Issue during adding additional interfaces



  • I just added per the wife's request a dual port ethernet adapter to the firewall.  This took out the entire firewall.  I don't know what happened.  It will boot but nothing can go throught it.

    So I am going to rebuilt.  I am on a backup so I can take my time to rebuild.  I want to achieve the following  goals:
    1.  Install a total of three interfaces with the following settings:
        a.  192.168.14.x (main server subnet)
        b.  192.168.13.x (wireless server subnet)
        c.  192.168.12.x (experimental subnet)

    2.  DHCP to all subnets if possible

    3.  Wife wants limited access to the internet based on id's and scheduling as well as proxy set up and running)

    4.  IP SEC for 4 to 6 active tunnels

    5.  VOIP over IP on the 14 segment

    6.  Tuning on the 14 segment

    Any thoughts on getting everything up and backup and running
    RC



  • First the latest snapshot http://snapshots.pfsense.org/FreeBSD6/RELENG_1_2/updates/

    1. You call them server and want dhcp. Where is wan :) , a picture would be nice http://forum.pfsense.org/index.php/topic,7001.0.html
    2. no problem, just leave room for the static ip's you need.
    3. captive portal. Sounds like there are kids in the house, so one idea could be to use opendns and/or squidGuard
    4. search the forum or doc.pfsense.org for more info
    5. If you have box like spa2100 then just remember to open the correct ports
    6. Do you mean Traffic shaper?



  • Here you go:  I think I have a overview:

    1. server segment 192.168.14.x
        opt1              192.168.13.x
        opt2              192.168.12.x

    2.  I would like to setup 125 - 254 for the dhcp servered segment.  OPT1 and OPT2 are going to be setup for 32 addresses, with 10 ip reserved for static addresses, so 22 addresses to be addressed for DHCP.

    3.  captive portal with time zones for activity and Squid

    4.  I have the IPSEC tunnels covered.  I have 4 tunnels running now, and more comming.

    5.  Using Vonage now with no problems

    6.  I really want to run traffic shapping on the 14 segment at least.  Is it possible to run traffic shapping on multiple segments?

    Here is a sketch:
    http://www.cartersweb.net/firewall/index.htm

    I posted it on my web server.  Let me know if you can't get to it.



  • Most packages only works on one interface for now, but traffic shaper is on it's way http://forum.pfsense.org/index.php/topic,2718.msg41254.html#msg41254



  • When you use VLANs as per your drawing why did you add physical interfaces?
    You can think of VLANs as virtual interfaces…



  • I have dual nic with both interfaces connecting to one switch acting as two.
    RC



  • I just got my firewall back online.  I do have the vlans setup up for 2 and 3.  I have not setup this type of configuration before.  I have the opt1 interface and the opt2 interface bridged to the lan subnet.  Have I got this setup right or I am heading down the the wrong path?

    I have setup the IPSEC rules as well, I can ping the out to the my sites but they can come back my way.  that is cause issues for me.  Any thoughts?
    RC



  • If your network diagram from a previous post is still correct then read this:
    http://en.wikipedia.org/wiki/Bridging_(networking)

    and you understand that you do not want to bridge your separated subnets with each other.



  • I really do want to isolate the two vlans away from the other network.  There are specifc reasons.  I have machines that should only see the wan and nothing else.



  • @fastcon68:

    I do have the vlans setup up for 2 and 3.
    I have the opt1 interface and the opt2 interface bridged to the lan subnet.

    @fastcon68:

    I really do want to isolate the two vlans away from the other network. I have machines that should only see the wan and nothing else.

    Do not bridge them to Lan then (did you read the article about network bridging???)
    Create pass rules for OPT1 to WAN only and similar for OPT2 to WAN.

    @fastcon68:

    I have setup the IPSEC rules as well, I can ping the out to the my sites but they can come back my way.  that is cause issues for me.  Any thoughts?

    Huh, what do you mean?
    Usually that's the desired behaviour to have a two way communication between IPSec endpoints.
    …however, on the IPsec rules tab you can control what's allowed in and what's not.


Log in to reply