Pfsense without second router…..
-
:)
hello pfsense community
im a moderate to advanced pc user i work in it and have pretty good knowledge in networking.. enough to be able to fix most things but i have a question about pfsense and my hardware
at the moment i have a netgear n600 adsl modem/router with an adsl connection on it and i have 3 computers running off it its a 5 port modem/router with its own dedicated wan port to make 6 overall ports.. … my main pc a media centre and a dedicated file server running windows server 2008 r2 .. i will have 18gb of ram for that machine at the end of the week at the moment it only has 2gb.. i will at some stage be running esxi off it and it has 2 1gbe lan ports on it... now i have a spare dell r200 1u rackmount that i want to use and install pfsense on and have it act as a firewall router etc.. but im at a cross roads as to how i will set it up
the dell r200 has duel lans it runs at 1gbe with one device plugged in and if another is plugged it that port will run at 100mbps... so my question is do i wait for the ram to turn up install esxi with one vm running win server and the other install pfsense on it have them both using 1 or the 2 nic ports and then run the pf sense into my modem that i have bridged ? and setup my isp connection via pfsense... or can i leave the other server as it is now and use the dell r200 bridge the modem setup pfsense on it.. but this is where i am confused .. if i do that how will i have lan ports and wifi ? would i need to buy a second router and plug from the other dell 200 nic port into a trunk port on another switch and plug all my other machines into that new switch ?kind regards
confused -
What is your WAN speed? What pfSense packages (if any) do you plan to run? Any VPNs?
The Dell R200 is not a low power box. ;) Unless you need that power I would recommend running pfSense as a VM, you already have the VM host setup. Your power bills will be lower.
The connection to your server VM will be internal (virtual) so you won't need a NIC for that but you will need a physical NIC to connect a separate wifi network or DMZ to your pfSense VM.
Does your switch support VLANs? You can use VLANs to get further interfaces into the pfSense VM and then separate them at the switch.Steve
-
wan speed is 1gbit
i dont acturally have a switch just a modem/router i placed into bridge mode
as the ram has not arrived i thought id try to get it working with the following
my isp is pppoe or pppoe
so 4 hours later stuck on the wan side of things
modem/router is a DGND3700v2 adsl modem in bridge mode on ip 192.168.0.1 subnet mask 255.255.0.0
pfsense sitting on 192.168.1.1 on subnet mask 255.255.255.0
pfsense looks as if it sees the modem but just does not want to connect to it..
until i get a switch i have a tplink adsl modem router in bridge mode acting as the switch .. tplinkl lan port 1 to nic card one nic card 2 to lan port one on the netgear….. the lan side of things pfsense wise seems to be working fine .. its just the internet i cannot get running on it here is a log for the ppp
Jun 2 23:52:27 ppp: [wan_link0] Link: OPEN event
Jun 2 23:52:27 ppp: [wan_link0] LCP: Open event
Jun 2 23:52:27 ppp: [wan_link0] LCP: state change Initial –> Starting
Jun 2 23:52:27 ppp: [wan_link0] LCP: LayerStart
Jun 2 23:52:27 ppp: [wan_link0] PPPoE: Connecting to ''
Jun 2 23:52:36 ppp: [wan_link0] PPPoE connection timeout after 9 seconds
Jun 2 23:52:36 ppp: [wan_link0] Link: DOWN event
Jun 2 23:52:36 ppp: [wan_link0] LCP: Down event
Jun 2 23:52:36 ppp: [wan_link0] Link: reconnection attempt 1 in 4 seconds
Jun 2 23:52:40 ppp: [wan_link0] Link: reconnection attempt 1
Jun 2 23:52:40 ppp: [wan_link0] PPPoE: Connecting to ''
Jun 2 23:52:49 ppp: [wan_link0] PPPoE connection timeout after 9 seconds
Jun 2 23:52:49 ppp: [wan_link0] Link: DOWN event
Jun 2 23:52:49 ppp: [wan_link0] LCP: Down event
Jun 2 23:52:49 ppp: [wan_link0] Link: reconnection attempt 2 in 4 seconds
Jun 2 23:52:53 ppp: [wan_link0] Link: reconnection attempt 2
Jun 2 23:52:53 ppp: [wan_link0] PPPoE: Connecting to ''im i doing something wrong?
-
you made a good point regards to the power bil :P
so ive decided ill just wait until the ram arises then set-up esxi and pfsense then… now the question is ... my exsi box i just install the os and config it as per the guide
https://doc.pfsense.org/index.php/PfSense_2_on_VMware_ESXi_5and with the 2 nic ports.. have the adsl modem in bridge mode going to the port assigned as wan... and then just buy a 8 port 1gbe unmanaged switch to connect all my computers.. im then
faced with what to do about getting wifi working? i just hope i dont have the same issue as above when i do install it on a vm ...with the vm setup... will i be able to have windows server 2008 r2 allso installed running at the same time as pfsense?
-
wan speed is 1gbit
I think you must mean the loacl link speed is Gigabit because your modem is ADSL2 which is only capable of 24Mbps max.
modem/router is a DGND3700v2 adsl modem in bridge mode on ip 192.168.0.1 subnet mask 255.255.0.0
pfsense sitting on 192.168.1.1 on subnet mask 255.255.255.0
Ok so the mode/router has an unusual subnet that includes the pfSense LAN subnet. Do you have the pfSense WAN interface configured so you can access the modem config page? If the modem is in bridge mode then the pfSense WAN should receive a public IP, the local IP settings on the modem are not important.
I'm no ESXi expert but, yes, configure it as that guide and use a switch to get more LAN ports.
Steve
-
and with the 2 nic ports.. have the adsl modem in bridge mode going to the port assigned as wan… and then just buy a 8 port 1gbe unmanaged switch to connect all my computers.. im then
faced with what to do about getting wifi working? i just hope i dont have the same issue as above when i do install it on a vm ...Normal 'best practice' is to have your ISP modem (cable or asdl) as a single function device, with only a single connection from there to your pfSense machine (or VM) WAN port. If you use a combo unit, turn off the wireless part of it, and don't use any of the other LAN ports. And as Steve said, double-check that the modem is in bridge mode, you should see a public IP.
For wireless, it's easiest to use a wireless access point, just turn off it's DHCP server and plug it into your LAN switch. And if you are buying a switch, you really should consider getting a managed switch capable of VLANs.