Re: [pfSense Support] Questions about pfSense Beta 1
First of all, maybe youy should try pfsense beta2 2006/3/3, Agi Subagio [EMAIL PROTECTED]: Playing arround with NAT, advanced outbound NAT, Virtual IPs and Rules.I'm trying to open FTP and SMTP port in my firewall and redirect to my internal server and still won't work. You can check the Faq (faq.pfsense.com) the docs (doc.pfsense.com) and probably the m0n0wall documentation ( http://doc.m0n0.ch/handbook/) There are differences between m0n0 and pfsense, but you can learn thebasic Outgoing Connection to single WAN is working, but Incoming Connection iszero. Check tutorials at http://www.pfsense.com/index.php?id=36there is one policy based routing one there. It seems more easy with iptables command than pfsense's webGUI, butiptables didn't support multiple WANs (AFAIK). It's really more easy with pfsense trust me, just need to get used with how things work. Doing policy based routing for example is like 10 mouse clicks. Need help here.Agi Subagio wrote: Hi, Before I use pfsense, I already use iptables on Linux, smoothwall and zyxel firewall. But I must control 3 firewalls at the same time and is not so easy. I see pfSense can provide multiple WAN, so I'm trying pfSense Beta 1 in my machine. My machine have 6 NICs and probed by pfSense as: nve0, ste0, ste1, ste2, ste3 and wb0. My LAN IP is 172.16.4.0/16 My WAN IP are: - WAN #1: 203.77.230.xxx/29 - WAN #2: 202.169.57.xxx/29 - WAN #3: 202.159.10.xxx /29 I assign the IP and interface like these: - nve0 as LAN with IP 172.16.4.254 - ste0 as WAN with IP 203.77.230.1 (example) - ste1 as WAN2 with IP 202.169.57.1 (example) - ste2 as WAN3 with IP 202.159.10.1 (example) I want to add another IP alias like these: - nve0 - 172.16.4.17, 172.16.4.7, 172.16.4.38 - ste0 - 203.77.230.2 , 203.77.230.3 (example) - ste1 - 202.169.57.2, 202.169.57.2 (example) - ste2 - 202.159.10.2, 202.159.10.3 (example) I have some server in my internal network to be accessed from external network, for example: - FTP, SSH, DNS, HTTP from IP 172.16.4.52 - SMTP, POP3, Webmail from IP 172.16.4.53 In the future, I want to make a failover pfSense firewall also using wb0. The questions are: - How to make IP aliases? - How to allow incoming connection to internal server for those internet service? - How to make Outgoing Load Balancing from internal network? - How to make Internal Load Balancing from external network? - How to make Failover pfSense firewall? regards, Agi - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -To unsubscribe, e-mail: [EMAIL PROTECTED]For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Problems with dual wan and policy based routing
Hi all, I've posted that on forums but I'll try here too with new info. We've 1 soekris 4501 + lan1621 (Two ethernet ports) We've 2 ADSL lines (static ip's both) one working with dhcp and the other with static. And we want to have 1 Lan (192.168.50.0/24) 1 Wan (DHCP adsl line) (aaa.bbb.ccc.ddd) 1 OPT1 (The other adsl line, static) (xxx.xxx.xxx.xxx) 1 DMZ (OPT2) (192.168.2.0/24) We just want all lan traffic across the wan dsl, and the DMZ traffic across the OPT1 dsl. I'll will explain what I've done and let's see if someone can find what I'm missing. First I go to Services - Load Balancer and add a new pool. That will be the pool for the OPT1 dsl line. (Type gateway, ip of OPT1 interface adsl. Here I tried with the dsl gateway and it does the same.) I'll call the pool GW_JAZZ Then I go to Firewall - NAT - Outbound and enable advanced outbound nat. Here I do : Interface:Wan Source:192.168.50.0/24 Interface:Wan Source: 192.168.2.0/24 Interface: OPT1 Source:192.168.2.0/24 Then on Firewall - Nat - Incoming I've the next services (smtp,pop,http,imap) going to 192.168.2.2 (My server on DMZ) and the autofirewall rules created. I've some services for the Wan (smtp,rdp,ftp) going to my internal lan server (sucky exchange, 192.168.50.1) Some day it till stay at dmz or in trash :-) Then, Firewall - Rules On the DMZ (OPT2) I've the next rule. Proto: any source:any destination:any and gateway:GW_JAZZ On the OPT1 I've the traffic for the nated services and nothing more. On the LAN the default rule for traffic going throught default gateway (wan) On the wan the rules for the nated traffic. And now, What works and what doesn't?¿ Well Internet traffic from LAn to Wan works perfect. Nated services from WAN to LAN work too. But OPT1 OPT2 isn't working. Can someone see what I'm missing?¿ Or how can I bring more info for the problem. And to update that. I've tried to first make all Lan and DMZ go across WLAN and it works well.Then I tried to make all the DMZ traffic to port 25 go on the OPT1 dsl line but no luck. The connection goes across the OPT1 but it seems it can return back. DMZ --- Internet SMTP Server (Here i can see an incoming conection from the OPT1 IP) Any idea?¿ Thx - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Resize Embedded Flash Image
I've been reading the wiki doc to resize the flash image, but I think it's based on FreeBSD. I don't have any freebsd on work, so I'm asking if someone knows any way to do that on linux? If not, I'll install FreeBSD on any pc an try, not a problem, will be nice to start learning BSD - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
