Re: [pfSense Support] how to manage 2 subnets for LAN ?
On Thu, 18 Nov 2010, Fred Boiteux wrote: We'd like to separate IPs of bacbone antennas from client ones, for example 192.168.1.0/24 for antennas and 192.168.2.0/24 for people. How this could be done ? [...] I hope you realize that your customers can manually switch subnets on their end and talk directly to the management ports on your wireless accesspoints in the multiple subnet scenario. The nice thing about using VLANs is that the traffic has to go through the router to get to the management network, which firewall rules can prevent. If you use two subnets on one interface you do not get to filter the traffic if someone wants to mess with your AP. Ge' - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Installed 1.2.3 on Soekris 5501-70 - 8G CF card - expand the slice and filesystem?
I installed the image to the CF card using dd in Linux with 16k block size. It fired right up and I was able to configure it over the serial port. I would like to resize the slice and growfs if possible. I would have installed the 8g image if there was one... I have done this in Linux many times. Is this possible with the embedded version of pfsense? I haven't done much configuration on the box so I could image the CF card again if needed. You probably can resize the partitions using 'gparted' on a Linux machine, but then you have to mess with the BSD disk labels on the first two partitions, and then use 'growfs'. I don't think it's worth it, it'll be a steep learning curve if you have little experience with BSD. The first two partitions are never written to, except during a firmware update, so why grow them? If you make a backup of your configuration through the GUI (one XML file) you have zero risk of losing anything, just reflash and restore if something breaks. BTW: try 'fdisk /dev/ad0'. /dev/ufs/pfsense0 refers to the first partition, so it won't have an MBR. /dev/ad0 is the first physical device on my Alix board (same processor, same chipset). Gé - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] how to manage 2 subnets for LAN ?
On Fri, Nov 19, 2010 at 4:27 PM, Fred Boiteux wrote: > > I saw the > http://doc.pfsense.org/multiple-subnets-one-interface-pfsense.pdf > but I was doubtful about how well it's supported in PfSense :-/ > Works fine. Generally bad network design to have multiple IP subnets on the same broadcast domain, but works. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] how to manage 2 subnets for LAN ?
Hi, Le Thu, 18 Nov 2010 15:16:24 -0700, David Burgess a écrit : > In that case you can add an alias to the LAN interface. IIRC, you just > run ifconfig appending 'alias' to the end. Don't quote me on it > though. > > Get that working, then use shellcmd to make it stick across reboots. > You will also want to check the box in the UI to supress arp errors in > the logs. I saw the http://doc.pfsense.org/multiple-subnets-one-interface-pfsense.pdf but I was doubtful about how well it's supported in PfSense :-/ > vlans are still the preferred method if your radios support it. What > brand are you using? We have a mix of old and newer hardware, from Cisco, Linksys (WRT54GL), and trying also Ubiquity. I'm not sure all these wifi routers can manage VLAN, but I'll look at this. I was thinking about the other solution, pluging another nic of the Pfsense (Alix) on the same wire (with a switch) and allocating each nic a different subnet. Many thanks to all people for suggestions and feedback, Fred. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] how to manage 2 subnets for LAN ?
When there is a good use-case I completely agree with you, and it is probably my fault for not remembering that his traffic probably needed to be kept more separate. In many cases it is completely a non issue. In most of the cases I use this method it is all within a single internal organization so no risk at all. -- Richard On Fri, Nov 19, 2010 at 10:14 AM, David Burgess wrote: > On 2010-11-19 9:56 AM, "Richard Amerman" wrote: > > I do this all the time and using a separate nic is simpler and easier to > > manage than an alias. Unless I am missing something, a vlan for this case > is > > overkill. > > I discussed this with the m0n0wall list back in '07 where cmb and others > essentially said that it's a bad idea to run 2 subnets on a physical > network, mostly for security reasons, I think. > > Given the option I would do the vlan thing, just for the added layer > separating the hostile users from my stuff. > > db >
Re: [pfSense Support] how to manage 2 subnets for LAN ?
On 2010-11-19 9:56 AM, "Richard Amerman" wrote: > I do this all the time and using a separate nic is simpler and easier to > manage than an alias. Unless I am missing something, a vlan for this case is > overkill. I discussed this with the m0n0wall list back in '07 where cmb and others essentially said that it's a bad idea to run 2 subnets on a physical network, mostly for security reasons, I think. Given the option I would do the vlan thing, just for the added layer separating the hostile users from my stuff. db
Re: [pfSense Support] how to manage 2 subnets for LAN ?
I do this all the time and using a separate nic is simpler and easier to manage than an alias. Unless I am missing something, a vlan for this case is overkill. -- Richard On Thu, Nov 18, 2010 at 4:13 PM, David Burgess wrote: > On Thu, Nov 18, 2010 at 3:51 PM, fi...@7technw.com > wrote: > > Another easy solution is to just add another nic. > > Not an option in this case. The OP described a wireless network where > the client subnet and management subnet exist on the same physical > network. You can't change that in this case, so your two options are > to separate them virtually (vlans) or just run them on the same > physical network. > > Yes, he could use another NIC and plug it into a switch along with the > first NIC and the wireless network, but this still doesn't separate > the two networks, and is no better than creating an alias on the > existing NIC. > > db > > - > To unsubscribe, e-mail: support-unsubscr...@pfsense.com > For additional commands, e-mail: support-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > >
Re: [pfSense Support] LAGG Question
On 25/10/10 16:33, James Bensley wrote: > pfSense doesn't allow you to configure an IP address, mask and gateway > for every interface on the box, only the interfaces assigned as LAN > and WAN. for the sake of the record, that's entirely wrong... the web ui allows you add new interfaces and rename them... so create an OPT and call it WAN2, say. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] SCP stalls with OpenVPN
On 13/11/10 02:01, Karsten Becker wrote: > Hi all. > > I have the problem that if I'm connected with OpenVPN (Ubuntu 10.04), I > get stalled copies when doing scp. CIFS copies work. > > Has anybody an idea where to start fire fighting or by what this could > be caused? try reducing MTU, or, unblocking icmp? http://www.znep.com/~marcs/mtu/ - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] User browsing - Access / Reporting
Hi All, I am currently using pfSense 1.2.3 with Squid to provide browsing access to users. Until now this has worked perfectly and the Lightsquid package has been used for reporting. This however now needs to change to AD based authentication for browsing and been able to pull user reports based on their user info. Can anyone recommend the best way of doing this without having a login prompt for the user info? For example a login page (Can Captive Portal do this authentication and still allow me to pull Lightsquid reports?). I know the Squid / AD authentication will work but the popup this returns is not "acceptable" to the users and thus needs to be changed to either a transparent process or a login page. Any suggestions on this would be greatly appreciated. Thank you, Dom. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] how to manage 2 subnets for LAN ?
I use Engenius equipment quite often. They support a management interface and up to 4 SSIDs all controlled with VLAN tagging. --Original Message-- From: Fred Boiteux To: support@pfsense.com ReplyTo: support@pfsense.com Subject: Re: [pfSense Support] how to manage 2 subnets for LAN ? Sent: Nov 18, 2010 2:39 PM Le Thu, 18 Nov 2010 14:10:18 +0100, Seth Mos a écrit : > Hi, > > >As we use an Alix 2d3 board with 3 ethernet interfaces, there is > > one free at now : could we use this OPT interface to manage backbone > > network, with an address in its subnet 192.168.1.0/24, and put an > > address from 192.168.2.0/24 subnet on the LAN interface to serve > > clients, provided these two LAN and OPT will be connected through a > > switch to the first antenna of the backbone where all traffic is > > passing ? > > I think you want a managed switch that has vlan support. You can then > use the 3rd port on the alix for connecting all the vlans. The different LAN subnets' trafic aren't VLAN tagged, and all traffic comes from one Ethernet port (from the nearest antenna), so I don't understand how VLAN could be used there ? Fred. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org -- Kevin Tollison Sent from my Blackberry
