Jump to content

This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!

Router - PFSense (beta 2.1): Difference between revisions

Router - PFSense (beta 2.1) (view source)

Revision as of 21:57, 20 May 2012

853 bytes added ,  20 May 2012
no edit summary
No edit summary
 
= pfSense with IPv4 and IPv6 =
I recently persuaded [http://www.pfsense.org/ pfSense] running on an ALIX based system with a Draytek Vigor 140 ADSL modem to connect up with IPv4 and IPv6 to AAISP. Here are some notes on how. Note thatThat there are some minor faults with it but for the use case presented here it works fine and 2.1 is due for release fairly soon. They have a Redmine bug tracker that you can follow and the forums are excellent for support. The developers are on the ball. There is a patch in there that a PFSense developer put in for me when my IPv6 default route wouldn't work, done the same day I posted - on my system.
 
= Hardware =
 
== pfSense ==
First off, get IPv4 sorted out. Follow one of the many guides out there. It can be tricky to work out which interface is which, so plug one in, configure it at the initial console based interface setup stage, give it an IP address from your LAN range and set the mask. Then try and ping it after putting another address from the range temporarily on a PC or whatever. If it doesn't work then move the LAN cable into another NIC and see if that works. Once LAN is sorted, fire up a browser and point it at the LAN address and carry on the configuration from there. Username: admin, password: pfsense. I recommend you move the web GUI port to another port and enable SSL. There's a built in certificate generator so there is no excuse.
=== IPv4 ===
First off, get IPv4 sorted out. Follow one of the many guides out there. It can be tricky to work out which interface is which, so plug one in, configure it at the initial console based interface setup stage, give it an IP address from your LAN range and set the mask. Then try and ping it after putting another address from the range temporarily on a PC or whatever. If it doesn't work then move the LAN cable into another NIC and see if that works. Once LAN is sorted, fire up a browser and point it at the LAN address and carry on the configuration from there.
 
Start with IPv4 and then move on to IPv6.
 
The default firewall set up is no inbound access at all and just IPv4 out from the LAN subnet.
 
=== IPv4 ===
Set a static IPv4 address on WAN that is in the same range as the Vigor. Create an outbound NAT rule from the LAN subnet to the WAN subnet. The Vigor has no routing table as such but pf can NAT you to it.
 
 
At this point you should be able to browse the internet and connect to the Vigor. The PPPoE interface should have the /32 address assigned to you by AAISP - check it in Status -> Interfaces.
 
Get some firewall rules set up (make sure that you set them to IPv4) and generally get the hang of the system.
 
=== IPv6 ===
* Set the IPv6 configuration type on your PPPoE interface to DHCPv6
* Set the IPv6 on LAN to <your /64 range>::1
* Services -> DHCPv6 Server. Set the top drop down to Unmanaged and save.
 
Have a look at the addresses on your PC ("ip a"/"ifconfig"/"ipconfig /all") and you should find that you now have a global IPv6 address assigned. It will start with the /64 prefix from above.
 
Add some IPv6 rules - eg on the LAN interface: "allow from LAN subnet to any".
 
= Notes =
Gerdesj
24

edits

Retrieved from ‘http://support.aa.net.uk/Special:MobileDiff/1259