Announcement

Collapse
No announcement yet.

Help configuring a new install of pfsense for subnet routing

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Help configuring a new install of pfsense for subnet routing

    I have been given a /28 block of public ip's for my dedicated server.
    These ip's are on a different subnet from my existing ip range (that came with the server) and I have been told I need to route them myself.

    I have installed pfsense but I need some help setting it up (I'm fluent in IT, windows server management etc and understand tcp/ip basics, but I am completely a noob when it comes to routing).

    Basically, I want to ip range to be able to access the internet, but they don't need access to my current ip range.
    Can anyone advise?
    David Silvester
    Systems Administrator

  • #2
    Re: Help configuring a new install of pfsense for subnet routing

    Bump. can anyone help with this? Maybe I am going the completely wrong way about it, I don't know.

    If anyone can give me some pointers it would be great!
    David Silvester
    Systems Administrator

    Comment


    • #3
      Re: Help configuring a new install of pfsense for subnet routing

      Damn, no reply in 25 hours, at a weekend, in the holiday season. Lousy QoS these days, obviously a refund of your membership fee is in order

      David, please remember the board is staffed by, and questions are answered by, volunteers - if anyone had read your post and was able to help, they would have, but since no-one did, please be a little patient about things.

      Have you tried pfsense support, since they make the product? http://www.pfsense.org/[email protected]=69.html
      Tom Jones
      MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
      PhD, MSc, FIAP, MIITT
      IT Trainer / Consultant
      Ossian Ltd
      Scotland

      ** Remember to give credit where credit is due and leave reputation points where appropriate **

      Comment


      • #4
        Re: Help configuring a new install of pfsense for subnet routing

        Originally posted by Ossian View Post
        Damn, no reply in 25 hours, at a weekend, in the holiday season. Lousy QoS these days, obviously a refund of your membership fee is in order

        David, please remember the board is staffed by, and questions are answered by, volunteers - if anyone had read your post and was able to help, they would have, but since no-one did, please be a little patient about things.

        Have you tried pfsense support, since they make the product? http://www.pfsense.org/[email protected]=69.html
        Haha! I really apologise, I do fully appreciate all of the above and I was not trying to come across as inpatient but I obviously did!

        Part of the reason for my additional post, was that I am so far out of my depth, I wasn't sure if I was going down the completely wrong path, and maybe noone answered because Im not making any sense!

        I would ask on the PFsense forums, but Im not even sure if thats the tool that I need for the job!
        David Silvester
        Systems Administrator

        Comment


        • #5
          Re: Help configuring a new install of pfsense for subnet routing

          Originally posted by davids355 View Post
          Basically, I want to ip range to be able to access the internet, but they don't need access to my current ip range.
          Can anyone advise?
          By design, everything should be able to see everything. At least that was the original intent. So without applying ACLs or setting up firewall rules, the subnets will see each other.

          I'm not saying you should have the subnets see each other, I'm just saying that, if things are setup correctly, the traffic will route between those subnets just fine unless you take measures to secure your network. A firewall is a must.

          I say all that because I know from your other posts that some of these IP addresses are assigned directly to servers and they'll need to be secured.

          OK, now, can you provide a diagram of your network and the last octet or two the IP address for the nodes on the network? Also, if you could post the information your host gave you regarding the subnets, sanitized as necessary, that should help us get you on the right path.
          Regards,
          Jeremy

          Network Consultant/Engineer
          Baltimore - Washington area and beyond
          www.gma-cpa.com

          Comment


          • #6
            Re: Help configuring a new install of pfsense for subnet routing

            Double post.
            David Silvester
            Systems Administrator

            Comment


            • #7
              Re: Help configuring a new install of pfsense for subnet routing

              Let's keep this one going and I'll have the mod merge them.
              Regards,
              Jeremy

              Network Consultant/Engineer
              Baltimore - Washington area and beyond
              www.gma-cpa.com

              Comment


              • #8
                Re: Help configuring a new install of pfsense for subnet routing

                Originally posted by JeremyW View Post
                OK, now, can you provide a diagram of your network and the last octet or two the IP address for the nodes on the network? Also, if you could post the information your host gave you regarding the subnets, sanitized as necessary, that should help us get you on the right path.
                Now, can you address the above?
                Regards,
                Jeremy

                Network Consultant/Engineer
                Baltimore - Washington area and beyond
                www.gma-cpa.com

                Comment


                • #9
                  Re: Help configuring a new install of pfsense for subnet routing

                  OK, Details of my current setup are as follows:
                  (First two octets of each address changed for security).


                  Dedicated server
                  server 2008 R2
                  1.2.164.38
                  This is provided by my hosting provider.
                  Gateway for this server is 1.2.164.1 - host manages that gateway.
                  I have 4 additional public IPs with this server:
                  1.2.164.56
                  1.2.164.57
                  1.2.164.58
                  1.2.164.59
                  they all work and I can assign them to VMs running in Hyper V on my 2008 server without issue.

                  I now have another block of IPs, provided by my host (As I wanted more public facing VMs):
                  2.3.74.0/28

                  They told me this is delivered as a static route and has no gateway on the subnet.

                  My goal is to be able to assign IP addresses from that new subnet, to some of my VMs in HyperV and have them internet enabled.

                  The VMs dont need to communicate directly with each other, they are just various test machines that I use independently of each other.
                  David Silvester
                  Systems Administrator

                  Comment


                  • #10
                    Re: Help configuring a new install of pfsense for subnet routing

                    Originally posted by davids355 View Post
                    I now have another block of IPs, provided by my host (As I wanted more public facing VMs):
                    2.3.74.0/28

                    They told me this is delivered as a static route and has no gateway on the subnet.
                    But we need to know where the static route is sent. They have to provide you with more information.

                    The ones who gave you the subnet and the ones who control the router, are they the same or different?

                    I think it's safe to assume that the subnet is routed to 1.2.164.1. The question is, where does 1.2.164.1 route that subnet to? It needs to be routed to one of the IP addresses they gave you.
                    Regards,
                    Jeremy

                    Network Consultant/Engineer
                    Baltimore - Washington area and beyond
                    www.gma-cpa.com

                    Comment


                    • #11
                      Re: Help configuring a new install of pfsense for subnet routing

                      This is what I have been told by my provider:

                      The addresses are routed towards the primary IP of your server. You can either bind them to the physical machine as secondaries for the NIC, and utilize NAT for your virtual machines, or you can enable ip forwarding and utilize the Windows Routing & Remote Access Service.
                      David Silvester
                      Systems Administrator

                      Comment


                      • #12
                        Re: Help configuring a new install of pfsense for subnet routing

                        OK, so it sounds like to me that they're sending the subnet to 1.2.164.38.

                        You can test this by adding one of the IPs as a secondary address on the same NIC and see if you can then ping it externally (make sure the firewall will allow the reply).

                        If that's the case then you have 3 options:
                        1. you will need to setup the router at 1.2.164.38 and use a different IP for your Hyper-V host
                        2. Have your provider route the subnet to a different IP that you assign your router
                        3. Setup an router/firewall that will NAT the IP addresses to private subnets you setup for your VMs.
                        Regards,
                        Jeremy

                        Network Consultant/Engineer
                        Baltimore - Washington area and beyond
                        www.gma-cpa.com

                        Comment


                        • #13
                          Re: Help configuring a new install of pfsense for subnet routing

                          Originally posted by JeremyW View Post
                          OK, so it sounds like to me that they're sending the subnet to 1.2.164.38.

                          You can test this by adding one of the IPs as a secondary address on the same NIC and see if you can then ping it externally (make sure the firewall will allow the reply).

                          If that's the case then you have 3 options:
                          1. you will need to setup the router at 1.2.164.38 and use a different IP for your Hyper-V host
                          2. Have your provider route the subnet to a different IP that you assign your router
                          3. Setup an router/firewall that will NAT the IP addresses to private subnets you setup for your VMs.
                          Fantastic! I assigned 2.3.74.3 as secondary IP to the main server (1.2.164.3 and I could successfully ping 2.3.74.3 from a remote system!

                          So, can I get the subnet routed to the IP that I have assigned to PFsense?
                          And then will it work out of the box, or will I need static routes set up in PFsense?
                          David Silvester
                          Systems Administrator

                          Comment


                          • #14
                            Re: Help configuring a new install of pfsense for subnet routing

                            the host has suggested this to me:

                            Traditionally, you would use the Routing and Remote Access service on the machine. You would enable ip forwarding and bind an IP for use as a gateway for the VMs to the virtual NIC created in RRAS. In your case, the proposed gateway would be 2.3.74.1

                            You would create your VMs using the routed network setup in RRAS and configure the VMs with 2.3.74.1 as the gateway.

                            Does that make sense?
                            How exactly do I do that? When I enable routing and remote access, I dont get any option to add IP addresses??
                            David Silvester
                            Systems Administrator

                            Comment


                            • #15
                              Re: Help configuring a new install of pfsense for subnet routing

                              You shouldn't need any static routes.

                              Just for clarification, are you going to swap IP addresses of the Hyper-V server and the PFSense VM or are you going to ask the provider to change their route?
                              Regards,
                              Jeremy

                              Network Consultant/Engineer
                              Baltimore - Washington area and beyond
                              www.gma-cpa.com

                              Comment

                              Working...
                              X