Is this Correct method to install pfsense
-
Hello all , previously i configured pfsense as shown below
ADSL Router (192.168.1.1 LAN) (x,x,x .x ISP assigned Static IP WAN ) cable to –--------> Switch ----------> 1 Port connected to PFsenseWAN (192.168.1.2 PFSense WAN) (192.168.1.3 PFsense LAN )
(shown in PIC 1 )But some users can easily change the Default GW and bypass firewall so i now planning to change the setup as shown in PIC 2
will changing this enable me to filter traffic even if they change default GW to 192.168.1.1 ? kindly confirm
(Packages i use are stock PFsense with Rules , bandwidthd ,Snort
E5800
2GB Ram
-
No. Your NIC1 and NIC2 overlaps on the same subnet. Plus, bridge the modem and stick the static WAN IP on pfSense WAN to avoid double NAT.
-
thank you , so i need to do as said in this thread
https://forum.pfsense.org/index.php?topic=30653.0
Router –>PFsense NIC 1 (static IP /dhcp from router ) ------ NIC 2 to switch ---PC
Now goto Interface TAB > Bridge> select NIC 1 & NIC 2
Then net.link.bridge.pfil_bridge to 1?
2) I dont have DVD Drive , Wim32 Disk imager software supports only pfSense-memstick-2.2.3-RELEASE-i386.img.gz File not pfSense-LiveCD-2.2.3-RELEASE-i386.iso.gz File , heard memstick *.img is for Devices which dont have hard Disk ,
will i face any performance issue if i use memstick image and do install ?
thank you very much for fast answere
-
No!!! Do NOT bridge anything on pfSense. Set up the ADSL modem as bridge, set up WAN as PPPOE on pfSense.
-
I checked the My Router's Manual ,sadly it doesnt support Bridge mode (Netgear Wndr3300 ) , actually we are getting Cisco 1841 Router very very cheap , so kindly advise me how to setup
-
Netgear WNDR3300 is not a DSL modem at all… I really have no idea what are you talking about.
-
Sorry ISP kept their This Device [PIC1] –-> Connected to WAN PORT ---and LAN port connected to switch
WNDR3400V3
-
I hope this diagram helps. My parents have this setup.
Where I have shown an ADSL router, that's your ISP's blue box.
The cable that you have shown plugged into the yellow port should go into (1) the WAN interface on pfSense instead.You can make your pfSense into a Wireless Access Point with a USB 2.0 WLAN adapter as I have drawn in (3), or just plug your Netgear Access Point/Switch into (2) the pfSense LAN interface.
Either way you will need a PC with two Ethernet interfaces.
-
Ok , so according to the diagram i should configure my network like this , but what if i dont want PFsense to do routing (because i get cisco 1841 15.1 ios ) Router and want pfsense to do only packet filtering (filter inbound and outbound based on Rules also snort ids /ips to work )
-
How many separate internal networks do you have?
How many networked devices do you have?
A few years ago I regularly drove 700 miles overnight UK to Switzerland with one stop in Luxembourg for fuel. Did it there and back with an overnight stop a few times.
What percentage of traffic travels between these networks?
What internal network applications do you have that require wirespeed network routing decisions (assuming your Cisco can make routing decisions faster than it can take packets from one interface and push them out of another)?
What if your pfSense host can route faster than the Cisco?We can't decide for you if it is better for you to have a dedicated router.
If you need the Cisco router, use pfSense as a screening router / packet filter with just two interfaces WAN and LAN.
Connect LAN to a router interface on the Cisco.
Connect each of your other networks to separate routable interfaces on the Cisco.
Set your DHCP to deliver a Cisco interface as the default gateway.
Configure your Cisco for the routing decisions / policy you require.With careful use of VLANs you should be able to minimize the routing decisions in your network.
-
How many separate internal networks do you have? Single 192.168.1.0/24
How many networked devices do you have?60 wired device & 10 wireless device (linux server/windows server/ubuntu /android phones/iphones/win 7 )Wan Speed ? 5Mbps
active number of devices at a time ? 50-60 (wired+ wireless)type of wan traffic (VOIP traffic & web traffic
-
i found another post similar to mine
http://hardforum.com/archive/index.php/t-1434501.html
but which is more powerfull
Cisco 1841 vs PFsense on E5800 2GB Ram sata hdd ,1x 1Gbps & 100Mbps NIC
( ISP net speed is 4Mbps )want i want from pfsense is IP based net usabled report (bandwidthd in promescous mode)
block sties like facebook to specific group (cisco can also do based on ACL i guess)
snort (IDS /IPS)========================================================
One final question if i run PFsense box as router will E5800 2GB Ram able to handle 60+ devices smoothly ? 4Mbs connection with snort IDS ,bandwidthd , maybe betther than 1841 cisco router?
-
How many separate internal networks do you have? Single 192.168.1.0/24
How many networked devices do you have?60 wired device & 10 wireless deviceWith a single network range the only routing decision that will be made is this:-
If the packet is not for my network, where does it go? Answer: Default Gateway.
You don't 'need' an additional router if you have pfSense as your Default Gateway.
-
Wan Speed ? 5Mbps
With a WAN speed of 5Mbps and a LAN speed of 1000Mbps there is going to be a lot of buffering either in hardware or in the protocol stack for packets that pass between these networks.
A long, long time ago, when 10Mbps LAN speeds were common, Cisco routers had the equivalent processing power of a 16Mhz intel 386sx. It really doesn't need a powerful CPU to move packets in and out of a slow speed network. What will take CPU is packet inspection.
An intel E5800 with 2x 64-bit 3.2Ghz cores and 800Mhz bus will be idling most of the time running pfSense. Snort will give it more work to do but it will depend on the rules you select. This is a powerful machine for pfSense.