Community discussions

MikroTik App
 
frayper
just joined
Topic Author
Posts: 5
Joined: Mon Jan 25, 2021 8:06 am

advice to best configuraton MK + PFsense

Tue Jan 18, 2022 4:56 pm

Hello all, someone can help me to desing the best config?

MK router : DHCP, DNS, VLANs
Pfsense: Gateway internet, IPS/IDS

Networks DHCP:
10.1.1.0/24 vlan1001
10.2.1.0/24 vlan1002
10.3.1.0/24 vlan1003
You do not have the required permissions to view the files attached to this post.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19125
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: advice to best configuraton MK + PFsense

Tue Jan 18, 2022 5:16 pm

If its possible to stick the pfsense after the MT it would solve some issues but is there a way to keep the IPS and IDS functions of pfsense working as intended?
How exactly are these applied ( to outgoing internet traffic or incoming internet traffic for example).
The MT is very flexible on manipulating the path of data!
 
frayper
just joined
Topic Author
Posts: 5
Joined: Mon Jan 25, 2021 8:06 am

Re: advice to best configuraton MK + PFsense

Tue Jan 18, 2022 5:40 pm

Its to monitoring all trafic througt internet ongoing and incoming trafic.

My mk its a CRS326 and when i use mangle, or something to manipulate data or setting on packet snnifer my CPU go to 100% and peformance drop a lot. For that reason I want to use the PFsense (PC with a good hardware) like a gateway on all my subnet, but im not sure how to setting on mk.
 
User avatar
woland
Member Candidate
Member Candidate
Posts: 258
Joined: Mon Aug 16, 2021 4:49 pm

Re: advice to best configuraton MK + PFsense

Tue Jan 18, 2022 5:46 pm

Hi,
great, BSD again! If you want a simple setup, you use the MT as a switch and configure a trunk between pfsense and MT, with vlan interfaces as gateways. Then you should handle DCHP and DNS on pfsense.
Snort should be run on the WAN interface as it is known to have problems with VLANs.
It would be possible to have DHCP and DNS on MT, but then you need a firewall ruleset on the MT to control traffic between the three inside subnets. Also it would consume more CPU on the MT and less on the pfsense.
Then you need to set the gateway for those networks to the MTs IPs. Also set up a network between the MT and the pfsense like this:
Inet
|
pf 10.0.0.0/12 via 10.200.11.2
|10.200.11.1/28
|
|10.200.11.2/28
MT 0.0.0.0/0 via 10.200.10.1
|
|
10.1.0.0/24
10.2.0.0/24
10.3.0.0/24

Great opportunity to learn subnetting :)

BR
Woland
 
frayper
just joined
Topic Author
Posts: 5
Joined: Mon Jan 25, 2021 8:06 am

Re: advice to best configuraton MK + PFsense

Tue Jan 18, 2022 6:06 pm

greate! lets try

Who is online

Users browsing this forum: GoogleOther [Bot], Greyhard, yosmithy and 37 guests