Advice for network restrictions



  • Hello! I am new here and new in using this kind of software so pls be more indulgent :)  I need to do some restriction on LAN network to access internet. After some reading on internet i have installed Ipcop to do the thing but it didnt. No matter what i do i cant enter internet from lan. I try register ipcops.com but i couldnt ( idk why ) says my acc is inactive for whole week now. Since i couldnt make it to work i decide to look for another software and end up here. So i have some questions about pfsence before try to install and manage it.
    Does it work as a router ( i have static IP privided from isp )? Can be installed on any PC ( because i have old pc here with two lan cards i want to use )  ? whats the diffrence between pfsence and ipcop ?  or maybe You will advice me something else for internet restrictions ? Or maybe someone can advice me for ipcop ?

    Thank you!


  • Netgate Administrator

    I came to pfSense from IPCop a few years ago.
    Yes it can run as a router. Do you have more than one public IP?
    Yes you can install it on most X86 (32 or 64bit) hardware. In fact it's often better to install on slightly older hardware because…
    The biggest difference between IPCop and pfSense is that IPCop is built on Linux using IP tables whereas pfSense is built on FreeBSD (which isn't Linux  ;)) using the pf packet filter. Generally speaking Linux offers better, more current, hardware support than FreeBSD and this is especially true in pfSense because it is currently built on an older version. The upcoming pfSense 2.2 will be built on the FreeBSD 10.1, the most recent version, so will offer better hardware support. You can try the 2.2 beta version if your harwdare is not supported by 2.1.5. What hardware do you have?
    The other big difference between the two is that pfSense is a lot more flexible that IPCop. There is no Green, Red and Blue interface for example, any interface can take on any role. You want 3 DMZ, 4 wifi and 3 WAN interfaces? No problem just add enough NICs (or use VLANs).  :)

    Last time I used IPCop it was easy to setup though.

    Steve



  • Well i dont wanna do anything fancy. Have about 15 pc and need some of them to have full access and other only few Information portals. All will have to upd av soft and stuff like that. Ipcop seemed to be pretty simple in this but i couldn't set it up right. Have only one ip FROM ISP . Can accsess to web interface but no net. Attach it after my router to make another separated lan for test but all the same…. No net. I saw there is live cd with pfsence.. can i try it without uninstall ipcop? 
    Thank you for this quick response!



  • the livecd works without installing.
    additional packages like anti-virus and proxy can only work on a full or usb install.


  • Netgate Administrator

    If you tell us exactly what hardware you have we can give you some idea as to how well supported by pfSense it might be.

    If you have 1 public IP and use private IPs in your network then you should have little difficulty getting up and running, that's the default configuration.

    It's been too long since I used IPCop to offer any useful advise I'm afraid.



  • Ok when i get to work tomorrow will tell you exactly the pc components .tried several settings dhcp on of , firewall rules but no luck. ..



  • here information for pc from ipcop. If there is requirements for hardware i better check is mine comptable with ipcop. I guess its something little i miss here but cant figure it uot

    pc.txt



  • try with livecd but not detecting one lan card so i will leave it for now. Thank you for your answers. will continue to deal with ipcop or will try something else. If you can help me there will be great. If anyone cen help me register their forum will be awesome bcs idk why i cant register. Keep saying inactivate account contact board administrators for help…. but to contact them i need to be registered :)

    Thank you!


  • Netgate Administrator

    How much ram do you have in that box? It's old enough it might be low. 256MB is really the absolute minimum.
    I assume it's the Hongzhou Silan card that isn't detected? That appears to be a Chinese replica of a Realtek 8139, itself a card with a very bad reputation. Rather than try to make that card function I would replace it.

    Steve



  • Thanks for not gave up on me :)    You are right that lan card was the problem … When you said about the card i check the log i post here and I saw  "Link state (MII):
    lan-1: negotiated 100baseTx-FD, link ok
    wan-1: link status: unknown (MII not supported)

    Change it with one old kingston and now Ipcop runs :D  try to run Pfsense on livecd to try it but have troubles setting it up. vlan assigments and crap ...  but still trying tho.

    Thanks


  • Netgate Administrator

    When it asks 'do you want to setup VLANs now?' Just press 'n' and move on to entering the WAN and LAN interfaces. Unless you need VLANs of course.  ;)

    Steve



  • i am confused  :o  made some settings to wan and lan and now says can access webconfigurator from you browser at http:// ..my wan ip address ?  how can i access from there ?  shouldnt be from lan address wisn is 192.168.1.1 ?
    I guess i mess it up



  • It sounds like you have only setup the WAN. When there is only WAN ("one-arm router") then the webGUI (and everything) has to be done from WAN side.
    At the console, you really should just need to select the device and enter IP address details for WAN and then LAN.
    Post some console output of what you do.



  • I am sorry for delay but i am away for few weeks and cant work on my project. When come back will continue with digging in the debths of firewalling. Thanks for understanding