Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - Trel

Pages: 1 ... 21 22 23 24 [25]
DHCP and DNS / Re: How can I achieve this setup?
« on: May 08, 2013, 02:44:28 pm »
No if you create bridge you can not have different dhcp scopes that hand out different addresses based upon what actual physical interface the connection comes in on.  Your dhcp server would have an IP it listens on, not a interface.

If you want to isolate wired from wireless - then you have to create different segments.

If you can not have different segments because of some issue you think these cats your trying to herd are going to have with their firewalls, I don't there is anywhere else we can go with your problem.

I am trying to help you..  So all you have is a wireless card in pfsense for a /22 of users?  That is a LOT of users to use 1 wireless card with ;)

Your other option to hand out different ranges for different users would be to use 2 different pools on one segment.  Where you limit who can use each pool based upon mac.  But this is would be lots of setup for a /22

I don't know if the dhcp additional pools are in the 2.0 line, but in 2.1 they are an option.  With this you could create your 2 different pools and then using mac controls you could limit which clients can get an address from which pool.  Maybe this is something you could use.  It allows for you to put in partial mac addresses, so that specific hardware would all use same pool - but if user based hardware you could have lots of different card makers to have to put into your allow or deny.  And then what about those that don't match either, etc..

Yeah, it looks like I'll have to scrap that whole idea.  I'll make a separate topic on the correct way to implement the bridge.  Thanks for the help, it looks like though, I just have the misfortune of wanting something that's not possible.

DHCP and DNS / Re: How can I achieve this setup?
« on: May 08, 2013, 09:12:55 am »
"which means having the wireless ones on a separate subnet is a problem."

So then put the wireless on same subnet..  Why can your wired and wireless not all just use your 172.16.x.x/22 network??

Why do you think you need to use a different interface on pfsense to add wireless?  Just connect how ever many APs you need to your currently wired network to provide the coverage you want.

So if users bring their own devices, and manage them.  And control their own firewalls - why is it your problem if they don't understand how to allow file sharing access to another network?  You would not be blocking anything, what they do with their firewalls is not your issue - is it?

I'm using a wireless NIC installed on pfsense box, and access point is not something that can be purchased currently.
If I put both interfaces on the same subnet, they do not work.  If I do that, and bridge them, I can't separate DHCP.

What exactly are you suggesting I do?
(Also can we please keep the discussion to configuration on the pfsense end and not the client machines?  All that should be relavant is that I would like all machines on the same subnet, assigned different IP ranges based on which interface it's connected through.  The why shouldn't matter in this case.)

If this simply is not possible, just tell me that.

DHCP and DNS / Re: How can I achieve this setup?
« on: May 08, 2013, 08:21:16 am »
"changes to the windows firewall, which is something I can't force my users to do."

What??  What do you mean you can't change?  Is this your network, or bunch of cats your trying to herd?  Why would a user have control of the firewall in the first place.  Simple enough to make a group policy to allow whatever firewall rules you want.

You could even debate the need of software firewalls in secure network, just setup policy to enable firewall when they are not on your domain, etc.

How about you give us some details of your network, and what your wanting to accomplish exactly and we can figure out the best course of action.  Why did you want to use 2 interfaces for the same network in the first place?  Just to give specific machines specific addresses via dhcp??

I can't assign group policies if the machines are not on a domain.  This is a network where people use their own machine.
What I want to do is have wired and wireless access to the same network.  I would also assign specific IPs depending on which method the device is connected to.

I cannot control the client machines.  The only thing I know for sure is that the machines can (and should be able to) communicate amongst themselves.  The only configuration I can guarantee is that the machines can communicate on their assigned subnet, which means having the wireless ones on a separate subnet is a problem.

If this is definitely not possible, I will likely have to bridge the interfaces and not be able to separate the assigned IPs.  This is not my ideal circumstance however.

DHCP and DNS / Re: How can I achieve this setup?
« on: May 07, 2013, 03:41:22 pm »
I'm confused with your /22 that does not work out to .1.x and .2.x as gderf mentions.    Did you mean .0.x to .1.254? and 2.x - 3.254? for your dhcp ranges?

Or were you planning on leaving .0 and .3 for statics?

As gderf states you normally do not put 2 interfaces in the same network.  His suggestion works if you your ok with lower hosts.

Or you could do on 1 interface and on other interface.  And then sure you could have your dhcp scopes only use .1.1-254 and 2.1-254 where you could then setup .0.1-254 and .3.1-254 as static address space for those 2 network segments.

Yes, I was planning on leaving 0.x and 3.x for static assignments.
My biggest problem is windows networking.
If I separate them into two networks, which I currently have done, Windows doesn't let let filesharing occur between the subnets without explicit changes to the windows firewall, which is something I can't force my users to do.

Hardware / Re: Wireless standard went missing
« on: May 07, 2013, 10:35:49 am »
It might very well be I'm not understanding you, but I doubt you'll get it working in 'N'.
See also thread,61948.0.html with an interesting post from stephenw10 (reply #5)

Yes, I know N will probably not work.  I'm asking why, ng mode was listed in the options when I set up the machine, but now it's missing.
I am running on G mode anyway.

DHCP and DNS / How can I achieve this setup?
« on: May 07, 2013, 10:34:25 am »
I'm trying to do the following

IP: 176.16.x.x

I have two  interfaces, LAN and OPT1.
What I want to do is devices connecting on LAN (port 1 of a 4 port NIC) get 176.16.1.x and on OPT1 (single port NIC) get 176.16.2.x

What is the best way to achieve this?

Hardware / Re: Wireless standard went missing
« on: May 07, 2013, 06:59:50 am »
the card may support it, but freebsd doesn't.
see wiki:

my 2 cents: get an AP if you want or need "n" performance.

You misunderstand.
The option was there a day ago.

Hardware / Wireless standard went missing
« on: May 06, 2013, 08:15:37 pm »
When I first set up pfsense, my wireless nic had three options for wireless standard.

When I look now, gn is missing from that list.
Anyone know what might have happened?

It's an Atheros nic, I'm certain of the exact model, but I do know it supports n.

Pages: 1 ... 21 22 23 24 [25]