Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Issue during adding additional interfaces

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    10 Posts 3 Posters 4.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      fastcon68
      last edited by

      I just added per the wife's request a dual port ethernet adapter to the firewall.  This took out the entire firewall.  I don't know what happened.  It will boot but nothing can go throught it.

      So I am going to rebuilt.  I am on a backup so I can take my time to rebuild.  I want to achieve the following  goals:
      1.  Install a total of three interfaces with the following settings:
          a.  192.168.14.x (main server subnet)
          b.  192.168.13.x (wireless server subnet)
          c.  192.168.12.x (experimental subnet)

      2.  DHCP to all subnets if possible

      3.  Wife wants limited access to the internet based on id's and scheduling as well as proxy set up and running)

      4.  IP SEC for 4 to 6 active tunnels

      5.  VOIP over IP on the 14 segment

      6.  Tuning on the 14 segment

      Any thoughts on getting everything up and backup and running
      RC

      1 Reply Last reply Reply Quote 0
      • P
        Perry
        last edited by

        First the latest snapshot http://snapshots.pfsense.org/FreeBSD6/RELENG_1_2/updates/

        1. You call them server and want dhcp. Where is wan :) , a picture would be nice http://forum.pfsense.org/index.php/topic,7001.0.html
        2. no problem, just leave room for the static ip's you need.
        3. captive portal. Sounds like there are kids in the house, so one idea could be to use opendns and/or squidGuard
        4. search the forum or doc.pfsense.org for more info
        5. If you have box like spa2100 then just remember to open the correct ports
        6. Do you mean Traffic shaper?

        /Perry
        doc.pfsense.org

        1 Reply Last reply Reply Quote 0
        • F
          fastcon68
          last edited by

          Here you go:  I think I have a overview:

          1. server segment 192.168.14.x
              opt1              192.168.13.x
              opt2              192.168.12.x

          2.  I would like to setup 125 - 254 for the dhcp servered segment.  OPT1 and OPT2 are going to be setup for 32 addresses, with 10 ip reserved for static addresses, so 22 addresses to be addressed for DHCP.

          3.  captive portal with time zones for activity and Squid

          4.  I have the IPSEC tunnels covered.  I have 4 tunnels running now, and more comming.

          5.  Using Vonage now with no problems

          6.  I really want to run traffic shapping on the 14 segment at least.  Is it possible to run traffic shapping on multiple segments?

          Here is a sketch:
          http://www.cartersweb.net/firewall/index.htm

          I posted it on my web server.  Let me know if you can't get to it.

          1 Reply Last reply Reply Quote 0
          • P
            Perry
            last edited by

            Most packages only works on one interface for now, but traffic shaper is on it's way http://forum.pfsense.org/index.php/topic,2718.msg41254.html#msg41254

            /Perry
            doc.pfsense.org

            1 Reply Last reply Reply Quote 0
            • jahonixJ
              jahonix
              last edited by

              When you use VLANs as per your drawing why did you add physical interfaces?
              You can think of VLANs as virtual interfaces…

              1 Reply Last reply Reply Quote 0
              • F
                fastcon68
                last edited by

                I have dual nic with both interfaces connecting to one switch acting as two.
                RC

                1 Reply Last reply Reply Quote 0
                • F
                  fastcon68
                  last edited by

                  I just got my firewall back online.  I do have the vlans setup up for 2 and 3.  I have not setup this type of configuration before.  I have the opt1 interface and the opt2 interface bridged to the lan subnet.  Have I got this setup right or I am heading down the the wrong path?

                  I have setup the IPSEC rules as well, I can ping the out to the my sites but they can come back my way.  that is cause issues for me.  Any thoughts?
                  RC

                  1 Reply Last reply Reply Quote 0
                  • jahonixJ
                    jahonix
                    last edited by

                    If your network diagram from a previous post is still correct then read this:
                    http://en.wikipedia.org/wiki/Bridging_%28networking%29

                    and you understand that you do not want to bridge your separated subnets with each other.

                    1 Reply Last reply Reply Quote 0
                    • F
                      fastcon68
                      last edited by

                      I really do want to isolate the two vlans away from the other network.  There are specifc reasons.  I have machines that should only see the wan and nothing else.

                      1 Reply Last reply Reply Quote 0
                      • jahonixJ
                        jahonix
                        last edited by

                        @fastcon68:

                        I do have the vlans setup up for 2 and 3.
                        I have the opt1 interface and the opt2 interface bridged to the lan subnet.

                        @fastcon68:

                        I really do want to isolate the two vlans away from the other network. I have machines that should only see the wan and nothing else.

                        Do not bridge them to Lan then (did you read the article about network bridging???)
                        Create pass rules for OPT1 to WAN only and similar for OPT2 to WAN.

                        @fastcon68:

                        I have setup the IPSEC rules as well, I can ping the out to the my sites but they can come back my way.  that is cause issues for me.  Any thoughts?

                        Huh, what do you mean?
                        Usually that's the desired behaviour to have a two way communication between IPSec endpoints.
                        …however, on the IPsec rules tab you can control what's allowed in and what's not.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.