Re: [pfSense] Setup Questions
Lets start by defining the terms to make sure we are all talking about the same things: http://www.ipcop.org/2.0.0/en/install/html/preparation-network-interfaces.html On Sat, Sep 29, 2012 at 4:36 PM, Johnny wrote: > 1 nic is on green > > *GREEN - This network only connects to the computer(s) that IPCop is > protecting. It is presumed to be local. Traffic to it is routed through an > Ethernet NIC.* This is equivalent to the pfSense LAN. 1 nic is on red > *RED - This network is the Internet or other untrusted network. IPCop's > primary purpose is to protect the GREEN, BLUE and ORANGE networks and their > computers from traffic originating on the RED network. Your current > connection method and hardware are used to connect to this network.* This is equivalent to the pfSense WAN Those are the only default interfaces in pfSense, However you can add more (as I do at my office). > > 1 nic is on blue – Wi-Fi, I have a router on this nic. DHCP is turned off > and users get ip assigned by ipcop. I have also approve people by their mac > address to access my blue network. > *This optional network allows you to place wireless and/or wired devices on > a separate network. Computers on this network cannot get to the GREEN > network except via tightly controlled “pinholes”, or via a VPN. Traffic to > this network is routed through an Ethernet NIC.* This requires configuration in pfSense, but many people are doing it, so you should be able to get help on this list. > > 1 nic is on orange for DMZ – Never able to get DMZ working correctly. > *This optional network allows you to place publicly accessible servers on a > separate network. Computers on this network cannot get to the GREEN or BLUE > networks, except through tightly controlled “pinholes”. Traffic to this > network is routed through an Ethernet NIC.* This is programatically the same as BLUE, and, yes, lots of people do it. > > > I was wondering if this same setup is possible with pfsence? Any help > would be appreciated > To sum it up, yes. If you set it up and have more specific questions, just ask here and someone should be able to help you. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] NATting/re-routing in the same network, is this possible?
On Sat, Sep 29, 2012 at 5:06 AM, Stefan Baur wrote: > Hi List, > > I have multiple sites where several clients (C1...Cn) within the same LAN > need to connect a server (S). > > The pfSense box acts a router (R) at all these sites. > The router IP on the LAN side is the same everywhere. > The server IP varies from site to site, though. > If I'm following, you're redirecting out the same interface the traffic comes in on. In that case you have to source NAT the redirected connection to the firewall's IP. What's happening now is the firewall directs it to the server, the server sees the real source host and replies directly back to it, breaking the TCP session. Adding manual outbound NAT to translate the source IP on the redirected traffic will fix in that case. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
[pfSense] VMware patch released for clock stopping issue
This ESX regression was discussed recently here in at least one if not more threads, VMware has a patch out. http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2032586 PR887134: Timer stops in FreeBSD 8.x and 9.x as virtual hardware HPET main counter register fails to update due to comparison failure between signed and unsigned integer values. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Setup Questions
On Sep 29, 2012 1:36 PM, "Johnny" wrote: > > Hey guys I am currently running ipcop 2.0 and thinking about switching over to pfsense. (tired of the slooowww updates) I have my ipcop box setup as follows. > > > > 1 nic is on green > > 1 nic is on red > > 1 nic is on blue – Wi-Fi, I have a router on this nic. DHCP is turned off and users get ip assigned by ipcop. I have also approve people by their mac address to access my blue network. > > 1 nic is on orange for DMZ – Never able to get DMZ working correctly. > > > > I was wondering if this same setup is possible with pfsence? Any help would be appreciated > > > > > > Johnny Miller > > mill...@cinci.rr.com > > gamer tag: wcso845 > > > > Lets find a cure for cancer together visit: > > http://www.worldcommunitygrid.org > > > > > > > ___ > List mailing list > List@lists.pfsense.org > http://lists.pfsense.org/mailman/listinfo/list > I was an ipcop user many years ago. Although pfsense doesn't use the interface color names it can do these things you describe. Try it out and I doubt you'll look back. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
[pfSense] Setup Questions
Hey guys I am currently running ipcop 2.0 and thinking about switching over to pfsense. (tired of the slooowww updates) I have my ipcop box setup as follows. 1 nic is on green 1 nic is on red 1 nic is on blue - Wi-Fi, I have a router on this nic. DHCP is turned off and users get ip assigned by ipcop. I have also approve people by their mac address to access my blue network. 1 nic is on orange for DMZ - Never able to get DMZ working correctly. I was wondering if this same setup is possible with pfsence? Any help would be appreciated Johnny Miller mill...@cinci.rr.com gamer tag: wcso845 Lets find a cure for cancer together visit: http://www.worldcommunitygrid.org ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] NATting/re-routing in the same network, is this possible?
Am 29.09.2012 13:56, schrieb Adrian Wenzel: Out of curiosity, what's the DNS setup? We've had... issues with DNS, thanks to the mixed Windows(AD)/Unix environment. So I'd prefer using IPs. That way, the setup works even when DNS is misconfigured/taking a day off/moody/whatever. -Stefan ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] NATting/re-routing in the same network, is this possible?
- Original Message - > From: "Stefan Baur" > To: "pfSense support and discussion" > Sent: Saturday, September 29, 2012 6:06:47 AM > Subject: [pfSense] NATting/re-routing in the same network, is this possible? > > Hi List, > > I have multiple sites where several clients (C1...Cn) within the same > LAN need to connect a server (S). > Out of curiosity, what's the DNS setup? If you have an internal server doing resolution are each site, why not create the same zone at each site (internalservers.local) and have a host entry (app01.internalservers.local) that points to the IP of the server at that location? Regards, Adrian ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
[pfSense] NATting/re-routing in the same network, is this possible?
Hi List, I have multiple sites where several clients (C1...Cn) within the same LAN need to connect a server (S). The pfSense box acts a router (R) at all these sites. The router IP on the LAN side is the same everywhere. The server IP varies from site to site, though. Ex: Site 1 Site 2 C1---+ C1---+ | | C2---+---R 192.168.0.1 C2---+---R 192.168.0.1 ... |... | Cn---+Cn---+ | | S---+S---+ .100 .200 I would like to avoid having to configure all the clients individually, so I am looking for a way to let pfSense act like a NAT router. Plan: Make the clients think they connect to the server, while in reality, they connect to the pfSense box that forwards the connection to the real server. Reason: Central, single point of administration per site. What I tried: NAT rule: opt1ip 5 tcp 192.168.0.100 5 lan nat_5065cd732734e8.45732086 Firewall rule: pass lan keep state tcp 192.168.0.100 5 nat_5065cd732734e8.45732086 The firewall rule is on top of the LAN rules list, and I pushed the "apply changes" button. It does not work, though - I cannot establish a connection to the server by connecting to the same port on the router. So, I guess I'm doing it wrong, or it isn't possible at all. Could somebody please enlighten me? :-) -Stefan ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list