What's new
  • Please do not post any links until you have 3 posts as they will automatically be rejected to prevent SPAM. Many words are also blocked due to being used in SPAM Messages. Thanks!

The Drawer Router - Powered by Intel Atom

BrainEater

Well-known member
Joined
Mar 19, 2007
Messages
2,768
Location
Calgary
hmm vlans eh ?

I'm just getting ready for work , so only a couple comments...

-are you using vlan just to add multiple WAN connections ?

-I assume your switch is correctly configured for vlans and the you have written the appropriate firewall rules.

--------------

I do see one issue from your drawing.

There is no way the IP addy of the modem is 192.168.x.x.
It's either an assigned (static) ip given to you by your ISP , or it's assigned via ISP side DHCP....

:thumb:
 

S_G

Well-known member
Joined
Nov 4, 2007
Messages
824
Location
Montreal
1. Yes. I have no problem with putting all the other devices on the switch as it is. However, I need VLANs if I want to add more modems.

2. My switch's settings are as follows: (ports 1-4 are PCs, 7 is modem, 8 is pfSense)

Code:
VLAN Type:      IEEE 802.1Q |  [U][B]Port-Based[/B][/U]
VLAN Membership
VLAN0 Port 01 02 03 04 05 06 07 08 
VLAN1 Port 07 08
I have also tried: (U is untagged, T is tagged, blank is not part of that vlan)
Code:
VLAN Type:      [U][B]IEEE 802.1Q[/B][/U] |  Port-Based
VLAN Membership
VLAN0 Port 01 02 03 04 05 06 07 08 
            T  T  T  T  T  T     T
Code:
[FONT=Courier New]
 VLAN1 Port 01 02 03 04 05 06 07 08 
                              T  T[/FONT][FONT=Courier New]
PVID Config g1-g6,g8: PVID=1
            g7:       PVID=2
[/FONT]
I have also attempted pretty much every config I could think of. With the PCs on the same VLAN, with the modem on every VLAN, with untagged and tagged, putting the PVID to 1 on them all, with the router on only one VLAN, etc. Nothing works.

The switch has no firewall settings that I know of.


3. My modem has a static IP of 192.168.2.1, which is where the config page is. The modem can also obtain an external gateway IP if it dials into DSL, or I can have another device (ie. a router, a PC) use the modem to make a PPPoE connection separately.
 

BrainEater

Well-known member
Joined
Mar 19, 2007
Messages
2,768
Location
Calgary
ok....

I should say something here.While I do understand VLANs and thier functions , I have never set one up...I'm wingin' it here......Also , as I'm outta town , my PF router aint here for me to try stuff on.

-------

1: If you are going to setup multiple WAN interfaces , you want to do it with separate Network cards , rather than thru VLANs.

2a: Your switch settings look fine.

2b: Sorry , my bad , The firewall settings on the router , not the switch.You need full NAT rules and firewall rules to define the VLANs.

By default PFsense blocks damn near everything , so unless you implicitly set it for the correct config , it won't work.

Related to this ,

Now it's possible I don't know enough about how a 1 card pf rig works , and I'm totally wrong , but :

The 192.168.2.1. address of your modem is just for 'internal access'. It's got nothing to do with your internet.When you are setting up the rules for the VLANs , you need to be using the Gateway IP address from the modem , not the internal one.

:thumb:
 

S_G

Well-known member
Joined
Nov 4, 2007
Messages
824
Location
Montreal
1. Well, I wanted to set up multiple WAN interfaces with VLANs, as I only have the one network card.

2b. Ah, damn. That might be where I went wrong. Going to load it back up. I'll let you know how it goes. So, what you're saying is that by having NO rules on the pfsense box, that is the same as blocking everything?
 

BrainEater

Well-known member
Joined
Mar 19, 2007
Messages
2,768
Location
Calgary
yessir , PF blocks basically everything by default.

On the same token , you will be needing to write nat and firewall rules for programs that need open ports ( bittorrent , games etc) once you do get it up and running.

GL !

:thumb:
 

S_G

Well-known member
Joined
Nov 4, 2007
Messages
824
Location
Montreal
Brain... I love you.

pfSense is up and running now. I just set the firewall to allow everything while I figure this stuff out. As soon as I did, PPPOE dialed in and I was online!

Gotta see if I can get this to boot off the CF card now. Unfortunately, I have no serial cable, so I can't use the standard embedded version, as it has no VGA output.
 

BrainEater

Well-known member
Joined
Mar 19, 2007
Messages
2,768
Location
Calgary
:thumb:

great to hear.

---------

I'm not sure if you'll run into this or not ,but you might , so i'll give you a heads up.

PFsense also does full outbound PAT . when you are setting up firewall/NAT rules for some programs that require a 'direct connection' , you'll probably need to setup outbound port mappings as well as the inbound ones.
 

S_G

Well-known member
Joined
Nov 4, 2007
Messages
824
Location
Montreal
Well, even though I do still love you, I am back on my Tomato WRT54GL for now. I could not for the life of me get MLPPP working on pfSense. This was a deal-breaker, as with no MLPPP (even just single-link), Bell throttles me to hell and back. For now, focusing on the Skulltrail build. I'll get back to this router later this week.
 

Tazer-[X]

Well-known member
Joined
Jul 8, 2008
Messages
555
Location
Terrace, BC
I do beleive that OpenBSd and other BSD variants make an awesome router with a standard p3 and a ton of NICs installed.
 

BrainEater

Well-known member
Joined
Mar 19, 2007
Messages
2,768
Location
Calgary
:haha:

yep....PFsence is written in FreeBSD.

----------

I could not for the life of me get MLPPP working on PFSense
MLPPP or 'DSL Bonding' is not supported by PFSense.

----------

I'm going to mull on this problem...might be 'other ways' to solve it.

Don't give up on making it work tho.Custom routers are the shit.

Here's a pic to keep you inspired ; my PF rig :



-------

Intel p3 800 / asus mobo / 768 MB ram
3x Intel pro MT 1000 NIC's
2x d-link dwgl520 wifi cards
Custom made 1.5u rackmount

runs PFsence 1.2 RC 3
----------

:thumb:
 

Latest posts

Twitter

Top