Setup a gateway for the PfSense

[Shammikit]

Hello everyone, firstly I should state that this is the first time Im trying to do something using pfsense and I would appreciate a not too confusing answer. I believe im doing a small mistake somewhere. What I want to achieve is send the IP of my Pfsense to the DHCP clients through DHCP for them to use as their default gateway and have a different IP set as the gateway for my PFsense for it to access internet (this IP should not be shared with DHCP clients). What I have done atm is gone to System>Routing>Gateway and set a default gateway there thinking it is only for the Pfsense. I have noticed by doing this that this IP gets shared with the DHCP clients as well. Any suggestions to tryout could be very helpful. Thanks.

[Geoff35674567]

you dont want your devices to see the IP of the pfsense NIC that is connected to your modem?

[Shammikit]

7 hours ago, Geoff35674567 said:

you dont want your devices to see the IP of the pfsense NIC that is connected to your modem?

Yes, im not entirely sure about this, but when i do allow the devices to see the IP i think the rules that I set in pfsense dont work on the devices. I think the devices are bypassing the pfsense and going straight online. And im pretty sure i applied the settings right.

[Kalm_Traveler]

Can you describe your equipment layout?

 

I just set up a pfsense box over the last few days and it sounds like you're over-complicating it.

 

Example, my setup is:  fiber interface box -> pfsense box -> managed switch (1 port going to the old wifi router as an AP/switch for my main network, another port going to a separate wifi router as an AP for a guest wifi network).

 

by default, the computers see the pfsense box as their gateway, you shouldn't have to manually set a gateway. In the pfsense web UI, it's own gateway is auto-detected as the fiber interface box on the WAN side.

[Shammikit]

10 hours ago, Kalm_Traveler1 said:

Can you describe your equipment layout?

 

I just set up a pfsense box over the last few days and it sounds like you're over-complicating it.

 

Example, my setup is:  fiber interface box -> pfsense box -> managed switch (1 port going to the old wifi router as an AP/switch for my main network, another port going to a separate wifi router as an AP for a guest wifi network).

 

by default, the computers see the pfsense box as their gateway, you shouldn't have to manually set a gateway. In the pfsense web UI, it's own gateway is auto-detected as the fiber interface box on the WAN side.

 

So this is what Im trying todo, I got a Host PC  running the Pfsense VM. I have a wireless Huawei router provided by my ISP that I want to use just as a wireless AP for the clients to connect. I want the clients to connect to the wireless router, from here I want their signals to be sent to the host PC, then to the VM. Then at the VM i want it to go through the rules that I have set and send this traffic to the wireless router so it can access internet. 

 

So far I have turned off DHCP service in my wireless router and setup DHCP in pfsense.  I have verified that the clients get an IP from the DHCP server I have set in pfsense. The dhcp leases are also visible, however when I tried accessing the internet from the client PC i noticed that none of my rules are being followed by the clients. The rules I have setup are download and upload limiters. speedtest results are same as running without going through pfsense. I feel like it is bypassing the pfsense and getting online, but then again the DHCP server i setup in pfsense works so i doubt that.

 

When i checked the ipconfig in a client pc it shows the IP of my router as the default gateway. Not the IP of my pfsense. I think the default gateway i set in the pfsense for pfsense to get online is being distributed to clients. Im guessing if the default gateway taken by my clients is my pfsense IP then my rules should work. Im no sure though. This is why i asked in my original question " send the IP of my Pfsense to the DHCP clients through DHCP for them to use as their default gateway and have a different IP set as the gateway for my PFsense for it to access internet" 

 

Edit: The host PC has a static IP assigned to communicate with the router and access internet.  The VM is running on virtual box and its network is bridged to the host.  

[Kalm_Traveler]

ok I think I understand now - so based on your diagram pfsense can't act as a firewall because it isn't inline. You are using it as a DHCP server (which doesn't need to be inline) but for it to be acting as a firewall, router, etc all traffic would need to flow through it between clients and internet (either physically or logically).

 

Does your host PC that you're running pfsense in a VM on have at least 2 ethernet ports that can be dedicated to pfsense?

 

*EDIT* here is a pic of my setup. I am using an 8 port switch behind the pfsense box, port 8 is the LAN side of pfsense and is untagged for VLAN1, tagged for VLAN2. port 7 goes to the guest wifi AP and is untagged for VLAN2 but is not a member of VLAN1. port 6 goes to the old wifi AP, for my main network and is untagged for VLAN1. Ports 1-6 are not members of VLAN2.

 

This way, any traffic coming in via port 7 (through the guest wifi AP) is seen as VLAN2 by pfsense and managed accordingly.

 

I don't think having pfsense out of line can operate in the way you're wanting it to since traffic does not flow 'through' it.

[Shammikit]

On 12/17/2019 at 6:38 PM, Kalm_Traveler1 said:

Does your host PC that you're running pfsense in a VM on have at least 2 ethernet ports that can be dedicated to pfsense?

 

I think this is where I got it wrong, I was trying to send and receive from the same interface.

 

So i have got a wireless USB interface. I would like to know if it is possible to use a wireless interface on the LAN side. I unfortunately dont have an Ethernet interface atm to connect to a switch or an AP. If it is possible to create a Wi-Fi hotspot on the LAN to use my USB Interface as a transmitter for other wireless devices such as phones to connect, that would be great.

 

I also have another WIFI router, I would also like to know if i can use my USB LAN interface to connect to that WIFI router, configure that router as an AP for wireless devices to connect.I have drawn this setup i have in mind below. If its possible to do this please do suggest me a method. Thanks.

 

[Shammikit]

I drew a diagram for this setup too so it is easy to understand:

4 minutes ago, Shammikit said:

 

So i have got a wireless USB interface. I would like to know if it is possible to use a wireless interface on the LAN side. I unfortunately dont have an Ethernet interface atm to connect to a switch or an AP. If it is possible to create a Wi-Fi hotspot on the LAN to use my USB Interface as a transmitter for other wireless devices such as phones to connect, that would be great.

 

[Kalm_Traveler]

5 hours ago, Shammikit said:

I drew a diagram for this setup too so it is easy to understand:

you could do this one, use the USB wifi dongle on the pfsense box as a broadcast node for other devices to talk to pfsense. 

AFAIK the first one (using the wifi usb dongle to trunk internet access over wifi to a wifi AP) is not possible, partly because only a wifi repeater is designed to function this way. AP's are designed to take internet access over one or more ethernet ports and share it with the other ethernet ports and via wifi.

 

However, alternatively you could buy a wifi repeater made for this purpose like those units @jakkuh_t has at his house. Maybe he can chime in here, but if I understood their video, those repeaters have 3 bands in use so 1 band is used to communicate with the main AP for trunking main network/internet access to/from the repeater, while the other 2 bands are used to communicate with devices (phones, laptops, etc) which doesn't cut your bandwidth the way older style repeaters would. Older repeaters used the same bands to talk to the main AP as with devices, so they effectively cut your bandwidth in half since they had to switch from talking with your device to relaying that traffic to/from the main AP, then switch back to talking to the device again.

 

If you can run cables, I would recommend instead just getting a USB -> ethernet adapter for the pfsense PC and run an ethernet line over to your wifi AP to trunk network access out to it.

[Shammikit]

1 hour ago, Kalm_Traveler1 said:

you could do this one, use the USB wifi dongle on the pfsense box as a broadcast node for other devices to talk to pfsense. 

Is it done here from the wireless interfaces page. if so i dont see any interface to add here. However i did notice my USB wireless interface detected as em1 in interface assignments page which is there to be added. It did not appear to the wireless interfaces page even after adding. 

 

[Kalm_Traveler]

33 minutes ago, Shammikit said:

Is it done here from the wireless interfaces page. if so i dont see any interface to add here. However i did notice my USB wireless interface detected as em1 in interface assignments page which is there to be added. It did not appear to the wireless interfaces page even after adding. 

 

 

yes I believe so based on the pfsense documentation, but since my pfsense setup is just a PC with two ethernet jacks and no wifi I don't have any experience setting it up.

[Shammikit]

9 hours ago, Kalm_Traveler1 said:

yes I believe so based on the pfsense documentation, but since my pfsense setup is just a PC with two ethernet jacks and no wifi I don't have any experience setting it up.

ok, thank you very much for the support so far. Merry Christmas.

[Kalm_Traveler]

2 hours ago, Shammikit said:

ok, thank you very much for the support so far. Merry Christmas.

you as well! May tech-Santa bring you many fun toys!