pfSense - Configure Internet access for Lan

Hi,
I have just installed pfSense 2.2.1. I have the LAN and WAN card supposedly working.
The network desing I want to deploy is:
1. Internet comes to our office (Little company) via a Linksys E900 Router.
2. The Router is connected to the pfSense firewall computer connected via the WAN card
3. The Firewall machine (optiplex with pfSense) has a 2nd NIC card that should provide access to the internet to a Gigabit switch (where all users are connected)
4. All users are connected to a 8 ports Gigabit Switch.

The current situation is:

1. The Firewall machine can ping the router
2. The Firewall has internet Access
3. The firewall machine is connected to the Switch in the 2nd card (LAN card)
4. The firewall machine cannt ping computer connected to the switch
5. Users cannt have Access to Internet.

Can somebody help
LVL 2
José PerezAsked:
Who is Participating?
 
it_saigeDeveloperCommented:
Ok.  So here is what you want to do.

Either -

A. Configure your pfSense so that the WAN receives an address as it currently does.  Then configure the LAN (on a different network, e.g. - 192.168.2.x) and have the LAN interface pass out DHCP addresses.

B.  Configure your E900 in bridged mode.  This means that the WAN will need to be configured to receive an address from GTD Internet via whatever authentication method they use.  Then you will configure the LAN to use whatever internal address scheme you want.

The preferred method is B as you only have one NAT (that is the pfSense router).  Otherwise you will be double natted (not a bad thing, but you have to remember this when needing to open ports for services).

-saige-
0
 
it_saigeDeveloperCommented:
Can you access the pfSense GUI?

-saige-
0
 
it_saigeDeveloperCommented:
On your pfSense console screen you should see something along the lines of:Capture.JPGCan you validate that these are configured?

If so, did you configure the workstations to use the LAN address as their default gateway?

-saige-
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
José PerezAuthor Commented:
I can access the pfSense GUI.
I haven't configured any user computer. I was expecting to recognize the network configuration via DHCP.

WAN(wan) -> em0 -> v4/DHCP4: 192.168.1.125/24
LAN(lan) -> re0 -> v4: 192.168.1.2/24
0
 
Natty GregIn Theory (IT)Commented:
usually want to set set the router facing the internet into bridge mode so that your pfsense box gets the public ip address, whats happening is that you have the router and the pfsense box both doing dhcp, so none of your host machines will get an ip address and if they do, they have no idea which interface to send request to.

Set router to bridge mode
from the console set em0 to dhcp its option number 2 from console
from option 2 on the console select re0  and assigned it an ip adddress of your choice it
will ask if you want to enable dhcp server say yes, and give the dhcp scope. press enter choose 8,16 or 24 subnet mask
press enter your finished note down your new ip address for the lan side cause thats where youll find your gui, it is https by default do not change it to http, so read the prompts whike pressing enter
0
 
José PerezAuthor Commented:
@nattyreg I have checked the router and it is true, the router is doing DHCP, and the Firewall is trying to do it also. I would prefer to have only one doing DHCP, the Router. To do this how can I disable or unistall the DHCP service from the pfSense? Probably that fixes the whole issue, do you think?.
0
 
Natty GregIn Theory (IT)Commented:
from the console select option two and  assigned a static ip address to the lan interface which is re0  when you select enter it will ask you to enable dhcp select no. But make sure to assign the static interface and ip address with the scope of the ip addresses being issued by the dhcp server
0
 
José PerezAuthor Commented:
I did it, no Internet access for users yet.
Now it says:

WAN(wan) -> em0 -> v4/DHCP4: 192.168.1.125/24
v6/DHCP6: fd3f...

LAN(lan) -> re0 -> v4: 192.168.1.2/24
0
 
Natty GregIn Theory (IT)Commented:
I haven't use it in that configuration n I can't tell if it work, I use it where the router is in bridge mode n pfsense does all the work. the only other option is to bridge the two interface on the pfsense box
0
 
it_saigeDeveloperCommented:
@Oscar - what type of internet connection do you have (DSL, T1, Cable)?  Who is your ISP?

As of right now, your pfSense setup is really not considered correct (you have the LAN and WAN connections on the same network).

Usually when you configure pfSense, it becomes your primary router (which is why nattygreg has stated that the ISP device is placed in bridged mode).  Depending on your ISP that means that you are going to ultimately end up (in your current configuration) with a double or triple nat-ed portal to the outside world and you don't want that.

-saige-
0
 
José PerezAuthor Commented:
I am from Chile, my company is "GTD Internet". They always put a Lynksys E900 Router in your home.
Yesterday I changed the Router to "Bridge Mode" I lost the internet connection for 4 hours and I was trying to recover many, many times. Finally I had to reset the factory settings for the E900 Linksys router.

Now, I will explain a little bit with more specific details:

1. The Internet comes to home via a Linksys E900 Router.
2. This router provides a DHCP service.
3. I have a little switch connected to the Router, so 5 users have access to Internet.
4. I was hacked one week ago :(
5. I want to deploy a Firewall in an Optiplex7010 Machine with 2 network cards.
6. One network card is for receiving Internet access.
7. Second network card should be to connect the 5 ports switch
8. The firewall should be the only one connected to the Router
9. The firewall should provide Internet to the switch through the second network card.
10. All users should pass through the switch and the switch through the firewall before connecting to internet.
11. Preferably, users should not modify anything in their computers to get internet access.
0
 
it_saigeDeveloperCommented:
Here is a question.  Does the E900 provide access to the company network?

-saige-

P.S. -- Sorry to hear about 4.  :(
0
 
José PerezAuthor Commented:
If You mean LAN access? Yes, today it does... but I would prefer to make the LAN in the second network card of the firewall machine.

If you mean External access from the Internet to user computers? like VPN? Then the answer is no.
0
 
it_saigeDeveloperCommented:
For clarification and illustrative purposes:Capture.JPGCan your computer access ComputerA (without needing to establish a VPN tunnel)?

-saige-
0
 
José PerezAuthor Commented:
Your image does not represent our current situation. All our computers and firewall machine are in 1 internal network.
We don't use, nor need, VPN service.

Attached is the image of current situation and desired state... hope it clarifies :(
network-design.png
0
 
it_saigeDeveloperCommented:
No I understand what you want (your desired state).  I'm just trying to figure out if you can access the computers inside of GTD Internet's network.

-saige-
0
 
it_saigeDeveloperCommented:
Nevermind.  I had to read between the lines.  Your company (means your ISP) not the company you work for.  :(  LOL.

-saige-
0
 
José PerezAuthor Commented:
ok. Today I hope to try again :(
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.