PfSense to Nethserver 6.7 Need Help!

Hi folks, i´m new on Nethserver and so far its looks great! Since i use Pfsense for a long time i get it to work pretty well for my needs, but now i´m trying to do the same scenario on Nethserver but get a little confuse.

My Scenario on Pfsense is

IP range 192.168.25.1/.254 for registered mac users and unlimited bandwidth.
IP range 192.168.26.1 /254 for anyone who connects a new mac without a registration will automatic get this range and gets limited band.
IP range 192.168.27.1/254 for blocked macs.

Schedule to turn off the rule who block Facebook on 11:30 to 1:30 lunch time.
Allias/Rule that unblock Facebook for determined registered/reserved IP
I´m Using transparent proxy and 2 Nics
My installed packages so far are

So, whats is the best way to do that on Nethserver, also can i use those Roles (green, red etc…) to manage that?
There is a way to limit the band for a IP range?

Sorry for bad english, thx.

Hi @thiagotw you are using vlans for ip ranges?

Could you please show the pfsense configuration in more detail?
What feature assigns mac to networks?
For the web browsing profiles, see:
http://docs.nethserver.org/en/latest/content_filter.html
There’s no option to “cut” bandwidth of a range, you can only assign lower priority (so you don’t waste bandwidth).

1 Like

For IP ranges i just set the dhcp for a band limited IP range and new connections will always get this limited IP, then i set manually the ip for the machine by ip reservation feature, since the incoming new connections is not high will not be a problem to me to set it manually.

Sorry for the delay, and thx for answer.

We have some pfsense experts here, @jrab66 @jackyes @ironsky do you have thoughts on this topic?

1 Like

i have a little experience but not good enough to give ideas. Actually, my company enrolled on NETGATE to take formal training with PFSENSE this coming June :smiley:

1 Like

Sure, Sorry for the delay and thx for the fast answer.
So the feature that assigns mac to networks,i suppose is my fingers since i do it manually … :laughing:.
I print some screens from my Pfsense configuration and i will try explain my scenario better.

First i set the DHCP for the range 192.168.25.26/254 every new connection will get this range, and this ip range has a attached rule with traffic shaping .
I set the dhcp range already on Nethserver and looks work like intend, but dont know how to traffic shaping this IP range

New user can upload 1 image per post, so this topic will be a little mess :grin:

Then i check on DHCP Leases for new connections and decide manually assign a ip to a mac, if i will block assign ip .27, if i will register assign ip .25 (full band) or let it be with limited band ip .26.
There is not many incoming new connections, so do it manually is easy and work pretty well.
**I found a similar screen on Nethserver already **

IP Reservation on the ip range .25 with unlimited band.

For the ip range band limiter.

I hope this clarify somethings, and let me know if there is other or better way to do that.:sweat_smile:

Thx.

Elias/rule edit

@malvank @Ctek @jackyes are pfsense savvy as for I know, guys do you have suggestions for @thiagotw ?

AFAIK Actualy the limiter don’t work in pfsense, try to use a penality box in the traffico shaping section, i have no exp on NS ad firewall :slight_smile:

1 Like

Can you please explain the business case of the configuration in PFsense? What is it used for and what are you trying to accomplish with it?

1 Like

On pfsense go in Firewall -> traffic shaper, then chose “Wizards”.
Set the policy as you want, what you are interested in is the penality box.
In the penality box page you can chose the alias to be penalized. (“Cell phone limited band” in your case)
In case of high bandwith usage that alias will be limited in a range from 2% to 20% (as your choiche) of the bandwith.

As you can see here the limiter dosen’t work now. The fix is planned for 2.3.2. If you want to use the limiter instead of the penality box try this workaround found on the last post of the issue on github.

1 Like

I’ts ok, i don’t wanna keep the Pfsense anymore. but indeed the Limiter doesn’t work well, good to know its another way, thx alot for the tip!

The business in case is a store, BuyMore alike but in medium size. There is all departments like any company HR, Logistics etc, also a store where they test the product in front of the customer’s and fix the customer’s products. So u can expect some incoming new connections, there is why the need of a ip range with controlled IP band, ofc a Independent band is a better choice, but its means investments and it´s not a option right now.

Anyway like i said Pfsense works well on this kind of business, but i want try Nethserver. Atm i migrate almost all stuff i use on Pfsense, just stuck on a way to do the band limitation for a ip range.

Btw, i follow the “tip” from @jgjimenezs and create Vlans, going to try the low priority thing, but by mistake i delete the eth0 interface with the ip used to login on Nethserver and looked me out :sweat_smile: whats the root command line to create or reconfigure a interface on Nethserver without re installation ??

I have this screen on Pfsense console command with makes things easy , i don’t know if in Nethserver we have something similar

If i undestand you issue….try this for the eth0 deletion problem :slight_smile:

Nethserver is based on shorewall firewall but I haven’t seen any support for traffic shaping via the firewall on nethserver out of the box? I’m not using Nethserver Firewall much so please correct me if I’m wrong.

Look at the shorewall documentation and see if that can help you to customize the firewall?:
Shorewall Traffic shaping

1 Like

Thx for the answers and help, i will open another topic, with less messy to show up where i stuck, straight on Nethserver this time. :sweat_smile: