The pfSense Store

Author Topic: Bought equipment. what should I do next?  (Read 555 times)

0 Members and 1 Guest are viewing this topic.

Offline Mesozder

  • Newbie
  • *
  • Posts: 8
  • Karma: +0/-0
    • View Profile
Bought equipment. what should I do next?
« on: November 08, 2017, 01:07:22 pm »
Hi everyone.

I'm a total noob, and have just heard about Pfsense couple of weeks ago.
Reading here and some other places, I've bought some hardware, but I ned help with what should I do next.

I would like to be able to connect to my VPN and QNAP server from anywhere in Europe (I travel a bit), and to be able to see my Plex collection from remote locations. I would also like to be able to see my IP cam (there is nothing sensitive there, just some scenery, and my friends and family have access).

How would you connect this together?

EDIT
I would  like to add that Zyxel switch is completely new, and I haven't even turned it on or know how to use it if it needs some management. For the time being, I'm using some Linksys 8-port PoE unmanaged switch and Asus RT-AC3200 as a router.
« Last Edit: November 08, 2017, 01:12:18 pm by Mesozder »

Offline dbennett

  • Full Member
  • ***
  • Posts: 182
  • Karma: +0/-0
    • View Profile
Re: Bought equipment. what should I do next?
« Reply #1 on: November 08, 2017, 03:16:32 pm »
What type of networking experience do you have?

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 14299
  • Karma: +1331/-194
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Bought equipment. what should I do next?
« Reply #2 on: November 08, 2017, 03:28:15 pm »
Well you can use that new zyxel as just dumb to get started.  Then you can fancier with it after your up and running on new switch.  And you have your remove access in.

To access your network remotely just run through the openvpn wizard.  For plex, you can just port forward.  Or connect in via your vpn then access your plex.

For your camera - I really would not suggest you open that to the public, and just access it via the vpn you setup.
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.3.4_p1 (work)
1x 2.4.2-RELEASE on VM esxi 6.5 (home)

Offline Mesozder

  • Newbie
  • *
  • Posts: 8
  • Karma: +0/-0
    • View Profile
Re: Bought equipment. what should I do next?
« Reply #3 on: November 08, 2017, 03:50:50 pm »
What type of networking experience do you have?
Well, I managed to set up my little network through Asus router the way Iím able to remotely connect to my VPN, Plex and Qnap from outside. Opened some ports and configured some static IPís.
Thatís about it.  :-[

Offline Mesozder

  • Newbie
  • *
  • Posts: 8
  • Karma: +0/-0
    • View Profile
Re: Bought equipment. what should I do next?
« Reply #4 on: November 08, 2017, 03:55:17 pm »
Well you can use that new zyxel as just dumb to get started.  Then you can fancier with it after your up and running on new switch.  And you have your remove access in.

To access your network remotely just run through the openvpn wizard.  For plex, you can just port forward.  Or connect in via your vpn then access your plex.

For your camera - I really would not suggest you open that to the public, and just access it via the vpn you setup.
Yes, seems that I should be taking it slowly and gradually learn how to do stuff.
Should I only connect one port on my 4-port NIC to switch?
Any use for other 2 ports, OPT1 and 2?

Online kejianshi

  • Hero Member
  • *****
  • Posts: 4928
  • Karma: +196/-40
  • Debugging...
    • View Profile
Re: Bought equipment. what should I do next?
« Reply #5 on: November 08, 2017, 04:01:50 pm »
Depends.  Do you have things you would like to firewall off fron the things you put on LAN port?

Offline Mesozder

  • Newbie
  • *
  • Posts: 8
  • Karma: +0/-0
    • View Profile
Re: Bought equipment. what should I do next?
« Reply #6 on: November 08, 2017, 04:41:01 pm »
I canít think of any. All devices on network should be able to ęspeakĽ to each other, and be able to connect to Qnap, VPN and Plex.
My biggest concern is all the probing of my server all day long, mostly from Asia, but also from other continents/countries.

Gotta go to bed now. In case of new posts, Iíll reply tomorrow. Thanks for all the help.

Online kejianshi

  • Hero Member
  • *****
  • Posts: 4928
  • Karma: +196/-40
  • Debugging...
    • View Profile
Re: Bought equipment. what should I do next?
« Reply #7 on: November 08, 2017, 04:42:52 pm »
There are packages to address that. 

Offline Mesozder

  • Newbie
  • *
  • Posts: 8
  • Karma: +0/-0
    • View Profile
Re: Bought equipment. what should I do next?
« Reply #8 on: November 09, 2017, 09:11:16 am »
I already took a look at pfblockerng package, but first have to connect everything.
I work this weekend, but will be playing with pfsense from Monday.

Offline ctyokley

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Re: Bought equipment. what should I do next?
« Reply #9 on: November 10, 2017, 09:52:50 am »
Your setup will be probably similar to mine depending if you want to segregate your plex/qnap and ip cams from your internal lan traffic.

Basically on the 4port card that is in the back ofthe pfsense firewall, you will dedicate 1 of the 4 to your WAN.
You can then have up to 3 different interfaces (OPT1, OPT2, OPT3)

You do not have to add OPT2,3 at the time of the install, but can use it if need be at a later time.

Your WAN will automatically get your IP from your ISP, unless you have to configure it. All the configurations on your ASUS router will need to be obliterated. You will need to reconfigure it to remove the firewall and NAT. You will also have to tell it to forward DHCP request to the pfsense box or leave it in its own subnet and allow dhcp to be requested from the asus router. If you go with the later, you will need to add a route on the router pointing back to the pfsense box if you want to get to opt2 or opt3 (if configured)

Once this has been setup and working, you can then work on port forwarding like you had on your asus router.

Now the Zyxel switch comes into question... You can do this one of 2 ways.... You can plug it in on the asus router router or you can add it to an opt port. This is completely up to you, either way you are only getting 1gb traffic unless you LAGG it at which point you can only get 2gbp/s. With a 300Mbit connection, it doesn't really matter.

Offline Mesozder

  • Newbie
  • *
  • Posts: 8
  • Karma: +0/-0
    • View Profile
Re: Bought equipment. what should I do next?
« Reply #10 on: November 11, 2017, 04:16:12 am »
Thanks for reply.
I will definitely remove Asus router from the equation. Pfsense will be routing traffic.
I wonder if both WAN and LAN interface on pfsense need to have DHCP enabled, or only one of them?
To begin with, I'll use Zyxel as a "dumb" switch until I'm more comfortable with both pfsense settings and VLAN. I started switch, and it's a bit noisy for my taste. It has 3 Delta fans spinning all the way to 11000 RPM, producing up to 41.5 dB. I ordered new, quieter, Sunon fans from Germany, and should be getting them on Monday-Tuesday.

Offline ctyokley

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Re: Bought equipment. what should I do next?
« Reply #11 on: November 11, 2017, 07:53:09 am »
.
I wonder if both WAN and LAN interface on pfsense need to have DHCP enabled, or only one of them?
To begin with, I'll use Zyxel as a "dumb" switch until I'm more comfortable with both pfsense settings and VLAN. I started switch, and it's a bit noisy for my taste. It has 3 Delta fans spinning all the way to 11000 RPM, producing up to 41.5 dB. I ordered new, quieter, Sunon fans from Germany, and should be getting them on Monday-Tuesday.

Ha!!! 41.5 dB :D ... how do you sleep?

The WAN Setup would be determined by your ISP. for most ISP's it is dhcp. If you have a static IP from your ISP, they should send some type of paper in the mail or email what the IP, subnet, and gateway is. Same is true for PPPoE (They would send you information in the mail/email. The other selections I haven't really seen.

I would definitely leave DHCP on LAN. My question I have is why leave the Zyxel as a dumb switch? You can configure it to be managed and forward dhcp request to pfsense.. from there, you can configure vlans at a later time.


Offline mikeisfly

  • Sr. Member
  • ****
  • Posts: 466
  • Karma: +6/-0
    • View Profile
Re: Bought equipment. what should I do next?
« Reply #12 on: November 11, 2017, 09:34:00 am »
Like others have mentioned, I would connect a cat5e or cat6 wire from your modem to the WAN port on the back of your PfSense box. You will have to decide which port on your nic will be the wan. I would make the built in NIC on your mobo the wan port. I then would connect the first port on the four port nic to the last port 28, on your switch. That will be the LAN Port. I would connect the Access point to port 27 on your switch. I would connect all your clients from port 1 going toward the last. I like to connect clients and devices that will only have one mac address to the first ports and things that will have multiple mac address (switches, access points) to the last ports of a switch. That way you work towards the middle.

If you want to get better bandwidth management you could do a lag port from PfSense to your switch but the probable that I have found with that is you can't put vlans on a lag port. I know you aren't using vlans now, but you have to think about the future. For example you may want to have multiple SSIDs to separate traffic. I personally put my cameras and Hue lights, and ecobee thermostat on a WiFi called IoT to minimize my attack surface. I also have corresponding rules that don't allow traffic from that network to my lan.

Like others have mentioned though I would start simple and then build the network out from there.

Online kejianshi

  • Hero Member
  • *****
  • Posts: 4928
  • Karma: +196/-40
  • Debugging...
    • View Profile
Re: Bought equipment. what should I do next?
« Reply #13 on: November 11, 2017, 12:44:44 pm »
Not sure what kind of port is built in and what kind you added on, but surricata is sensitive about netmap compatibility, so if you plan to run that and want inline function to work, it may not be possible with every NIC port.  In other words, you could have to leave the built in port empty if its not comptible and you want that function.  Hopefully at least the add on NICs are good.  If lucky, they will all work.

Offline mikeisfly

  • Sr. Member
  • ****
  • Posts: 466
  • Karma: +6/-0
    • View Profile
Re: Bought equipment. what should I do next?
« Reply #14 on: November 11, 2017, 02:15:37 pm »
Not sure what kind of port is built in and what kind you added on, but surricata is sensitive about netmap compatibility, so if you plan to run that and want inline function to work, it may not be possible with every NIC port.  In other words, you could have to leave the built in port empty if its not comptible and you want that function.  Hopefully at least the add on NICs are good.  If lucky, they will all work.


Looks like if the board is https://www.newegg.com/Product/Product.aspx?Item=N82E16813132565R&cm_re=asus_maximus_viii_hero-_-13-132-565R-_-Product

then the built in NIC is Intel I219-V  and here is the data sheet https://www.intel.com/content/www/us/en/embedded/products/networking/ethernet-connection-i219-datasheet.html
The specs on the 4 port HP card is located here: https://www.hpe.com/h20195/V2/getpdf.aspx/c04111679.pdf?ver=4

Looks like your setup is more for gaming than a router, but hey if you having it laying around why not. Doubt FreeBSD will have drivers for everything.