Need help setting up Pfsense between adsl modem and wireless ap

pfnewb · Jun 3, 2015, 4:43 PM

Hey guys,

First of all I would like to apologize for not posting this in the relevant thread, I am new here and was not sure where my question should be posted.

Also I would like to add that my internet connection is average and maxes out at 600Kb downloads so I am not too worried about using usb ethernet adapters or peripherals.

My hardware:

Netcomm NB304 (not wireless) got it free with my ISP years ago. (Static IP: 192.168.1.1) It has a native firewall which Im not quite sure how to disable. One wire from telephone jack going in and one ethernet cable connected to ASUS router

ASUS RTN56 Dual band ac600 router ( I put it into access point mode and turned off dhcp so not sure what the IP is I suspect its 192.168.2.2) But all wireless devices connected through it have an IP of 192.168.1.x

Mac Mini 2011 (plex media server with a static IP on same subnet as above connected via ethernet to ASUS router)

Raspberry Pi B+ ( Tor router for anonymous deep web browsing with static IP on same subnet connected via ethernet to switch then Asus router)

Raspberry Pi B+ (Tor relay to give back to community, static IP on same subnet with ports forwarded on netcomm dsl modem/router)

3 more Rpi 2's running rasplex around the house all have static IP and connected through wifi to ASUS router

10 other wireless devices including laptops Ipads chromecasts etc, they dont have static IP's except my laptop.

My Pfsense Hardware:

I have a very old core 2 duo which I was running as a fileserver with xp on for years. I thought it was destined for the trash but found out about Pfsense and have been trying to set it up for a week now, I just keep messing up my whole network, I get locked out of my dsl modem and have to reset it. Very frustrated but Im not giving up till this works!!

Sorry for the rant anyways My hardware is:

Core 2 duo 2.4Ghz 2GB ram, 60gb hdd, Built in ethernet not gigabit, 8 usb ports and one free Pci slot, Its a old compact system with not much space to put anything other than one pci card and a few usb dongles.

I also have a pluggable usb 2 ethernet adapter that I dont want to go to waste and would like to use it in this project

Is there anyway I can install pFsense on my crappy computer and make it act as a firewall between my adsl router netcomm and wireless AP. I would like the pfsense box to assign IPs and act as the sole firewall for my network (I would also like to forward my Tor relay, and plex media server ports via pfsense for outside access.

Can anyone please help me set this up?

Basically Built in ethernet adapter and usb ethernet adapter work together, one grabs internet from my adsl router and the other forwards it to my AP and rest of cabled network.

Thanks in advance

Pfnewb

pfnewb · Jun 2, 2015, 5:42 PM

P.S I would also like to add I have already installed the latest pfSense on the system but never get the internet working.

Derelict · Jun 2, 2015, 5:50 PM

Netcomm NB40 (something not quite sure) got it free with my ISP years ago. (Static IP: 192.168.1.1) It has a native firewall which Im not quite sure how to disable.

Step one is getting that information. You want "Bridge mode."

pfnewb · Jun 2, 2015, 5:55 PM

@Derelict:

Netcomm NB40 (something not quite sure) got it free with my ISP years ago. (Static IP: 192.168.1.1) It has a native firewall which Im not quite sure how to disable.

Step one is getting that information. You want "Bridge mode."

Apologies its super late here in Australia. Jumped out of bed and confirmed it a NB304 Netcomm

I have fixed that in the OP as well.

pfnewb · Jun 2, 2015, 6:17 PM

Nevermind guys after doing some googling I came across the information I hopefully need.

To put my adsl modem in bridge mode I will follow these steps:

http://www.netcommwireless.com/sm/videos/nb304n/nb304n-bridge-setup-guide

And to configure the wan I will follow these steps:

http://www.interspective.net/2012/05/pfsense-initial-configuration-adsl-wan.html

If everything works or I have issues I will post here again in a few days.

Hopefully most of you will be nice enough to help

Cheers

Pfnewb

2chemlud · Jun 2, 2015, 6:46 PM

…if you need someone nice, PM doktornotor here on the forum. He has angelic patience and will guide you through step-by-step... 8-)

doktornotor · Jun 2, 2015, 7:02 PM

@2chemlud:

…if you need someone nice, PM doktornotor here on the forum. He has angelic patience and will guide you through step-by-step... 8-)

firewalluser · Jun 2, 2015, 7:18 PM

@pfnewb:

And to configure the wan I will follow these steps:

http://www.interspective.net/2012/05/pfsense-initial-configuration-adsl-wan.html

For the PPPoE, the wan interface is like you see in the 2nd link posted above, but if you ever need to go back and change the PPPoE or add new ones, you can find it in the menu options Interfaces, Assign, it will then bring up the Interfaces webpage so just click the PPP tab and you'll see one entry for the ppoe you have set up.

If you click Interfaces Assignment tab (1st tab on the web page mentioned above), you'll see your WAN interface should have PPPOE0(emX) - username visible in the drop down. emX is the corresponding interface for your WAN which is bridging to your modem.

That bit caught me out in the past and I spent ages trying to find those webpages to make changes.

pfnewb · Jun 2, 2015, 8:53 PM

So did a bit of thinking and since my pc/pfsense router has only one pci slot I chose to discard the built in stoneage ethernet and ordered one of these:

http://www.ebay.com.au/itm/High-Speed-USB-3-0-2PORTS-PCI-E-2-0-Express-Expansion-Card-Adapter-/291427831837?pt=LH_DefaultDomain_15&hash=item43da73d01d

And two of these

http://www.ebay.com.au/itm/USB-3-0-to-Gigabit-RJ45-Ethernet-LAN-Adapter-1000Mbps-for-PC-Laptop-Mac-/201207032685?pt=LH_DefaultDomain_15&hash=item2ed8dfab6d

Correct me if Im wrong but USB 3 should be fast enough to handle gigabit without any bottlenecks?

Will keep you guys posted incase this is useful to someone else

pfnewb · Jun 2, 2015, 7:50 PM

@firewalluser:

@pfnewb:

And to configure the wan I will follow these steps:

http://www.interspective.net/2012/05/pfsense-initial-configuration-adsl-wan.html

For the PPPoE, the wan interface is like you see in the 2nd link posted above, but if you ever need to go back and change the PPPoE or add new ones, you can find it in the menu options Interfaces, Assign, it will then bring up the Interfaces webpage so just click the PPP tab and you'll see one entry for the ppoe you have set up.

If you click Interfaces Assignment tab (1st tab on the web page mentioned above), you'll see your WAN interface should have PPPOE0(emX) - username visible in the drop down. emX is the corresponding interface for your WAN which is bridging to your modem.

That bit caught me out in the past and I spent ages trying to find those webpages to make changes.

Thanks dude Ill definitley comeback here when I want to change the PPoE

divsys · Jun 3, 2015, 12:27 AM

Well…..

USB NICs are notoriously prone to flakiness w/pfSense. Search the forum for references, there's more than two.....

I would look for a dual (or even quad) port NIC card instead of the USB3.0 card.

YMMV, and good luck whichever way you go.

Derelict · Jun 3, 2015, 12:56 AM

USB NICs are notoriously prone to flakiness w/~~pfSense~~everything

fixed it for you.

pfnewb · Jun 3, 2015, 6:58 AM

@divsys:

Well…..

USB NICs are notoriously prone to flakiness w/pfSense. Search the forum for references, there's more than two.....

I would look for a dual (or even quad) port NIC card instead of the USB3.0 card.

YMMV, and good luck whichever way you go.

Do you think this will do a better job?

http://www.ebay.com.au/itm/DELL-LAN-CARD-D33682-0X3959-PCI-E-2-PORT-GIGABIT-NETWORK-CARD-X3959-HIGH-PROFILE-/301650265434?pt=LH_DefaultDomain_15&hash=item463bc1c55a

Have to wait till i get paid tho.. :(

Derelict · Jun 3, 2015, 7:01 AM

@pfnewb:

Do you think this will do a better job?

http://www.ebay.com.au/itm/DELL-LAN-CARD-D33682-0X3959-PCI-E-2-PORT-GIGABIT-NETWORK-CARD-X3959-HIGH-PROFILE-/301650265434?pt=LH_DefaultDomain_15&hash=item463bc1c55a

Have to wait till i get paid tho.. :(

Yes.

doktornotor · Jun 3, 2015, 7:02 AM

Yeah that's about 1000000% better than anything USB-based. ;)

pfnewb · Jun 3, 2015, 4:17 PM

@doktornotor:

Yeah that's about 1000000% better than anything USB-based. ;)

Bought it, Thanks to paypal I can pay after delivery :D

I cant believe I didnt think of this before, going through the trouble of getting a usb 3 nic and then 2 gigabit usb adapters altogether set me back about $45 for the things im gonna shelf.

The 2 port gigabit NIC set me back $49

Wish I wasnt so impulsive.

EDIT: Got a refund on the usb 3 giabit adapters so thats $30 not wasted… YAY!!

firewalluser · Jun 3, 2015, 9:37 AM

One of the reasons USB nics can be flakey in pfsense is freebsd doesnt remember the USB device order assigned to the nic if you unplugged them and plugged them back. Sometimes you may not see the changed USB order until you rebooted pfsense.

Anyway if you get hit by the problem in pfsense, the way to resolve it, is go into the same webpage I mentioned before using the menu options Interfaces, (assign), the webpage Interfaces:Assign-network-ports pop up.

You'll see your interfaces each with a drop down. The UEx (mac id) will change order, so you need to either unplug and move the cables to match the new order you see on this page, or reorder the _UEx(mac id)_s to what you have physically setup with the nics and cables ie as it was before.

If you dont know what goes where, the mac id can help you as the usb devices will have the mac id on a label somewhere on the usb nic.

Basically its the UEx order that gets messed up here on Interfaces:Assign-network-ports webpage because freebsd doesnt remember the order, but other OS's do or they have work arounds in place so its not an issue.

The only caveat is make sure your GUI access typically the LAN interface is a non-usb nic so in the case of a (old re-purposed) laptop which typically only has one motherboard nic, always make sure a rule exists for that motherboard nic so you can access the gui, but there is nothing stopping you from making your laptop motherboard nic an OPTx interface provided its got a rule to access the gui.

I havent experienced any other problems with usb nics and havent found any other problems in the forums concerning usb nics yet but anyone who would like to show me I would be grateful. :)

Things to bear in mind with usb nics, is they go through a different part of the OS and possibly some hubs like mine do to make life more interesting, unlike some of the more powerful nics which handle some of the basic network packet processing, usb nics are like dumb terminals so all the packet processing is handled by freebsd.

If you go into System:Advanced:Networking down the bottom you will see some options which relate to disabling some of the nic processing thats built onto non-usb nics. If you ticked (disabled) all the options here, you make those card/motherboard nics much like dumb/usb nics just so you know.

I'm not anti non-usb nics, in fact I've been using some of the earliest Intel dual and later quad port nics in MS SBS 2000 & SBS 2003 premium to increase network speeds onto a box already doing lots of work when hw prices were very much still a premium unlike todays almost disposable prices and I've also used proper fibre to overcome the distance limits you get with CATx cables & directional wifi, everything has its place and its use and everything has its weaknesses.

Knowing the strengths and especially the weaknesses is useful.

Edit. I should add if using a laptop as your pfsense box and you do still mess up your usb nics, you have the added benefit of the laptops monitor and keyboard giving you direct access to the Command Line Interface (CLI) and if its really old and sleeps when you close the laptop lid it might be using APM instead of ACPI but but the ACPI should show None so it shouldnt sleep anyway when you close the monitor.
Type :
sysctl hw.acpi.lid_switch_state

At least you wont get dust building up on the monitor and keyboard whilst its running away. ;)

pfnewb · Jun 4, 2015, 5:31 AM

Hey Guys I have decided to get rid of the ASUS wireless AP and use one of these to broadcast wireless directly from the pfsense box.

http://www.newegg.com/Product/Product.aspx?Item=N82E16833166103

I am not sure if I will see a significant speed reduction because I only have usb 2 ports available, and the one nic slot is going to be used for a dual port gigabit adapter.

Is this device compatible with pfsense? And would the usb 2 make the network slower than it is atm using an RTN56u ac600

Thanks

Derelict · Jun 4, 2015, 6:18 AM

So you get information that USB NICs suck then you decide to go against all recommendations regarding using a purpose-built AP and go with a USB Wireless NIC?

I don't get it.

2chemlud · Jun 4, 2015, 7:24 AM

Derelict has described it here somewhere how to set up an access point for WLAN:

At the access point

configure WLAN
turn off DHPC, give it a fixed IP outside (!) the subnet it's plugged to
connect a LAN (! not the WAN) port of the access point to your pfsense

At the pfsense

don't do anything

Works just fine for me! :-D