DHCP, AD, monitoring and Firewall

I am wondering. if you’re setting up a network with Opnsense, NtopNG and Pi-hole

How would the DHCP be configured in this case scenarios, especially if youre looking to implement Active Directory using Nethserver as the Main controller, and probably as a file server?

And now, where would NXfilter come in in this kind of setup.

In your opinions, is it advisable to have a network with this kind of configurations for different case scenario.

I think my head is now getting even more confused. Someone with a better suggestion on how to do a proper implementation,

If it should be a Windows AD Server, i’d use Pi-Hole as a forwarder for * into the DNS server of AD.

1 Like

just got lost here.

WINS i don’t know if it has use in this arrangement. I don’t remember which of nethserver guys follows the Samba-AD Package…
IMVHO WINS should be a no-go today.

Edit: @Elleni the language of the forum is English, and it’s the default language of cockpit. Please, post screenshots in english.

The screenshots were ment to assist the thread opener, trying to give back to the community because I have myself received great support here. But never mind, I deleted them as I did not want to disturb with screenshots in my mothertongue, and wont post anymore and leave the help to the experienced ones…

No disturbance at all. Screenshots are helpful but we suggest that whenever possible “better” if they are in English, as for the time being it is the language this community decided to rely on to allow people from different countries to communicate and understand each other, a common ground for native English speakers and non-English speakers (like you, @ pike and myself). Although from time to time miscommunication happens when we miss facial language, corporal gestures and voice tone, and hell yeah, even when we have all those…

I’d like to think this is an inclusive community, so hope it is clear no disrespect intended to your mother-tongue or any other language and culture. Do not refrain from posting whenever you think suits.

And I will leave it at that, as the moderator in me is tempted to moderate my post for telling the unnecessary and obvious, and for exceeding the character limit of common messaging systems. :slightly_smiling_face:

2 Likes

@pike

Hi

WINS:

In an environment with only Win10 or 2016/2019 Windows (Other OS do not matter in this), I’d agree WINS is a No-Go nowadays.

In Environments still running “legacy” Windows. like Win7 or even WinXP, or older Windows Server Systems - even if only for migration to newer systems - using WINS can help a lot. This can eg be enabled until all the legacy windows are migrated, then deactivate WINS…
This part of advice is directed at those setting up a new NethServer system to replace “legacy” systems, eg SBS 2003… (There are more such “beasts” alive than one would imagine!).

The best compromise I can come up with as honest advice.
WINS has long been misunderstood, misconfigured, but has actually served it’s purpose well for 20 years. But it’s definetly time for retirement! :slight_smile:

My 2 cents
Andy

1 Like

@elleni as stated by @dnutan, my request (the please used is not just a word) was for a better comprehension of the message you’re tring to send to the community.
As Italian, my knowlegde of german is quite non-existent, and i apologize for that, so the screenshots in german are quite a trick for me for fully understand (i have to research and translate quite every term if i don’t have a hint from cockpit command/labels position).
Also, no disrepect for every language… sometimes @Andy_Wismer (he’s swiss) starts chatting with other people in french and german, and sometimes i mock him a bit, but i think that he knows i’m joking, and we have a laugh about that. Also… The “mother ship” of this project is an Italian company, so should be a lot easier for me write in Italian to the developers and to the project manager, but they will surely answer me to use English, for helping not Italian people to understand.
So Elleni… I’m sorry if my words gave you the wrong impression, i hope you now understand a bit better what i meant.

I disagree. The only environments which need WINS are NT4 based for servers or clients and DNS is a far more flexible tool for adding some interesting things like CNAMES, aliases and round robins for internal services (even without joining AD).

1 Like

@pike

DNS IS much more flexible, i fully agree with that.

And I’m not saying Win2000 or Win2003 NEED WINS - but it does help a lot with name resolution in a crappy set up of an AD!

However, I’ve migrated more than my share of “legacy” Windows systems, set up by “trained MSCE” people, without correct DNS, NO reverse DNS etc. Even worse: setup with .local !!!
I NEVER use .local, since 25 years at least!
Add to that a rather crappy setup for DHCP - not uncommon by such MSCEs…

Add in devices which may contain an “Embedded Windows System”, like X-Ray machines / Controllers, or other equipment to make the headache perfect.

This is where WINS does help!

I’m talking mainly about Win2000 and Win2003, mostly SBS, but also conventional systems!

My 2 cents
Andy

1 Like

@pike The language in my answer was in english. As the user wrote that he got lost, I thought maybe some screenshots would help him find the ip of the container and the dhcp settings. For that purpose the printscreens were helpful enough imho - regardless of the language - they were just ment to show where to look. However, I learned something from this thread as I removed wins from my dhcp settings, and everything still works so thanks for that. And I will see if I can find the time to change language before taking screenshots the next time - as I happened to answer to this post in my worktime after all…

SO now, in this case, how would be the best model to configure all these systems to work together without hindering performance on the network usage