Netgate SG-1000 microFirewall

Author Topic: PPPoE-Installation?  (Read 12121 times)

0 Members and 1 Guest are viewing this topic.

Offline Braindead_One

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
PPPoE-Installation?
« on: November 06, 2005, 01:19:56 pm »
I'm currently trying to install pfsense to use it as router. My problem is that the designated machine only has 1 physical nic - Internet connection is established via PPPoE...
Is there any way to enable the Webinterface with only 1 physical nic?

Thanks in advance
Braindead One

Offline cmb

  • Hero Member
  • *****
  • Posts: 11228
  • Karma: +896/-7
    • View Profile
    • Chris Buechler
Re: PPPoE-Installation?
« Reply #1 on: November 06, 2005, 01:58:13 pm »
No, you must have at least two Ethernet interfaces. 

Offline Braindead_One

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Re: PPPoE-Installation?
« Reply #2 on: November 06, 2005, 02:20:49 pm »
But why? Sending lan- and pppoe-traffic over the same line is perfectly possible (and, as long as the lan is trusted, perfectly secure). I dont need a dedicated WAN-Interface

Offline cmb

  • Hero Member
  • *****
  • Posts: 11228
  • Karma: +896/-7
    • View Profile
    • Chris Buechler
Re: PPPoE-Installation?
« Reply #3 on: November 06, 2005, 02:35:41 pm »
NIC's are cheap and easy to come by, developer time isn't.  this would, without a doubt, introduce all kinds of issues due to the back end design of the system, and there's no telling how the PPPoE client would or wouldn't handle this.  I wouldn't consider it "perfectly secure" either since you're putting your LAN and WAN on the same broadcast domain.  Wouldn't be difficult to end up wtih some unintended consequences. 

A firewall needs two interfaces, period.  Anything else is a kludy hack.

Offline thinair

  • Full Member
  • ***
  • Posts: 143
  • Karma: +1/-0
    • View Profile
    • nelsonpapel.com
Re: PPPoE-Installation?
« Reply #4 on: November 06, 2005, 07:39:08 pm »
is it possible with a managed switch and VLAN's??
Nelson Papel

Offline Braindead_One

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Re: PPPoE-Installation?
« Reply #5 on: November 07, 2005, 12:36:51 am »
While i agree that you shouln't just plug your T1 into your Lan switch i still don't see the point with DSL-Connections...
What you suggest is:

[Nic0]->Switch->Lan
[Nic1]->DSL-Modem
[ppp0]->Internet

While my suggestion is:

[Nic0]->Switch->Lan|DSL-Modem
[ppp0]->Internet

Since PPPoE encapsulates Internet-Traffic there will be no collisions, and once the connection is established there are 2 Interfaces...
Problem is that i want to put the box into a closet where it's already difficult to have 1 ethernet-cable ;)

Offline kikawala

  • Newbie
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
    • MedSynergies, Inc.
Re: PPPoE-Installation?
« Reply #6 on: November 07, 2005, 08:18:47 am »
Then put a switch in the closet and you should be able to use 2 NICs in the pfSense box.

Offline Braindead_One

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Re: PPPoE-Installation?
« Reply #7 on: November 07, 2005, 08:42:21 am »
Then put a switch in the closet and you should be able to use 2 NICs in the pfSense box.
This would be a real waste of Money... I'd have to buy a switch just to split the 1 Cable i put into the closet into 2...

Offline thinair

  • Full Member
  • ***
  • Posts: 143
  • Karma: +1/-0
    • View Profile
    • nelsonpapel.com
Re: PPPoE-Installation?
« Reply #8 on: November 07, 2005, 11:33:24 am »
basically to review what I meant with the VLAN's...

I could have my pfsense box with 2 NIC's, a wired NIC, and a wireless nic.

The wired NIC could have 3 VLAN's for example, wan (vlan1), lan (vlan2), and dmz (vlan3).  And then setup a port on the switch for VLAN 1 to plug in the modem, have like 3 ports for VLAN 2, one port as a trunk going into the pfsense box, and the rest on VLAN 2.
I can't see why the PPPoE wouldn't work over a VLAN.

Hmmm....something to try once I get home.

Although this setup might be a little crowded on a 100Mb link, but still, my internet connection tops out 4.4Mb, and my DMZ rarely gets used.

With a setup like this a really low profile case could be used as well.
Nelson Papel

Offline billm

  • Hero Member
  • *****
  • Posts: 731
  • Karma: +1/-1
    • View Profile
    • UCSecurity - Technology discovery and ramblings
Re: PPPoE-Installation?
« Reply #9 on: November 07, 2005, 10:10:28 pm »
I think it was you that posted that multiple VLANs in this setup works.  As previously mentioned, we require two interfaces - they can be one physical with multiple logical, but there must be two interfaces.

--Bill
pfSense core developer
blog - http://www.ucsecurity.com/
twitter - billmarquette

Offline charincol

  • Jr. Member
  • **
  • Posts: 28
  • Karma: +0/-0
    • View Profile
Re: PPPoE-Installation?
« Reply #10 on: November 07, 2005, 10:17:50 pm »
While my suggestion is:

[Nic0]->Switch->Lan|DSL-Modem
[ppp0]->Internet



This would be a real waste of Money... I'd have to buy a switch just to split the 1 Cable i put into the closet into 2...

Do you already have a switch as your "suggestion" suggests?  Or not?  Cause if you do, then only one more nic is required to make a pfSense box work for you and like previously mentioned, and will end up being your least headache as cheap and easy as nics are these days.  What FW/router solution are you using right now, if any?  Where does the "one" cable in the closet go to?

I have DSL and make the PPPoE connection with my pfSense box and this is how I have it set up.
Internet>DSL Modem>pfSense Box>Switch>LAN

It doesn't make much sense, even if it does work, to use one nic to do everthing just to say your not wasting money.  If all you want is a router, then a DSL Modem and a switch (still confusing as to whether you have one or not) is all that is necessary since most DSL modems these days have a built-in router; you just add the switch or hub.

If pfSense will not work for you then don't use it.  Its not very nice to ask (demand) these hard working guys who are doing this for free to implement something that could create serious problems in their product that would be never have any practical use for %99.9 of its users.
« Last Edit: November 07, 2005, 10:19:45 pm by charincol »

Offline kikawala

  • Newbie
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
    • MedSynergies, Inc.
Re: PPPoE-Installation?
« Reply #11 on: November 07, 2005, 11:51:10 pm »
Only other option I can think of is that you only need 2 pairs for a 100TX connection and you have 4 pairs in a CAT5 cable.  You can use 2 network splitters (one in the closet, one at the other end) like the one in the attached image.

Offline Braindead_One

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Re: PPPoE-Installation?
« Reply #12 on: November 07, 2005, 11:57:31 pm »
While my suggestion is:

[Nic0]->Switch->Lan|DSL-Modem
[ppp0]->Internet



This would be a real waste of Money... I'd have to buy a switch just to split the 1 Cable i put into the closet into 2...

Do you already have a switch as your "suggestion" suggests?  Or not?  Cause if you do, then only one more nic is required to make a pfSense box work for you and like previously mentioned, and will end up being your least headache as cheap and easy as nics are these days.  What FW/router solution are you using right now, if any?  Where does the "one" cable in the closet go to?

I have DSL and make the PPPoE connection with my pfSense box and this is how I have it set up.
Internet>DSL Modem>pfSense Box>Switch>LAN

It doesn't make much sense, even if it does work, to use one nic to do everthing just to say your not wasting money.  If all you want is a router, then a DSL Modem and a switch (still confusing as to whether you have one or not) is all that is necessary since most DSL modems these days have a built-in router; you just add the switch or hub.

If pfSense will not work for you then don't use it.  Its not very nice to ask (demand) these hard working guys who are doing this for free to implement something that could create serious problems in their product that would be never have any practical use for %99.9 of its users.

I Already have a switch, but it is in different room. There is only room for 1 Cable to the closet, so i'd have to buy a second switch just to split the 1 Cable into 2. And that would really be a waste of money ;)

I never asked nor demanded anyone to implement anyting! I Just asked whether it is possible to start the Webinterface when there is ony 1 nic and, after the "no" by cmb i asked why....

I think it's an unnecessary limitation that the Webinterface only works if 2 nics are Present.
« Last Edit: November 08, 2005, 05:08:23 am by Braindead_One »

Offline charincol

  • Jr. Member
  • **
  • Posts: 28
  • Karma: +0/-0
    • View Profile
Re: PPPoE-Installation?
« Reply #13 on: November 08, 2005, 08:38:54 am »
See http://forum.pfsense.org/index.php?topic=61.msg220#msg220 for details on how Thinair has had success in making this work.  He doesn't say whether the web interface is working or not.  But he uses a managed switch to set up a trunk line so both PPPoE and LAN traffic run on one cable.

Offline thinair

  • Full Member
  • ***
  • Posts: 143
  • Karma: +1/-0
    • View Profile
    • nelsonpapel.com
Re: PPPoE-Installation?
« Reply #14 on: November 08, 2005, 12:19:33 pm »
Everything works as it did when I had multiple NIC's, but this does require the use of a managed switch.

Although that splitter looks like a pretty cool idea, I know something like that would come in handy for me for certain network drops in my home (provided they're not gigabit links.)
Nelson Papel