would be say 10.0.2.14,15,16, etc. And point to 10.0.2.1 as gateway (pfsense IP on this network)
Now you could forward what traffic you want from internet. But if you don't allow traffic between your lan 1 and lan 2 via your firewall rules they will not be able to talk to each other.
edit: I think I reversed the lan 1 and 2 and the ips I put in the picture.. Doesn't matter you can use whatever IPs you want to be honest, I just kept it simple. Keep it simple with a easy to read and understand /24 mask. You only have a couple of machines there is no reason to use anything bigger than a /24.
-
Sorry about that i don't know all the names of things and still getting the hang of networking
Here this is How you would setup a 2 segment network and using your linksys as accesspoints
So
Pfsense
Wan dhcp = public IP from your ISP
LAN1 (lan) = rl0 10.0.1.1/24
LAN2 (opt1) = rl1 10.0.2.1/24
Connected to LAN Ports of your linksys boxes, who have their dhcp servers TURNED OFF!!!
linksys lan 1 10.0.1.2/24
linksys lan 2 10.0.2.2/24
Now devices on lan 1 would be say 10.0.1.42 and would point to 10.0.1.1 as gateway (pfsense IP on this network)
Devices on lan 2 would be say 10.0.2.14,15,16, etc. And point to 10.0.2.1 as gateway (pfsense IP on this network)
Now you could forward what traffic you want from internet. But if you don't allow traffic between your lan 1 and lan 2 via your firewall rules they will not be able to talk to each other.You sir hit the nail on the head, this is what i was tryin to say! (never been to good at asking for help on forums)
TURNED OFF!!!
Yes i know and set it to for forward to pfsense/DHCP Server
so let me get the names right
pfsense = WAN/gateway/firewall/LAN
linksys (&/or any other device) = accesspoint?Now you could forward what traffic you want from internet. But if you don't allow traffic between your lan 1 and lan 2 via your firewall rules they will not be able to talk to each other.
ok. So i would need to open (lets say FTP Port:21) so on lan1 open Port:21 and on lan2 Port:21 then one or more devices from lan1 can talk to a servers on lan2?
–---------------------------
edit: I think I reversed the lan 1 and 2 and the ips I put in the picture..
yes you did sorry my pic was not as good next time ill make it better
I just kept it simple. Keep it simple with a easy to read and understand /24 mask.
Yes that is why i did 10.1.1.1 and so on, yeah /24 mask is what i am going to do after i get this working right now this is just for testing!
