Michael Deats Posted June 21, 2010 Share Posted June 21, 2010 Hi guys, My current network consists of this: DLink 4 Port DSL router/Switch, media player, one desktop and a laptop. Now I've gotten a DLink 4400 switch (24 port) and a Dell GX280 from work.. Now I'm thinking of deploying the dell as a pfsense firewall but I'm wondering how my network should change to accommodate it, and whether I need to get an extra NIC or would I just be able to run it with one? With two NICs, the topology should look something like this right? PFsense -> Router PFsense -> Switch Media Player, PC and Laptop -> Switch with PFsense as gateway Would it be possible to do it with one NIC like this? Router -> Switch Pfsense -> Switch Media Player, PC and Laptop -> Switch with PFsense as gateway Also, the Dell doesn't have a cd-rom, does anyone know of any method other than that to load PFsense? I've googled around a bit and it doesn't seem to be possible? Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted June 21, 2010 Share Posted June 21, 2010 I don't see it working very well in practice, but you will need definetly two Nics to accomplish what you want. First NIC connected to the Modem (internet) Second NIC connected to the switch. Now if you want to have a DMZ, you will need to install a third NIC. Hope this helps you. Quote Link to comment Share on other sites More sharing options...
Michael Deats Posted June 21, 2010 Author Share Posted June 21, 2010 So what does a DMZ actually do? I've never really used it before. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted June 21, 2010 Share Posted June 21, 2010 (edited) So what does a DMZ actually do? I've never really used it before. This wiki can explain a lot better than I can, what DMZ does. http://en.wikipedia.org/wiki/DMZ_%28computing%29 Edited June 21, 2010 by Infiltrator Quote Link to comment Share on other sites More sharing options...
VaKo Posted June 21, 2010 Share Posted June 21, 2010 Basically, your CPE (customer premises equipment) is usually assigned 1 public IP, so if you were to plug a cable/dsl modem into a switch and then connect 2 routers, only one would get an IP. If you have multiple public IP's, you could connect 2 routers to a switch with a modem attached, and both could connect to the net. If your case, if you created 2 VLANs on the switch, and plugged the modem into VLAN1, your LAN into VLAN2, and used PFsense to route traffic between the VLANs, you would be unable to connect additional machines into VLAN1 without an ISP that assigned you multiple public IP's. What you need to do is add a 3rd NIC to the Optiplex, then connect your modem to NIC1, create 2 VLANs on your switch and then connect NIC2 and NIC3 to these VLANs. VLAN1 could be your internal LAN while VLAN2 could be your DMZ/server interface. Quote Link to comment Share on other sites More sharing options...
Michael Deats Posted June 22, 2010 Author Share Posted June 22, 2010 Cool, thanks! Now next thing, should PFsense assign my DHCP address? Will the modem/router assign an address to PFsense and PFsense to the switch and all the other devices? I did some reading and I don't think I need a DMZ.. Quote Link to comment Share on other sites More sharing options...
VaKo Posted June 22, 2010 Share Posted June 22, 2010 PFsense will have 2 addresses in this setup, the first being the public IP your ISP assigned you, and the 2nd being the LAN IP. By default this will be 192.168.1.1 but you can use any address in the private IP ranges defined by rfc1918. What you will need is either a cable/dsl modem, or a DSL router with NAT, routing and the firewall disabled (so it acts just like a DSL modem). If you don't disable the NAT and firewall, you will have issues with things like port forwarding. If you want wireless, you will need a 3rd interface on PFsense, and then you can attach a wireless router to this, but configured to act as a wireless AP with no NAT, firewall or routing. As for DHCP, PFsense has a very nice DHCP server, but I personally prefer Microsoft's DHCP server. Quote Link to comment Share on other sites More sharing options...
Michael Deats Posted June 23, 2010 Author Share Posted June 23, 2010 (edited) but I personally prefer Microsoft's DHCP server. I'm assuming that would be the DHCP server built into server 2003 and 2008? :) Also, in an attempt to speed up my browsing etc, what would be better, the public 8.8.8.8 google DNS, or OpenDNS? EDIT: - Scratch that, did some googling and it seems openDNS is the better option. Edited June 24, 2010 by Michael Deats Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted June 28, 2010 Share Posted June 28, 2010 I don't know if it is my internet connection that is slow, but I did notice a drop in speed when switching from my current dns servers to opendns. Quote Link to comment Share on other sites More sharing options...
VaKo Posted June 28, 2010 Share Posted June 28, 2010 Yes, while *nix has perfectly good interpretation of DHCP and DNS servers, I personally find that the management tools for the Microsoft interpretations are an order of magnitude easier to use. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.