headers
Bassam A. Al-Khaffaf | 1 Oct 2007 11:51

Does PFSense support NATTING and ROUTING at the same time?

Dear Folk,

   I am using PFSense to provide Internet access to a housing area. Where subscribers need to dial a PPPoE connection to PFSense in order to access the Internet. The PPPoE server on PFSense is already configured to use Radius authentication and to provide framed IP to all PPPoE clients. I have done this part successfully.

 

However, my issue is that how to route out the Public IP assigned PPPoE users while to NAT the Private ones.

 

Your help is much more appreciated

 

Regards

Bassam

Permalink | Reply | 1 comment |
headers
Ugo Bellavance | 1 Oct 2007 11:50
Picon

Re: 2 networks on the LAN interface, vlan, trunk?

Paul M wrote:
> Ugo Bellavance wrote:
>> VLAN 101 contains ports that are connected directly to the internet
>> (PfSense WAN port, internet port (it is in colocation), other servers
>> that would be connected directly to the internet (not behind PfSense).
>>
>> VLAN 102 contains ports that are connected to devices in the Subnet1,
>> let's say 10.10.10.0/24.
>>
>> VLAN 103 contains ports that are connected to devices in the Subnet2,
>> let's say 192.168.10.0/24.
> 
> this seems OK, I think, once you've created vlans you assign the wan and
> lan ports appropriately, then make vlan103 be say OPT1 (and rename it to
> LAN2?)

Hmmm, can you explain a bit further?  There is only 2 NIC in this server.

>> However, subnet2 is completely isolated.  It cannot talk to anyone, nor
>> to the fw, nor the subnet1, nor the internet.
> 
> if you manually add static routes to hosts on vlan103, does it work?
> what are you seeing in the arp tables on the hosts?

On the hosts or on the pfsense?  How would I do that?

Thanks a lot for your answer,

Ugo
Permalink | Reply | 0 comments |
headers
Bill Marquette | 1 Oct 2007 16:58
Picon
Gravatar

Re: Does PFSense support NATTING and ROUTING at the same time?

Use advanced outbound NAT.

On 10/1/07, Bassam A. Al-Khaffaf <bassam@...> wrote:
>
>
>
>
> Dear Folk,
>
>    I am using PFSense to provide Internet access to a housing area. Where
> subscribers need to dial a PPPoE connection to PFSense in order to access
> the Internet. The PPPoE server on PFSense is already configured to use
> Radius authentication and to provide framed IP to all PPPoE clients. I have
> done this part successfully.
>
>
>
> However, my issue is that how to route out the Public IP assigned PPPoE
> users while to NAT the Private ones.
>
>
>
> Your help is much more appreciated
>
>
>
> Regards
>
> Bassam
Permalink | Reply | 0 comments |
headers
Chris Buechler | 1 Oct 2007 19:40
Favicon
Gravatar

Re: IPsec VPN Question.

Matt Hohman wrote:
> We currently use pfSense at our main location and we now have a new 
> site linked via a point to point 3mbit connection. I'm wondering if we 
> would be able to squeeze any more bandwidth out of that connection by 
> putting pfsense box on the other side and using ipsec with 
> compression. Does the compression really gain you anything?

I'm not sure offhand if we even enable compression, maybe someone else 
can confirm or deny that, but most likely the answer is it'll be 
marginally slower with IPsec regardless of compression settings. Plus it 
potentially introduces even more problems with the lower effective MSS.

I wouldn't recommend it.
Permalink | Reply | 0 comments |
headers
Dziuk, Fred J | 1 Oct 2007 20:11
Picon
Favicon

Captive Portal Design documents

Our campus is using PfSense to control wireless access to our network via the Captive Portal and becoming very reliant on its operation.  I do not want to necessarily become a developer to have technical troubleshooting skills.  But I would like to have a document that describes the basics of the Captive Portal operations and was hoping for some links to some detailed design/operational documents other than source code.  Questions I have:

1.       How does the CP determine if a user needs to be authenticated?

2.       Once authenticated, where is the user information kept?

3.       I can issue PF and IPFW commands in the shell – Are both used in CP?

4.       We have some users that some how disappear from the CP user list, but can still get through to the WAN.  How do I debug this?

5.       Seems like there are extra entries in the firewall ruleset that keep accumulating and never get removed.  How do I clean this up?

 

  I have put out a few questions/problems to this list and have not received a single response.  We are establishing an account for the commercial support, but we would like to have some local expertise.  Thanks for any insight in the Captive Portal’s operation.

 

Fred Dziuk

The Univ. of TexasHealthScienceCenter at San Antonio

Systems and Network Operations

210-567-2117

Permalink | Reply | 2 comments |
headers
Marco Bianchi | 1 Oct 2007 20:42
Picon

Loosing connectivity

Hi,

I've just installed pfSense 1.02RC2 to run the network in my house. It is in testing now...

pfSense runs on an HP P4 2.0ghz with 256MB or RAM using an Adaptec 4 10/100 NIC card. Internet connection is done through a DLINK DSL302 ADSL2 Etherne Modem connected via a crossover cable to the RED Interface.

As now, just two interfaces are active, the GREEN and the RED.

Everything is running fine, the modem stays connected but, every now and then, I cannot connect the internet from the GREEN interface.

The modem is OK, the ADSL COnnection is OK. The only thing the solve the problem is to restart the pfSense "server"

pfSense configuration is standard, no packages loaded, and no changes from the default wizard.

Any idea on where I've to look to understand where the problem is?

Or, better, do you know why this is happening?

The Carrier is TelecomItalia with the Alice ADSL 4Mb offer.

Thanks for who will provide support.

MB

Permalink | Reply | 5 comments |
headers
Ingvald Grimstveit | 1 Oct 2007 22:44
Picon
Picon

Dual WLAN no load balancing (different GW)

Current setup:
1x WAN PPPoE
(running PPTP VPN server on pfSense with local user db.)


Need:
1x Additional WAN


Configuration would be:
-Different GW for computers on same LAN (inside)

-Port forwarding rules for the two WAN's
e.g. 
port   80 from WAN1 to 192.168.10.10 (GW for .10 would be WAN1)
port 3389 from WAN2 to 192.168.10.12 (GW for .12 would be WAN2)
and more

This implies 2x IP on LAN if.


Question:
Can this be done (easily)?
If so what kind of WAN2 subscription do I need (not another PPPoE i think).


best regards
Ingvald

Permalink | Reply | 2 comments |
headers
cassio lima | 1 Oct 2007 22:48
Picon

Re: Captive Portal Design documents

better solution monowall

On 10/1/07, Dziuk, Fred J <DZIUK-nNFbEISdY73HfRtnQztjLA@public.gmane.orgu> wrote:

Our campus is using PfSense to control wireless access to our network via the Captive Portal and becoming very reliant on its operation.  I do not want to necessarily become a developer to have technical troubleshooting skills.  But I would like to have a document that describes the basics of the Captive Portal operations and was hoping for some links to some detailed design/operational documents other than source code.  Questions I have:

1.       How does the CP determine if a user needs to be authenticated?

2.       Once authenticated, where is the user information kept?

3.       I can issue PF and IPFW commands in the shell – Are both used in CP?

4.       We have some users that some how disappear from the CP user list, but can still get through to the WAN.  How do I debug this?

5.       Seems like there are extra entries in the firewall ruleset that keep accumulating and never get removed.  How do I clean this up?

 

  I have put out a few questions/problems to this list and have not received a single response.  We are establishing an account for the commercial support, but we would like to have some local expertise.  Thanks for any insight in the Captive Portal's operation.

 

Fred Dziuk

The Univ. of Texas Health Science Center at San Antonio

Systems and Network Operations

210-567-2117


Permalink | Reply | 1 comment |
headers
Scott Ullrich | 1 Oct 2007 22:54
Picon
Gravatar

Re: Captive Portal Design documents

On 10/1/07, cassio lima <lluner@...> wrote:
> better solution monowall

Please stop trolling.

Scott
Permalink | Reply | 0 comments |
headers
Espen Johansen | 2 Oct 2007 02:11
Picon

Re: Dual WLAN no load balancing (different GW)

PPPoE can only be used on WAN.
opt interface can use static or dhcp assigned address.
The rest of the config is easily done with advanced outbound nat and filtering rules.
You can do all that you request with pfsense.
You will assign the same gatway in dhcp for all lan hosts, then you add special rules to route out on wither WAN1 or WAN2 (opt interface)
 
-lsf

 
On 10/1/07, Ingvald Grimstveit <igrimstv-f/vm7P8qpiNhl2p70BpVqQ@public.gmane.org> wrote:
Current setup:
1x WAN PPPoE
(running PPTP VPN server on pfSense with local user db.)


Need:
1x Additional WAN


Configuration would be:
-Different GW for computers on same LAN (inside)

-Port forwarding rules for the two WAN's
e.g. 
port   80 from WAN1 to 192.168.10.10 (GW for .10 would be WAN1)
port 3389 from WAN2 to 192.168.10.12 (GW for .12 would be WAN2)
and more

This implies 2x IP on LAN if.


Question:
Can this be done (easily)?
If so what kind of WAN2 subscription do I need (not another PPPoE i think).


best regards
Ingvald

--------------------------------------------------------------------- To unsubscribe, e-mail: support-unsubscribe-zsHM3v2T5LBBDgjK7y7TUQ@public.gmane.org For additional commands, e-mail: support-help-zsHM3v2T5LBBDgjK7y7TUQ@public.gmane.org

Permalink | Reply | 0 comments |

Gmane