Project 1 : PFSense Routing



  • @WrCombs I would learn by using Linux. The reason why is that Windows hides a lot of processes in the background. They get abstracted away. You wont understand them if you don't see them and have to interact with them. If you learn it the Linux way, Windows becomes mostly trivial.



  • @jmoore said in Project 1 : PFSense Routing:

    @WrCombs I would learn by using Linux. The reason why is that Windows hides a lot of processes in the background. They get abstracted away. You wont understand them if you don't see them and have to interact with them. If you learn it the Linux way, Windows becomes mostly trivial.

    only way i would be able to do that at this point would be a linux VM..
    which flavor should I choose?



  • @WrCombs Here i found them.
    https://www.tutorialspoint.com/data_communication_computer_network/index.htm
    and
    https://www.computernetworkingnotes.com/networking-tutorials/

    Do some hands on stuff like Scott mentioned and read these and you should have a decent grasp of things.



  • @WrCombs said in Project 1 : PFSense Routing:

    @jmoore said in Project 1 : PFSense Routing:

    @WrCombs I would learn by using Linux. The reason why is that Windows hides a lot of processes in the background. They get abstracted away. You wont understand them if you don't see them and have to interact with them. If you learn it the Linux way, Windows becomes mostly trivial.

    only way i would be able to do that at this point would be a linux VM..
    which flavor should I choose?

    It doesn't really matter and a vm is just fine. Whatever distro you are comfortable with. Fedora, Ubuntu, Mint, Opensuse.



  • @jmoore said in Project 1 : PFSense Routing:

    @WrCombs said in Project 1 : PFSense Routing:

    @jmoore said in Project 1 : PFSense Routing:

    @WrCombs I would learn by using Linux. The reason why is that Windows hides a lot of processes in the background. They get abstracted away. You wont understand them if you don't see them and have to interact with them. If you learn it the Linux way, Windows becomes mostly trivial.

    only way i would be able to do that at this point would be a linux VM..
    which flavor should I choose?

    It doesn't really matter and a vm is just fine. Whatever distro you are comfortable with. Fedora, Ubuntu, Mint, Opensuse.

    VMs will do the trick, but I have a feeling that the abstraction will make it so much harder. So many more moving parts, and so much harder when you can't put your hands on something. Physically having computers goes a long way. We were buying old computers for $20 back in the mid-1990s. They have to be all but free today.



  • @scottalanmiller said in Project 1 : PFSense Routing:

    but I have a feeling that the abstraction will make it so much harder.

    Make a tutorial on how to setup a private network in virtual box and then how to make that the only network on the VM's. That equates to the same thing.



  • @JaredBusch said in Project 1 : PFSense Routing:

    @scottalanmiller said in Project 1 : PFSense Routing:

    but I have a feeling that the abstraction will make it so much harder.

    Make a tutorial on how to setup a private network in virtual box and then how to make that the only network on the VM's. That equates to the same thing.

    From a purely "how human brains think", I don't think that it does. There is something really educational about touching wires and seeing where electrons have the opportunity to go that really helps you to understand flows.



  • I think lab exercises to learn something are pointless to a large degree.

    I think it is better to make use of technology and by installing, setting up and using things, you will encounter problems that forces you to learn more about the subject and what you need in order to get the job done.

    You will learn more that way and what you learn will have real world applications. But perhaps more importantly, you will be motivated to learn and get immediate gratification of having accomplished something meaningful when you succeed.



  • @WrCombs said in Project 1 : PFSense Routing:

    @Pete-S said in Project 1 : PFSense Routing:

    @scottalanmiller said in Project 1 : PFSense Routing:

    @Pete-S said in Project 1 : PFSense Routing:

    I have no idea what you want @WrCombs to accomplish. You should probably draw the network diagram.

    I want there to need to be a non-default route 🙂

    OK, one scenario I can think of is this:

    You have an Edgerouter on your LAN, 192.168.1.0/24, that gives you internet access.
    Now you want to add your server fleet (VM host) to the LAN and protect them behind a pfSense firewall/router.

    All your servers are located on the server LAN, 10.100.1.0/24.

    1. How can you let the W10 client have access to the server LAN, for instance 10.100.1.2, by changing the Edgerouter config?

    2. How can you access the server LAN from your W10 client directly (without sending that traffic over the Edgerouter)?

    static_routing.png

    1. Wouldn't updating the Edgerouter Routing Table control that?
      if not then I have No idea, This is a static routing environment so, My guess would be to change the routing table to show the next hop to 10.100.1.2 is to go through 192.168.1.123.

    2. Assuming the switch is a dumb switch and is not programmed, I have no idea. How would you ?

    The whole reason behind doing this is to understand it, and the more I do it the more and more I get confused, for what ever reason I can't learn networking outside of the basics.

    1. Yes, updating the routing table on the Edgerouter will accomplish that. But you would do it with the entire server subnet. So 10.100.1.0/24 would be routed to 192.168.1.123. So that means when a device what's to access some IP address in the 10.100.1.0/24 network it will send that traffic to 192.168.1.123.

    2. You would route traffic directly from the W10 client to the pfSense router by changing the routing table on the W10 client. Do a route print on the windows machine and you'll see what routes it have. The routing table is basically instructions on how to reach IPs that are outside the W10's own subnet. That's why you will find something like this:

    IPv4 Route Table
    ===========================================================================
    Active Routes:
    Network Destination        Netmask          Gateway       Interface  Metric
              0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.33    266
    

    That's the default route. And it points to the Edgerouter.

    To tell the machine it needs traffic that belongs to the pfSense router (and not everything to the Edgerouter) you would add routes on the windows machine by running route add.

    There are some other tricks that can be done to accomplish this in other ways as well. For instance it's possible to automatically push static routes to the W10 machine from the Edgerouter if you are using DHCP. So when the W10 machine gets it's IP and other network info as it is booting, it also get the static route to the pfSense router.



  • @Pete-S said in Project 1 : PFSense Routing:

    I think lab exercises to learn something are pointless to a large degree.

    I think it is better to make use of technology and by installing, setting up and using things, you will encounter problems that forces you to learn more about the subject and what you need in order to get the job done.

    You will learn more that way and what you learn will have real world applications. But perhaps more importantly, you will be motivated to learn and get immediate gratification of having accomplished something meaningful when you succeed.

    This is SO true. It's why I like building out your home as if it were a business. Something you use and rely on daily. Something other people (presumably) depend on, too.

    Some things, like routing, will be much harder that way. But really, if you never learn static routing, you might never be affected by not knowing it.



  • Well If you have enough free time you can try taking advantage of one week trial of CBT Nuggets and try some of their virtual labs. If I remember correctly some of the instructors is using Cisco Packet Tracer when teaching and its free. Another nice tool is to use GNS3 (https://www.gns3.com/). I like using both the Cisco Packet Tracer and GNS3.



  • @black3dynamite said in Project 1 : PFSense Routing:

    Well If you have enough free time you can try taking advantage of one week trial of CBT Nuggets and try some of their virtual labs. If I remember correctly some of the instructors is using Cisco Packet Tracer when teaching and its free. Another nice tool is to use GNS3 (https://www.gns3.com/). I like using both the Cisco Packet Tracer and GNS3.

    I had a look at Cisco Packet Tracer and it looks like a nice tool for simulations.

    Youtube Video



  • @WrCombs For networking basics, I would also recommend using PacketTracer. You will need to have some basic Cisco routing and switching cli knowledge (guides and resources are available all over the web). Having the ability, to actually see packets travel to your lab network is super valuable when you are starting and will help you really understand routing. You can work with static routes or dynamic routing protocols like OSPF, rip v2, etc. inside packet tracer.

    Here is a work in progress lab, using L3 switches as core internal routers and several vlans. Its simulating a network transitioning from a big flat 10.10.0.0/20 to several vlans
    551f74f5-0b38-4d04-aca8-ebb633af6994-image.png

    Computer objects have cmd terminals, webbrowsers and other stuff so you can troubleshoot network stuff via ping, tracert, etc.
    0a41789b-e1dc-4a8f-a60c-f7d0fdf4add7-image.png

    I really like it and use it quite a lot when I am troubleshooting network issues that I need to have a diagram and see how the packets can flow within the network.



  • @Romo said in Project 1 : PFSense Routing:

    Here is a work in progress lab, using L3 switches as core internal routers and several vlans. Its simulating a network transitioning from a big flat 10.10.0.0/20 to several vlans
    551f74f5-0b38-4d04-aca8-ebb633af6994-image.png

    @Romo N2048-Stack, that's a stack of Dell switches.

    I'm guessing you can't simulate that, only Cisco gear right?



  • @Pete-S only Cisco gear that label along with the sonic wall was more as documentation for myself.