Build pictures and several stupid questions (pfSense related)

I

ilikecake

Gawd
Joined
Feb 20, 2006
Messages
759
So I though I would be clever and build small computer to run pfSense to replace the router in my house. Now that it is done and running, I realize how little I actually know about networking :eek:. I have included some pictures of the build, and have a few questions about how to set it up. I realize I may be better suited asking these questions in a pfSense specific forum, but I know people here use this software, so I thought I would ask here first. Plus [H] always seems more helpful than the application specific forums.

First, the specs:
Motherboard: JetWay J7F4K1G5D
  • 1.5GHz VIA C7
  • 2X Realtek 8110SC Gigabit LAN
Memory: 1GB Kingston Value Ram
HDD: Transcend TS8GSSD25S-S 8GB Solid State
Case: Jetway JC-101 Case
Extras:


Motherboard with memory installed


Case with SSD


Installing the motherboard. So far, so good...


After cramming everything into the case. It is more cramped than I thought it would be.


Slamming the top shut makes it look better. :)

I would include pictures of it setup and running, but it is embarrassingly messy right now. :D Anyways, I have a few questions:

I wanted to set up two different networks with different IP ranges (192.168.1.X and 192.168.2.X for example) I was able to set this up, but I cannot get both connections to access the WAN interface (and therefore the internet). Do I have to do something special to get this to work? I set up the LAN interface (the default internal interface) to range 192.168.1.0/24 and I made the add-in NIC interface called 'secure' with the range 192.168.2.0/24. I have tried setting up pass-all rules in the firewall screen for all the interfaces, and I cannot connect the 'secure' connection to the internet. I can access the web interface from the 'secure' subnet, and I can access computers on the LAN subnet, but I cannot access the internet.

I am also trying to figure out the firewall settings. I currently have it set up like this (note: I changed this from the setup for the previous question so I don't piss off my roommates and break the internet. Please ignore this setup in the context of the previous question)
firewallsetuplv5.gif

... and it works. Now, I am not complaining, but I don't understand why. There are no other pass rules on any of the other interfaces, and from my (albeit limited) understanding, this rule is allowing traffic originating from the LAN to get to anywhere. However, there is no rule allowing traffic from the internet to get back to the LAN. I was under the impression that the firewall was set up to default-deny any traffic, so shouldn't it be blocking any traffic coming from the internet onto my LAN interface?

Also, since installing the firewall, the network has seemed inconsistent. However, I am not sure if it is my computer, the router (with DHCP off) attached to the firewall, the firewall itself, or my ISP (Charter). Is there any software that can test the network latency or something and let me know how long it is taking traffic to get various places on my network.

I realize this is probably basic networking knowledge, so feel free to tell me to go read about it somewhere. But, if you would, please point me in the direction of something that a non-networking-expert could understand. I tried some Googling, but all I could find was either too basic, or too technical.

Damn, this is probably the longest post I have ever made here. I feel like I should include another picture here to reward all those that actually read all the way through this. :D So, for your viewing (or laughing at me) pleasure, I present to you my current network setup.
 
I guess all the networking experts have the weekend off.

Small update: In an effort do dumb down my router that is connected to the pfSense box I just turned off
  • DNS Relay
  • Traffic Shaping
  • SPI Firewall

It is my understanding that the pfSense box will do all of these -- or at least the last two. Is that correct?
 
ilikecake said:
[*]DNS Relay
[*]Traffic Shaping
[*]SPI Firewall
[/LIST]

It is my understanding that the pfSense box will do all of these -- or at least the last two. Is that correct?
Click to expand...

Yeah...I'd take the old router and toss it (or keep for backup). No reason to have some old slow router being the bottleneck of your network..and PFSense wasted cascaded behind it. Lets PFSense be your one and only router/NAT on the network..getting the public IP on its red interface.
 
Thanks for the reply. I have turned all of these off. It is also my intention in the future to attach a switch to one of the internal interfaces and use that for most of the wired connections. However, I still need that router around for the time being for its wireless capabilities. I have not tested the wireless card with pfSense, and I don't want to get yelled at by my roommates for taking down the wireless until I have a replacement ready to go.
 
Convert you wireless router to just an access point.....takes about 45 seconds.

Make IP in same range as PFSense box, say PFSense is 192.168.1.1, make your wireless routers IP something like 192.168.1.245 or 192.168.1.253. Disable DHCP on the wireless router. Uplink wireless router to green NIC of PFSense box or your switch using one of the LAN ports of your wireless router...you won't use the WAN/Internet port of the wireless router.
 
Does your "Secure" have a rule setup to allow it to the Internet from the WAN?
 
Thanks for the replies

@YeOldeStonecat:
That is basically what I did. I also disabled SPI and QoS as I stated earlier.

@Gott:
When trying to get the 'secure' connection to talk to the internet I made 'pass-all' rules for each interface to try to rule out the firewall as a cause of the problem. I have since removed them, as they did not let me connect.
 
You'll need to add at least 1 rule to your Secure interface that will allow traffic from it to the WAN interface.
 
LittleMe said:
You'll need to add at least 1 rule to your Secure interface that will allow traffic from it to the WAN interface.
Click to expand...

Do you mean a firewall rule? If so, I made a pass all rule to take care of this. If you are talking about some sort of routing rule, I am not quite sure. I did find an option to 'bridge' the connection with the WAN or LAN, but if I do that, I can't run a DHCP server on that interface. Is there some other way to do what I am trying to do?

I spent a while yesterday running cables through the walls of the house and messing with the switches. It appears that one of the switches I am using is flaky and may be causing some of the problems. I will try to make a diagram of what I am trying to do later if it would help people understand my problems.
 
Just to make sure, you enabled the interface and assigned it an IP and didn't set "Bridge with" to anything correct? After that, you need to create a firewall rule on the Secure interface like the default "Default LAN -> any" rule on the LAN interface. That's the most basic rule and allows everything. In the screenshot above, you have that disabled Pass All rule but you need one like that on your Secure interface.
 
You must log in or register to reply here.
Back
Top