Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Looking to see if pfSense can replace a couple home rolled linux firewall

    Scheduled Pinned Locked Moved
    Routing and Multi WAN
    2
    2
    520
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jerrys
      last edited by

      Hi,

      I did some searching around the site, but I didn't locate either a complete configuration manual or exact match on the forum.
      I have one case where I am putting in a new firewall and another where I want to replace an existing one.

      The first one is easier:
      Lan is simple, everything is masqueraded and should use port mapping
      WAN 1 is slower broadband but no data usage
      WAN 2 is faster, but there are significant bandwidth charges (satellite based) and a free period
      I want to use WAN 1 as the active interface when it is up
      I want to use WAN 2 when WAN 1 is down and also during the WAN 2 free period (midnight-5am)
      I will need to do all management remotely
      Can someone verify this is easily done and point me to the correct information to set it up

      Here are the things that happen on my current linux based firewall. This is more fun:
      1 LAN interface has Internet routable address space
      WAN 1 is cable and is DHCP addressed. it has outages about every 6 month but is faster.
      WAN 2 is DSL and has a static address. This is a good bit slower but has been rock solid (except for a modem failure)
      Default traffic is masqueraded, port mapped and sent out WAN 1 when it is up
      Bare TCP syn packets from the internet are discarded unless the port is open to a machine (like ssh of a special service)
      There is an IP-IP tunnel over WAN 2 that routes the addressable address space.
          there is a static route on WAN 2 to the other end of the tunnel
      Some hosts are wired to route over the tunnel with Internet addresses
          in linux, this is done with a combination of iptables marking the traffic and an alternate routing table sending the reaffic over the tunnel
      There are time limits on certain hosts.
          I implement this with iptables changes that are scheduled by cron and executed by at, so the times can be easily adjusted for a single day.
          I have command line scripts that can do some things that are remotely triggered

      I have no specific attachment to the implementation method, I just need the functionality. Can pfsense do these funtions?

      1 Reply Last reply Reply Quote 0
      • H
        heper
        last edited by

        probably.

        at first glance doesn't look like theres anything that would be impossible using the webgui

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.