Looking to see if pfSense can replace a couple home rolled linux firewall



  • Hi,

    I did some searching around the site, but I didn't locate either a complete configuration manual or exact match on the forum.
    I have one case where I am putting in a new firewall and another where I want to replace an existing one.

    The first one is easier:
    Lan is simple, everything is masqueraded and should use port mapping
    WAN 1 is slower broadband but no data usage
    WAN 2 is faster, but there are significant bandwidth charges (satellite based) and a free period
    I want to use WAN 1 as the active interface when it is up
    I want to use WAN 2 when WAN 1 is down and also during the WAN 2 free period (midnight-5am)
    I will need to do all management remotely
    Can someone verify this is easily done and point me to the correct information to set it up

    Here are the things that happen on my current linux based firewall. This is more fun:
    1 LAN interface has Internet routable address space
    WAN 1 is cable and is DHCP addressed. it has outages about every 6 month but is faster.
    WAN 2 is DSL and has a static address. This is a good bit slower but has been rock solid (except for a modem failure)
    Default traffic is masqueraded, port mapped and sent out WAN 1 when it is up
    Bare TCP syn packets from the internet are discarded unless the port is open to a machine (like ssh of a special service)
    There is an IP-IP tunnel over WAN 2 that routes the addressable address space.
        there is a static route on WAN 2 to the other end of the tunnel
    Some hosts are wired to route over the tunnel with Internet addresses
        in linux, this is done with a combination of iptables marking the traffic and an alternate routing table sending the reaffic over the tunnel
    There are time limits on certain hosts.
        I implement this with iptables changes that are scheduled by cron and executed by at, so the times can be easily adjusted for a single day.
        I have command line scripts that can do some things that are remotely triggered

    I have no specific attachment to the implementation method, I just need the functionality. Can pfsense do these funtions?



  • probably.

    at first glance doesn't look like theres anything that would be impossible using the webgui


Log in to reply