Re: [pfSense] Migration from an old linux firewall
ok. that sounds really bad: http://dilbert.com/strip/1998-08-24 Eero 30.3.2017 5.40 ip. "Claudio M."kirjoitti: > In data mercoledì 29 marzo 2017 10:13:36, WebDawg ha scritto: > > You can do two different subnets on one network, but it is not the way to > > do things. Everyone can imagine the issues but it would also be > completely > > insecure. > > Unfortunately I can not change the network, I am a consultant who handles > only > the firewall. I know that this solution is not safe, but the customer does > not > want to change this configuration because another external company that > manages > internal servers want so. > We manage the firewalls so we have to solve this situation. > Now i'll try to use a internal linux server how a gateway to forwards all > packets for the 10.7.13.0/24 creating a routing roule so i can use the > rules > explained in the pfsense site > > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Migration from an old linux firewall
On Thu, Mar 30, 2017 at 9:39 AM, Claudio M.wrote: > In data mercoledì 29 marzo 2017 10:13:36, WebDawg ha scritto: > > You can do two different subnets on one network, but it is not the way to > > do things. Everyone can imagine the issues but it would also be > completely > > insecure. > > Unfortunately I can not change the network, I am a consultant who handles > only > the firewall. I know that this solution is not safe, but the customer does > not > want to change this configuration because another external company that > manages > internal servers want so. > We manage the firewalls so we have to solve this situation. > Now i'll try to use a internal linux server how a gateway to forwards all > packets for the 10.7.13.0/24 creating a routing roule so i can use the > rules > explained in the pfsense site > > ___ > > That is crazy man. http://serverfault.com/questions/25907/what-are-the-implications-of-having-two-subnets-on-the-same-switch I mean, they midas well just put all the hosts on the same subnet. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Migration from an old linux firewall
In data mercoledì 29 marzo 2017 10:13:36, WebDawg ha scritto: > You can do two different subnets on one network, but it is not the way to > do things. Everyone can imagine the issues but it would also be completely > insecure. Unfortunately I can not change the network, I am a consultant who handles only the firewall. I know that this solution is not safe, but the customer does not want to change this configuration because another external company that manages internal servers want so. We manage the firewalls so we have to solve this situation. Now i'll try to use a internal linux server how a gateway to forwards all packets for the 10.7.13.0/24 creating a routing roule so i can use the rules explained in the pfsense site ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Migration from an old linux firewall
On Wed, Mar 29, 2017 at 8:41 AM, Moshe Katzwrote: > I'm not entirely sure how you had this working with your old firewall - I > would think it would have the same issue. > > The best thing for you to do would be to separate the two LANs. You > probably don't need to change any cabling because most server network cards > let you set a default VLAN to use. (If you have Windows servers, you either > need a managed switch or network cards with drivers that support setting a > VLAN. For Linux servers, this should because doable with any network card. > Most server-grade network cards have support for setting a VLAN from the > Properties screen of the adapter in Device Manager.) > > Moshe > > On Mar 29, 2017 6:55 AM, "Claudio M." wrote: > > You can do two different subnets on one network, but it is not the way to do things. Everyone can imagine the issues but it would also be completely insecure. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Migration from an old linux firewall
I'm not entirely sure how you had this working with your old firewall - I would think it would have the same issue. The best thing for you to do would be to separate the two LANs. You probably don't need to change any cabling because most server network cards let you set a default VLAN to use. (If you have Windows servers, you either need a managed switch or network cards with drivers that support setting a VLAN. For Linux servers, this should because doable with any network card. Most server-grade network cards have support for setting a VLAN from the Properties screen of the adapter in Device Manager.) Moshe On Mar 29, 2017 6:55 AM, "Claudio M."wrote: > Hi > I've migrated a linux firewall to a 2.3.3-RELEASE-p1 pfsense. > The old configuration was with 2 interfaces connected to adsl routers and > an > interface for the lan. Was configurated also a GRE VPN with an alias IP on > this > LAN network so on the same LAN coexisted two networks > 192.168.1.0/24 > 10.7.13.0/24 > where the first was for all desktop clients and the seconds for the > servers. A > server have a interface on the LAN with Ip 10.7.13.1 and a alias on the > same > interface with 192.168.1.6. > When a client is connect to this server, sends packets to the firewall and > the > firewall resends that to the destination server. The server receive this > packets and reply using the same interface but contact directly the client > with IP on the same net. Before with linux this was not a problem but with > pfsense, a statefull firewall, this is not more possible. Now i've an > asymmetric routing without a routing so I cannot use the tips present at > this > page https://doc.pfsense.org/index.php/Asymmetric_Routing_and_ > Firewall_Rules > > How can I to do? > > Best regards > Claudio M. > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Migration from an old linux firewall
On Wed, Mar 29, 2017 at 5:55 AM, Claudio M.wrote: > Hi > I've migrated a linux firewall to a 2.3.3-RELEASE-p1 pfsense. > The old configuration was with 2 interfaces connected to adsl routers and > an > interface for the lan. Was configurated also a GRE VPN with an alias IP on > this > LAN network so on the same LAN coexisted two networks > 192.168.1.0/24 > 10.7.13.0/24 > where the first was for all desktop clients and the seconds for the > servers. A > server have a interface on the LAN with Ip 10.7.13.1 and a alias on the > same > interface with 192.168.1.6. > When a client is connect to this server, sends packets to the firewall and > the > firewall resends that to the destination server. The server receive this > packets and reply using the same interface but contact directly the client > with IP on the same net. Before with linux this was not a problem but with > pfsense, a statefull firewall, this is not more possible. Now i've an > asymmetric routing without a routing so I cannot use the tips present at > this > page https://doc.pfsense.org/index.php/Asymmetric_Routing_and_ > Firewall_Rules > > How can I to do? > > Best regards > Claudio M. > ___ You had two different networks on one ethernet lan? ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Migration from an old linux firewall
How about using vlan tagging? Eero 2017-03-29 13:55 GMT+03:00 Claudio M.: > Hi > I've migrated a linux firewall to a 2.3.3-RELEASE-p1 pfsense. > The old configuration was with 2 interfaces connected to adsl routers and > an > interface for the lan. Was configurated also a GRE VPN with an alias IP on > this > LAN network so on the same LAN coexisted two networks > 192.168.1.0/24 > 10.7.13.0/24 > where the first was for all desktop clients and the seconds for the > servers. A > server have a interface on the LAN with Ip 10.7.13.1 and a alias on the > same > interface with 192.168.1.6. > When a client is connect to this server, sends packets to the firewall and > the > firewall resends that to the destination server. The server receive this > packets and reply using the same interface but contact directly the client > with IP on the same net. Before with linux this was not a problem but with > pfsense, a statefull firewall, this is not more possible. Now i've an > asymmetric routing without a routing so I cannot use the tips present at > this > page https://doc.pfsense.org/index.php/Asymmetric_Routing_and_ > Firewall_Rules > > How can I to do? > > Best regards > Claudio M. > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] Migration from an old linux firewall
Hi I've migrated a linux firewall to a 2.3.3-RELEASE-p1 pfsense. The old configuration was with 2 interfaces connected to adsl routers and an interface for the lan. Was configurated also a GRE VPN with an alias IP on this LAN network so on the same LAN coexisted two networks 192.168.1.0/24 10.7.13.0/24 where the first was for all desktop clients and the seconds for the servers. A server have a interface on the LAN with Ip 10.7.13.1 and a alias on the same interface with 192.168.1.6. When a client is connect to this server, sends packets to the firewall and the firewall resends that to the destination server. The server receive this packets and reply using the same interface but contact directly the client with IP on the same net. Before with linux this was not a problem but with pfsense, a statefull firewall, this is not more possible. Now i've an asymmetric routing without a routing so I cannot use the tips present at this page https://doc.pfsense.org/index.php/Asymmetric_Routing_and_Firewall_Rules How can I to do? Best regards Claudio M. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold