Moving from ipcop to pfsense [DONE]

  • First, great firewall !

    we have used IPCOP for a long time with the Zerina OPENVPN addon, Adv. Proxy and URL Filter in our company

    Since we have some trouble with routing traffic through the firewall i'm thinking of moving to pfsense.

    My network looks like the following

    currently 2Mbit E1, but we will go to 10Mbit fibre soon

    External Network /29 IP adresse range but only 2 IP's beeing used
    internal network /21 address range
    dmz /24 Address range (one ftp server and maybe a notes server, this one is currently in the internal network)
    wireless not work /24 network for wireless guest with two access points attached only access to the internet.

    The Notes server should go to the DMZ same as the ftp server
    Access from internal network should be not limited, access to SMB, RDP, Notes Ports (1352) etc some for the ftp server
    the notes server should be accessable from the internet via port 1352,1533 for the notes clients to replicate and via https (443) for webaccess

    I would like to limit the bandwith for the wireless subnet, so clients can't use more than 512k bandwith

    i guess this is a pretty simple setup, but i want to make sure everything works, before i switch.

    Is a proxy really needed ? or just use trafficshaping

    Is it possible, to connect multiple clients via openvpn using the openvpn client for windows (
    and having a seperate config for each client ?

    I have pfsense running at home on a ALIX and got openvpn working on time…

    I hope all this makes sense and i get some usefull input

  • This forum is great
    Just found this thread regarding openvpn,7840.0.html
    perfect !!!!

    so my openvpn question is gone ….

  • Firewalling - just create the appropriate rules on the interfaces.  Remember that you act on packets arriving on an interface, not leaving (so to block traffic from a LAN IP to the DMZ you would create the rule on the LAN interface)

    Bandwidth - Traffic Shaper

  • I will swap tonight …
    crossing fingers

    I will pretty much not touch the Lan rule, because we have no limitation from the Lan to the internet.
    The only thing i would love to have is Squidguard but no success to setup up right on my testsystem on a transparent proxy....

    Putting in a seperat box just for proxy, virus scanning and url-filtering is a bit of an overkill for10 users.

    But i guess there is no Antivirusscanner for pfsense...

    The openvpn guide is perfect!!!!!

  • Hey, I run more than that for 2 users (at home) ;)

    There is no package for an AV scanner.  If you feel it's important you could work on one yourself or use a FreeBSD package (details are in the forum).

  • What a great pice of software !
    I move last night to pfsense, and no problems at all.
    Everything is  working perfectly
    I could solve my "routing" problems

    OpenVpn works like a champ …. ManyThanks to frewald

    Asus P5M2-M
    Intel Core2Duo 6320 1,86GHz
    2GB DDR2 667 ECC
    3ware 9650 SATA Raid
    2 Samsung 250GB Raid1
    2 Broadcom Gigabit Nic's
    2 Intel Gigabit Nic's

    Can't wait to get my 10Mbit fibre line....

Log in to reply