José Perez
asked on
pfSense - Configure Internet access for Lan
Hi,
I have just installed pfSense 2.2.1. I have the LAN and WAN card supposedly working.
The network desing I want to deploy is:
1. Internet comes to our office (Little company) via a Linksys E900 Router.
2. The Router is connected to the pfSense firewall computer connected via the WAN card
3. The Firewall machine (optiplex with pfSense) has a 2nd NIC card that should provide access to the internet to a Gigabit switch (where all users are connected)
4. All users are connected to a 8 ports Gigabit Switch.
The current situation is:
1. The Firewall machine can ping the router
2. The Firewall has internet Access
3. The firewall machine is connected to the Switch in the 2nd card (LAN card)
4. The firewall machine cannt ping computer connected to the switch
5. Users cannt have Access to Internet.
Can somebody help
I have just installed pfSense 2.2.1. I have the LAN and WAN card supposedly working.
The network desing I want to deploy is:
1. Internet comes to our office (Little company) via a Linksys E900 Router.
2. The Router is connected to the pfSense firewall computer connected via the WAN card
3. The Firewall machine (optiplex with pfSense) has a 2nd NIC card that should provide access to the internet to a Gigabit switch (where all users are connected)
4. All users are connected to a 8 ports Gigabit Switch.
The current situation is:
1. The Firewall machine can ping the router
2. The Firewall has internet Access
3. The firewall machine is connected to the Switch in the 2nd card (LAN card)
4. The firewall machine cannt ping computer connected to the switch
5. Users cannt have Access to Internet.
Can somebody help
ASKER
I can access the pfSense GUI.
I haven't configured any user computer. I was expecting to recognize the network configuration via DHCP.
WAN(wan) -> em0 -> v4/DHCP4: 192.168.1.125/24
LAN(lan) -> re0 -> v4: 192.168.1.2/24
I haven't configured any user computer. I was expecting to recognize the network configuration via DHCP.
WAN(wan) -> em0 -> v4/DHCP4: 192.168.1.125/24
LAN(lan) -> re0 -> v4: 192.168.1.2/24
usually want to set set the router facing the internet into bridge mode so that your pfsense box gets the public ip address, whats happening is that you have the router and the pfsense box both doing dhcp, so none of your host machines will get an ip address and if they do, they have no idea which interface to send request to.
Set router to bridge mode
from the console set em0 to dhcp its option number 2 from console
from option 2 on the console select re0 and assigned it an ip adddress of your choice it
will ask if you want to enable dhcp server say yes, and give the dhcp scope. press enter choose 8,16 or 24 subnet mask
press enter your finished note down your new ip address for the lan side cause thats where youll find your gui, it is https by default do not change it to http, so read the prompts whike pressing enter
Set router to bridge mode
from the console set em0 to dhcp its option number 2 from console
from option 2 on the console select re0 and assigned it an ip adddress of your choice it
will ask if you want to enable dhcp server say yes, and give the dhcp scope. press enter choose 8,16 or 24 subnet mask
press enter your finished note down your new ip address for the lan side cause thats where youll find your gui, it is https by default do not change it to http, so read the prompts whike pressing enter
ASKER
@nattyreg I have checked the router and it is true, the router is doing DHCP, and the Firewall is trying to do it also. I would prefer to have only one doing DHCP, the Router. To do this how can I disable or unistall the DHCP service from the pfSense? Probably that fixes the whole issue, do you think?.
from the console select option two and assigned a static ip address to the lan interface which is re0 when you select enter it will ask you to enable dhcp select no. But make sure to assign the static interface and ip address with the scope of the ip addresses being issued by the dhcp server
ASKER
I did it, no Internet access for users yet.
Now it says:
WAN(wan) -> em0 -> v4/DHCP4: 192.168.1.125/24
v6/DHCP6: fd3f...
LAN(lan) -> re0 -> v4: 192.168.1.2/24
Now it says:
WAN(wan) -> em0 -> v4/DHCP4: 192.168.1.125/24
v6/DHCP6: fd3f...
LAN(lan) -> re0 -> v4: 192.168.1.2/24
I haven't use it in that configuration n I can't tell if it work, I use it where the router is in bridge mode n pfsense does all the work. the only other option is to bridge the two interface on the pfsense box
@Oscar - what type of internet connection do you have (DSL, T1, Cable)? Who is your ISP?
As of right now, your pfSense setup is really not considered correct (you have the LAN and WAN connections on the same network).
Usually when you configure pfSense, it becomes your primary router (which is why nattygreg has stated that the ISP device is placed in bridged mode). Depending on your ISP that means that you are going to ultimately end up (in your current configuration) with a double or triple nat-ed portal to the outside world and you don't want that.
-saige-
As of right now, your pfSense setup is really not considered correct (you have the LAN and WAN connections on the same network).
Usually when you configure pfSense, it becomes your primary router (which is why nattygreg has stated that the ISP device is placed in bridged mode). Depending on your ISP that means that you are going to ultimately end up (in your current configuration) with a double or triple nat-ed portal to the outside world and you don't want that.
-saige-
ASKER
I am from Chile, my company is "GTD Internet". They always put a Lynksys E900 Router in your home.
Yesterday I changed the Router to "Bridge Mode" I lost the internet connection for 4 hours and I was trying to recover many, many times. Finally I had to reset the factory settings for the E900 Linksys router.
Now, I will explain a little bit with more specific details:
1. The Internet comes to home via a Linksys E900 Router.
2. This router provides a DHCP service.
3. I have a little switch connected to the Router, so 5 users have access to Internet.
4. I was hacked one week ago :(
5. I want to deploy a Firewall in an Optiplex7010 Machine with 2 network cards.
6. One network card is for receiving Internet access.
7. Second network card should be to connect the 5 ports switch
8. The firewall should be the only one connected to the Router
9. The firewall should provide Internet to the switch through the second network card.
10. All users should pass through the switch and the switch through the firewall before connecting to internet.
11. Preferably, users should not modify anything in their computers to get internet access.
Yesterday I changed the Router to "Bridge Mode" I lost the internet connection for 4 hours and I was trying to recover many, many times. Finally I had to reset the factory settings for the E900 Linksys router.
Now, I will explain a little bit with more specific details:
1. The Internet comes to home via a Linksys E900 Router.
2. This router provides a DHCP service.
3. I have a little switch connected to the Router, so 5 users have access to Internet.
4. I was hacked one week ago :(
5. I want to deploy a Firewall in an Optiplex7010 Machine with 2 network cards.
6. One network card is for receiving Internet access.
7. Second network card should be to connect the 5 ports switch
8. The firewall should be the only one connected to the Router
9. The firewall should provide Internet to the switch through the second network card.
10. All users should pass through the switch and the switch through the firewall before connecting to internet.
11. Preferably, users should not modify anything in their computers to get internet access.
Here is a question. Does the E900 provide access to the company network?
-saige-
P.S. -- Sorry to hear about 4. :(
-saige-
P.S. -- Sorry to hear about 4. :(
ASKER
If You mean LAN access? Yes, today it does... but I would prefer to make the LAN in the second network card of the firewall machine.
If you mean External access from the Internet to user computers? like VPN? Then the answer is no.
If you mean External access from the Internet to user computers? like VPN? Then the answer is no.
ASKER
Your image does not represent our current situation. All our computers and firewall machine are in 1 internal network.
We don't use, nor need, VPN service.
Attached is the image of current situation and desired state... hope it clarifies :(
network-design.png
We don't use, nor need, VPN service.
Attached is the image of current situation and desired state... hope it clarifies :(
network-design.png
No I understand what you want (your desired state). I'm just trying to figure out if you can access the computers inside of GTD Internet's network.
-saige-
-saige-
Nevermind. I had to read between the lines. Your company (means your ISP) not the company you work for. :( LOL.
-saige-
-saige-
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
ok. Today I hope to try again :(
-saige-