[pfSense Support] Multiple wan issue
I have a specific setup that I am remote to, it has a dsl modem plugged into the wan port on the server and several internal nics servicing various vlans. I need to perform port translation to different internal ip's for the same external port, our isp allots our 5 specific ip's dynamically with mac reservations. Given that I can't add a physical switch and additional nic, is it at all possible to add another dynamic ip to wan interface? (The routing issue aside?) Thanks! jlc - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Appliance Recommendation for 100 Mbps (DOCSIS 3.0) Service
On 01/09/10 16:00, Michael Riglin wrote: options, I wanted to ask the list for any experience-based recommendations on low power consumption appliances for purchase that have enough CPU power to support 100 Mbps and above. (Quality and future-proofing is more important than cost.) the jetway atom board system I built has been very robust, the onboard realtek is disabled and I used the jetway module which offers three Intel gigabit nics: http://linitx.com/viewproduct.php?prodid=12576 that page lists the compatible motherboards J7F2 J7F3 JNC92 J7F5 JNF76 I have the JNC92-330-LF with dual core atom 330, but there might be a new board out some time which offers more recent atoms more photos http://www.flickr.com/photos/12629...@n05/sets/72157623416008565/ - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Routing Issue
I have 2 facilities that used to be connected via an IPSec VPN Facility 1 had 2 networks 10.0.0.0/24 and 10.0.1.0/24. They are both on the same physical wire, they each have their own NIC in pfSense box. Users were either one or the other with a couple of people being dual homed on both. Now we get new facility 2 which is 10.0.2.0/24. I connected Facility 2 via an IPSec tunnel to Facility 1 and allow computers in the 10.0.1.0/24 network to talk to the machines in Facility 2's 10.0.2.0/24 network. All works great. Now we start to put through too much data for IPSec tunnel to handle so we now have a dedicated PVLan circuit from Facility 1 to Facility 2. I have added a 3rd Nic to my firewall in Facility 1 and assigned an IP 10.0.2.253 to it. Now I can see all computers in Facility 1 from Facility 2 and vice versa. I still only want computers in facility 1 from 10.0.1.0/24 to see the 10.0.2.0/24. I do not want 10.0.0.0/24 to see any computer in the 10.0.2.0/24 network On my LAN interface I have set rule #1 to block traffic from 10.0.0.0/24 to 10.0.2.0/24 but that did nothing. On my Facility 2 interface I put a similar block rule still to no effect. I know the pfSense box it routing traffic from one interface to another so how can I tell it what can pass and what cannot. Thanks, _ Ron Lemon Information Technology Manager, Maplewood Computing Ltd. | 800.265.3482 | www.maplewood.comhttp://www.maplewood.com This email message, and any files transmitted with it, are confidential and intended solely for the use of the intended recipient(s). Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message and attachments. [cid:image001.jpg@01CB4D1D.A472AC00] inline: image001.jpg
Re: [pfSense Support] Routing Issue
On 09/05/2010 11:23 PM, Ron Lemon wrote: I have 2 facilities that used to be connected via an IPSec VPN Facility 1 had 2 networks 10.0.0.0/24 and 10.0.1.0/24. They are both on the same physical wire, they each have their own NIC in pfSense box. Users were either one or the other with a couple of people being dual homed on both. Now we get new facility 2 which is 10.0.2.0/24. I connected Facility 2 via an IPSec tunnel to Facility 1 and allow computers in the 10.0.1.0/24 network to talk to the machines in Facility 2's 10.0.2.0/24 network. All works great. Now we start to put through too much data for IPSec tunnel to handle so we now have a dedicated PVLan circuit from Facility 1 to Facility 2. I have added a 3^rd Nic to my firewall in Facility 1 and assigned an IP 10.0.2.253 to it. Now I can see all computers in Facility 1 from Facility 2 and vice versa. I still only want computers in facility 1 from 10.0.1.0/24 to see the 10.0.2.0/24. I do not want 10.0.0.0/24 to see any computer in the 10.0.2.0/24 network On my LAN interface I have set rule #1 to block traffic from 10.0.0.0/24 to 10.0.2.0/24 but that did nothing. On my Facility 2 interface I put a similar block rule still to no effect. With LAN interface, do you mean the interface connected to the 10.0.0.0/24 subnet or the 10.0.1.0/24 subnet ? You have to set the block rule on the interface the traffic is coming in. eg to block internet traffic from entering through the WAN interface, the rules have to be defined on the WAN interface. So to block traffic from 10.0.0.0/24 to 10.0.2.0/24 you have to add a block rule on the interface with the 10.0.0.0/24 subnet. (You may already know this but I couldn't find it in your message) Hope it helps. Regards, Hans
RE: [pfSense Support] Routing Issue
Facility 1 LAN interface is 10.0.0.0/24 OPT1 interface is 10.0.1.0/24 OPT2 interface is 10.0.2.253 Facility 2 LAN interface is 10.0.2.0/24 _ Ron Lemon Information Technology Manager, Maplewood Computing Ltd. | 800.265.3482 | www.maplewood.comhttp://www.maplewood.com This email message, and any files transmitted with it, are confidential and intended solely for the use of the intended recipient(s). Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message and attachments. [cid:image001.jpg@01CB4D25.FDDB2F80] From: Hans Maes [mailto:h...@bitnet.be] Sent: Sunday, September 05, 2010 6:02 PM To: support@pfsense.com Subject: Re: [pfSense Support] Routing Issue On 09/05/2010 11:23 PM, Ron Lemon wrote: I have 2 facilities that used to be connected via an IPSec VPN Facility 1 had 2 networks 10.0.0.0/24 and 10.0.1.0/24. They are both on the same physical wire, they each have their own NIC in pfSense box. Users were either one or the other with a couple of people being dual homed on both. Now we get new facility 2 which is 10.0.2.0/24. I connected Facility 2 via an IPSec tunnel to Facility 1 and allow computers in the 10.0.1.0/24 network to talk to the machines in Facility 2's 10.0.2.0/24 network. All works great. Now we start to put through too much data for IPSec tunnel to handle so we now have a dedicated PVLan circuit from Facility 1 to Facility 2. I have added a 3rd Nic to my firewall in Facility 1 and assigned an IP 10.0.2.253 to it. Now I can see all computers in Facility 1 from Facility 2 and vice versa. I still only want computers in facility 1 from 10.0.1.0/24 to see the 10.0.2.0/24. I do not want 10.0.0.0/24 to see any computer in the 10.0.2.0/24 network On my LAN interface I have set rule #1 to block traffic from 10.0.0.0/24 to 10.0.2.0/24 but that did nothing. On my Facility 2 interface I put a similar block rule still to no effect. With LAN interface, do you mean the interface connected to the 10.0.0.0/24 subnet or the 10.0.1.0/24 subnet ? You have to set the block rule on the interface the traffic is coming in. eg to block internet traffic from entering through the WAN interface, the rules have to be defined on the WAN interface. So to block traffic from 10.0.0.0/24 to 10.0.2.0/24 you have to add a block rule on the interface with the 10.0.0.0/24 subnet. (You may already know this but I couldn't find it in your message) Hope it helps. Regards, Hans inline: image001.jpg
RE: [pfSense Support] Routing Issue
I have the link working from Facility 2 to Facility 1 but it is erratic. From 10.0.2.0/24 I can ping 10.0.1.0/24 and am denied access to 10.0.0.0/24 I cannot get it go the other way. From 10.0.1.100 I do a tracert to 10.0.2.100. I see the path go to 10.0.1.254 (the router) and no further. _ Ron Lemon Information Technology Manager, Maplewood Computing Ltd. | 800.265.3482 | www.maplewood.comhttp://www.maplewood.com This email message, and any files transmitted with it, are confidential and intended solely for the use of the intended recipient(s). Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message and attachments. [cid:image001.jpg@01CB4D34.DC3C7960] From: Hans Maes [mailto:h...@bitnet.be] Sent: Sunday, September 05, 2010 6:02 PM To: support@pfsense.com Subject: Re: [pfSense Support] Routing Issue On 09/05/2010 11:23 PM, Ron Lemon wrote: I have 2 facilities that used to be connected via an IPSec VPN Facility 1 had 2 networks 10.0.0.0/24 and 10.0.1.0/24. They are both on the same physical wire, they each have their own NIC in pfSense box. Users were either one or the other with a couple of people being dual homed on both. Now we get new facility 2 which is 10.0.2.0/24. I connected Facility 2 via an IPSec tunnel to Facility 1 and allow computers in the 10.0.1.0/24 network to talk to the machines in Facility 2's 10.0.2.0/24 network. All works great. Now we start to put through too much data for IPSec tunnel to handle so we now have a dedicated PVLan circuit from Facility 1 to Facility 2. I have added a 3rd Nic to my firewall in Facility 1 and assigned an IP 10.0.2.253 to it. Now I can see all computers in Facility 1 from Facility 2 and vice versa. I still only want computers in facility 1 from 10.0.1.0/24 to see the 10.0.2.0/24. I do not want 10.0.0.0/24 to see any computer in the 10.0.2.0/24 network On my LAN interface I have set rule #1 to block traffic from 10.0.0.0/24 to 10.0.2.0/24 but that did nothing. On my Facility 2 interface I put a similar block rule still to no effect. With LAN interface, do you mean the interface connected to the 10.0.0.0/24 subnet or the 10.0.1.0/24 subnet ? You have to set the block rule on the interface the traffic is coming in. eg to block internet traffic from entering through the WAN interface, the rules have to be defined on the WAN interface. So to block traffic from 10.0.0.0/24 to 10.0.2.0/24 you have to add a block rule on the interface with the 10.0.0.0/24 subnet. (You may already know this but I couldn't find it in your message) Hope it helps. Regards, Hans inline: image001.jpg