Need help Router– > Pfsense-- > Users Configuration



  • Hi,

    I'm new to Pfsense and I need your help in configuring mine. Below is what I want for my Pfsense.

    My questions are:

    Is this my diagram possible?
    If not, what can you suggest?
    If yes, please help me how to configure my Pfsense.

    I hope you guys can help me.

    Thanks



  • I would connect AP directly do pfSense, and let pfSense do DHCP. You must disable DHCP on AP.
    WAN on pfSense should be cinfigured in DHCP in order to get pubblic IP from your fiber router. NAT should be disabled on fiber router to avoid double NAT. Let pfSense do NAT as well.



  • Yes AP will be connected directly to Pfsense and will get IPs from DHCP of LAN 2 in pfsense. The DHCP of the router that is connected to my fiber optic box is disabled so what I did is give pfsense WAN a static IP which is 192.168.0.1 and dns from my net provider. My WAN is working now I can ping any sites in pfsense box. (Note we only have 1 public IP. Our internet provider only gave us 1). For NAT is it possible not to disable it from my router? or it will give me problems.

    Please correct me if I'm doing it wrong.

    Thanks


  • Rebel Alliance Global Moderator

    What are you plugging your router into - fiber optic box?  What is the connection from the wan of that router to this box?  What IP does the router get on its wan?  Why can you not just plug from your fiber optic box to pfsense wan?  What are you doing with that router?

    I would look to remove double nat when possible - why do you need that router in front of pfsense?  What is the make and model number, is it really a gateway? modem/router combo?

    Also is that switch you plug pfsense lan1 and 2 into a vlan switch?  If that is just a dumb switch your running 2 different layer 3 networks over the same layer 2..  To run multiple segments like you have 192.168.1.0/24 and 192.168.2.0/24 you would need smart/managed switch that allows you to vlan be tag based or port based.  Or you should use 2 different dumb switches for your 2 segments.

    Or as wolf stuggest you could plug your AP directly into pfsense so that not overlapping on the same physical network - without details of of that switch and or vlan setup - it looks like your using 2 different layer 3 networks over the same physical wire.



  • First, I would like you to know our current network.

    From Fiber Optic Box –> Router (192.168.0.70) --> ISA Server (192.168.1.150) and DHCP (192.168.1.1) servers --> Configurable Switches (but not configured) --> USERS/APs/Application server (Citrix). Aside from serving a modem, We are using the router (192.168.0.70) before to bypass all the restrictions of our server (for admin use). We will just put secondary IP so our PC can still connect to the 192.168.1.0 network.

    What we want to do now is, remove the ISA and DHCP server and replace it with Pfsense. Please note that we are only using DHCP for access points. For all the user PC we use static IPs. The problem before why we want to replace ISA and DHCP server is the filter of sites and our DHCP IPs are limited. That is why we want LAN 2 (DHCP) to give a different IP so we can utilize the whole range (192.168.2.2 - 192.168.2.254) only to APs/WiFi.

    From the fiber optic box to router and PABX ( for telephone )
    Fiber Optic Box I am talking is an optical network terminal.
    The IP that is configured in routers WAN is our public IP.
    I can actually remove the router but my boss don't want me to remove it.
    Yes it is a gateway, modem/router combo (Linksys E4200EB)

    Someone already told me I need a vlan to be able to run multiple segments like you have 192.168.1.0/24 and 192.168.2.0/24.
    So if I don't want to configure a vlan. I can just put LAN 2 and AP into a different switch?

    Please bear with me, I'm a newbie in networking.


  • Rebel Alliance Global Moderator

    There is no point to double natting.  And a E4200 is not a gateway, its just a wifi router - is this your router? http://support.linksys.com/en-us/support/routers/E4200  I can not find anything on e4200EB??

    But sure you can just plug your AP(s) into a different switch than the pfsene lan1 and other devices are connected too for lan1.  This 2nd switch your AP and lan2 of pfsense plugged into would be fine if your switch does not support port based vlans, etc.

    Where is the PABX connected?  So this e4200 is it running PPPoE or something or just dhcp or static on its wan?



  • Yes, the router is running PPPoE. Never mind the PABX I was mistaken. e4200EB just look like that. I don't know the difference though.

    I think I'll do separate switch for now.

    Now I need the right configuration of wan, lan and lan2.

    I have now pfsense. My WAN ip is 192.168.0.1, gateway is 192.168.0.70 and it's connected to the router (Linksys E4200EB) ip is 192.168.1.70. My LAN 1 ip is 192.168.1.248, my LAN 2 ip is 192.168.2.1

    The thing is I have internet connection in LAN 1 and I don't have in LAN 2. Also if I change IP of LAN 1 to 192.168.2.0 it will loose internet connection.

    What could be the Problem.


  • Rebel Alliance Global Moderator

    And what rules did you create on lan2?  Out of the box lan that is created has an any any rule that allows outbound traffic, when you create another interface opt1, 2, 3 etc.. there are no firewall rules and you would have to create them if you want any traffic to work.

    So seems this e4200 could just be removed as it seem to serve no purpose other than your pppoe connection, which can be done on pfsense.  Why would you not want to remove that?  Its just something that could fail..  And complicates the setup with a double nat, performance hit if nothing else.