Questions on setting up pfSense with my network

S

Shyne151

Limp Gawd
Joined
Dec 4, 2003
Messages
465
Ok... so I am a programmer(well DevOps... I maintain most of our Linux servers also) and not a network dude... so please don't bite my head off. :)

As it sits right now I have a single Netgear wndr3700v3 running one of the latest versions of DD-WRT. One of the reasons I threw DD-WRT on it was for the QoS... I quickly found out that the QoS absolutely kills the poor 480mhz processor in my wndr3700 once I pass the 40mbit threshold of incoming WAN traffic.

So I grabbed an old low power Dell from work and a low profile pcie dual gigabit Intel NIC off eBay.

I'm trying to figure out what the proper configuration should be for my network now that I will have pfSense incorporated...

What I think(?) is right:

WAN(Comcast - SURFboard SB6141) => Input on Dell running pfSense

Output on Dell running pfSense => WAN on Netgear WNDR3700

^ that part is pretty obvious...

What I was wondering is how should I configure the WNDR3700? Obviously I will setup DHCP on the outgoing port for pfSense...

So thoughts on the WNDR3700:
- disable firewall
- disable DHCP and let pfSense handle?
- change my WAN port to vlan0? which is what my four ethernet ports are assigned to
- do I need to change the operating mode of the WNDR3700?

Another thought... should I just roll the WNDR3700 back to factory firmware since I don't believe I really need anything from DD-WRT with pfSense being in front of it?

Is this right? is there a better configuration? bueller? anyone? :)
 
You are pretty much correct. I have similar setup. Disable DHCP, disable WAN, and you should be good to go.
 
Why do you even need the Netgear then? With double NAT (unless you can disable that), your QoS options are going to be a lot more limited.
 
ditch the netgear. If you need wifi, buy a dedicated AP, you can get something cheap.
 
Blue Fox said:
Why do you even need the Netgear then? With double NAT (unless you can disable that), your QoS options are going to be a lot more limited.
Click to expand...


I think that's the plan. Currently how I'm set up so that my Linksys WRT54G is nothing more than a AP at this point. I would recommend using the WAN port connecting the PFSense router to the Netgear unless you know what you're doing to get the configs right. Most don't deal with the hassle and just sacrifice a LAN port.

If you flash back to the stock firmware that choice might not even be possible. DD-WRT and other third-party firmware give you far greater control over all the ports. If you're just going to turn your Netgear into an AP anyways I'd stick with DD-WRT as there really would be no point switching either which way no matter what use you'll be using it for. Plus DD-WRT will allow you to split the wireless and do multiple broadcasts that stock firmware usually doesn't allow. Then again all depends on what you want to do.
 
Blue Fox said:
Why do you even need the Netgear then? With double NAT (unless you can disable that), your QoS options are going to be a lot more limited.
Click to expand...


The plan was to use it for WiFi and as a switch. I only have two hardwired connections: my gaming PC and my media server. The WiFi on the Netgear has been amazing... way better than my previous routers, thus I saw no reason to ditch it.

If the pfSense is set as the DHCP server and the Netgear is pulling DHCP requests from it and not running it's own DHCP server... that's not having double NAT is it?

Like I said I'm no network guru and I got a hair up my ass today about figuring this stuff out. Normally I would ask some of our network engineers but they just switched our whole network over to Infoblox instead of using our domain controllers for DNS/DHCP... so they are a little tied up this week and I didn't want to bug them. :)


Meanee said:
I am guessing WiFi
Click to expand...

Correct + gigabit switch for media server and my gaming pc.

dave99 said:
ditch the netgear. If you need wifi, buy a dedicated AP, you can get something cheap.
Click to expand...

I've always got good WiFi performance off the Netgear... I don't see a reason to replace it if it performs well. Currently it houses four 5ghz N devices and six 2.4ghz N devices... no issues.

Liger88 said:
I think that's the plan. Currently how I'm set up so that my Linksys WRT54G is nothing more than a AP at this point. I would recommend using the WAN port connecting the PFSense router to the Netgear unless you know what you're doing to get the configs right. Most don't deal with the hassle and just sacrifice a LAN port.

If you flash back to the stock firmware that choice might not even be possible. DD-WRT and other third-party firmware give you far greater control over all the ports. If you're just going to turn your Netgear into an AP anyways I'd stick with DD-WRT as there really would be no point switching either which way no matter what use you'll be using it for. Plus DD-WRT will allow you to split the wireless and do multiple broadcasts that stock firmware usually doesn't allow. Then again all depends on what you want to do.
Click to expand...

I'm confused by the first part of your post? You said you recommend connecting the pfSense to the WAN port and then you said most people don't deal with the hassle and just sacrafice a LAN port...

My plan was going to be to just go into the vlans in DD-WRT and just move my WAN port for vlan0 to vlan1(which is what the 4 gigabit ports resides on).

Wouldn't this work if I set the DD-WRT router to be a DHCP forwarder and point it to the pfSense? As vlan1 would have a path to the pfSense box now that I have moved the WAN port to it.



Thanks for the help guys! Always fun digging into new areas of computing. :)
 
Shyne151 said:
I'm confused by the first part of your post? You said you recommend connecting the pfSense to the WAN port and then you said most people don't deal with the hassle and just sacrafice a LAN port...

My plan was going to be to just go into the vlans in DD-WRT and just move my WAN port for vlan0 to vlan1(which is what the 4 gigabit ports resides on).

Wouldn't this work if I set the DD-WRT router to be a DHCP forwarder and point it to the pfSense? As vlan1 would have a path to the pfSense box now that I have moved the WAN port to it.
Click to expand...


My bad, just did some research and it appears DD-WRT has simplified the process greatly. I don't even think you need to do anything regarding VLAN's at this point it seems.

http://www.dd-wrt.com/wiki/index.php/WAN_Port

Pretty awesome of them, used to require more work although I haven't tested this myself to see if it does indeed work that flawlessly.

Regarding the DHCP Forwarder, yes that's exactly what you'd do.

1) Disable WAN Connection Type
2) Check the box below that adding the WAN port back to the other 4 switch ports (I'd test and make sure it does that and also verify the VLAN id like you said)
3) Input DHCP Forwarder (PFSense)
4) Configure the Wireless for AP Mode
5) Configure the Router IP to a reserved unassigned address in the DHCP pool so you can access the device via an IP.

and that's about it. So yeah you pretty much got it all right. Sorry for the confusion I am living in a time where it was a little more complicated.
 
I wouldn't even bother with the WAN port on the Netgear then. Just plug it into one of the LAN ports and have it act like a switch.
 
Ahh sorry, misread...
Yeah, it seems pretty sane your suggested setup. You might want to look up if stock firmware supports multicast forwarding if you want to use UPNP and DLNA over wifi.
//Danne
 
I just tossed a pfsense box inline on my home setup. Put the ASUS router into AP mode that runs tomato and use only as an access point and don't bother using the WAN port. the pfsense box then has one WAN side and 4 LAN sides for different VLANS that go out to switches. It works VERY well. I am constantly surprised at what this thing can do. I was sucking up all my bandwidth doing yum and apt mirroring but it has traffic shaping for that which works. Amazing. The firewall is solid. Port pass throughs work very well. OpenVPN works. I love this thing. Now im gonna ditch the ASUS router and just put a Ubiquiti AP or two on a POE switch and call that part a day.
 
Moogoos said:
I just tossed a pfsense box inline on my home setup. Put the ASUS router into AP mode that runs tomato and use only as an access point and don't bother using the WAN port. the pfsense box then has one WAN side and 4 LAN sides for different VLANS that go out to switches. It works VERY well. I am constantly surprised at what this thing can do. I was sucking up all my bandwidth doing yum and apt mirroring but it has traffic shaping for that which works. Amazing. The firewall is solid. Port pass throughs work very well. OpenVPN works. I love this thing. Now im gonna ditch the ASUS router and just put a Ubiquiti AP or two on a POE switch and call that part a day.
Click to expand...

What kind of box are you running pfSense on? The one I grabbed is just a intel core 2 dual 2.8, 4gigs of ram, 80gb hard drive, and a 275watt power supply. I mainly grabbed it because of how small it is... I think it should be more than enough?
 
Shyne151 said:
What kind of box are you running pfSense on? The one I grabbed is just a intel core 2 dual 2.8, 4gigs of ram, 80gb hard drive, and a 275watt power supply. I mainly grabbed it because of how small it is... I think it should be more than enough?
Click to expand...

I used to run pfSense 2.0 on a P3-667 w/ 256mb of SD133 and it was bored to tears on a 16mbit cable line. You'll be fine.
 
Shyne151 said:
What kind of box are you running pfSense on? The one I grabbed is just a intel core 2 dual 2.8, 4gigs of ram, 80gb hard drive, and a 275watt power supply. I mainly grabbed it because of how small it is... I think it should be more than enough?
Click to expand...

This thing can run on anything that's 10 years old or so. Your setup is overkill if anything, heh.
 
Wow... pfSense is ridiculously easy to setup. I bought a dual gigabit nic for the system... ofcouse somehow I ordered a full size pci-e card on accident so my pfSense box is rolling hard with the side off... now that I read I can do it with the onboard nic with VLAN... so now I am researching vlans off a single nic... anyways pfSense was awesome to setup and get's my vote.
 
Never mind you did what I wanted you to do already in the other thread....
 
You must log in or register to reply here.
Back
Top