Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Looking to see if pfSense can replace a couple home rolled linux firewall

    Routing and Multi WAN
    2
    2
    440
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jerrys last edited by

      Hi,

      I did some searching around the site, but I didn't locate either a complete configuration manual or exact match on the forum.
      I have one case where I am putting in a new firewall and another where I want to replace an existing one.

      The first one is easier:
      Lan is simple, everything is masqueraded and should use port mapping
      WAN 1 is slower broadband but no data usage
      WAN 2 is faster, but there are significant bandwidth charges (satellite based) and a free period
      I want to use WAN 1 as the active interface when it is up
      I want to use WAN 2 when WAN 1 is down and also during the WAN 2 free period (midnight-5am)
      I will need to do all management remotely
      Can someone verify this is easily done and point me to the correct information to set it up

      Here are the things that happen on my current linux based firewall. This is more fun:
      1 LAN interface has Internet routable address space
      WAN 1 is cable and is DHCP addressed. it has outages about every 6 month but is faster.
      WAN 2 is DSL and has a static address. This is a good bit slower but has been rock solid (except for a modem failure)
      Default traffic is masqueraded, port mapped and sent out WAN 1 when it is up
      Bare TCP syn packets from the internet are discarded unless the port is open to a machine (like ssh of a special service)
      There is an IP-IP tunnel over WAN 2 that routes the addressable address space.
          there is a static route on WAN 2 to the other end of the tunnel
      Some hosts are wired to route over the tunnel with Internet addresses
          in linux, this is done with a combination of iptables marking the traffic and an alternate routing table sending the reaffic over the tunnel
      There are time limits on certain hosts.
          I implement this with iptables changes that are scheduled by cron and executed by at, so the times can be easily adjusted for a single day.
          I have command line scripts that can do some things that are remotely triggered

      I have no specific attachment to the implementation method, I just need the functionality. Can pfsense do these funtions?

      1 Reply Last reply Reply Quote 0
      • H
        heper last edited by

        probably.

        at first glance doesn't look like theres anything that would be impossible using the webgui

        1 Reply Last reply Reply Quote 0
        • First post
          Last post

        Products

        • Platform Overview
        • TNSR
        • pfSense
        • Appliances

        Services

        • Training
        • Professional Services

        Support

        • Subscription Plans
        • Contact Support
        • Product Lifecycle
        • Documentation

        News

        • Media Coverage
        • Press
        • Events

        Resources

        • Blog
        • FAQ
        • Find a Partner
        • Resource Library
        • Security Information

        Company

        • About Us
        • Careers
        • Partners
        • Contact Us
        • Legal
        Our Mission

        We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

        Subscribe to our Newsletter

        Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

        © 2021 Rubicon Communications, LLC | Privacy Policy