Static ip setup with Afrihost

G

g.c

Active Member
Joined
Jun 6, 2011
Messages
33
Reaction score
0
Hi guys, I'm trying to set up a home server behind a firewall via adsl.
I'm going to apply for a static ip from Afrihost.

Now my question is how would I set up this connection from my side, what I need is:
  • phone line connected to adsl modem
  • adsl modem connected to firewall via ethernet cable
  • firewall server is using pfSense, 2 network cards, incoming from modem is WAN, outgoing to internal network is LAN
How do I set up so that the firewall (pfSense), controls the connection on the adsl modem? Set it up in bridged mode? Will that work for static ip setup for Afrihost?

Is it possible to achieve this, what hardware would I require for the modem?

Thanks.
 
Is it necessary to have this configuration?
My concern is that the adsl modem normally has a firewall as well, would I then need to set up NAT for all incoming connections?
 
Forget a Static IP from your ISP and use DynDns Like the rest of us. Can even do it for free via No-IP.com.

And yes you'll need to port forward every service you require access to.

Firewalling is not applicable to a router in bridged mode. It's basically just a modem then.

So your device doing the PPPoE connection will have the IP and need to do the traversal. Which is pfsense in your case.
 
The static IP from Afrihost is just a VPN that runs over your normal ADSL connection. So there will be the normal performance issues associated with VPN's. Unfortunately Telkom is not yet able to allocate static IP's directly through their ADSL infrastructure.
 
deweyzeph said:
The static IP from Afrihost is just a VPN that runs over your normal ADSL connection. So there will be the normal performance issues associated with VPN's. Unfortunately Telkom is not yet able to allocate static IP's directly through their ADSL infrastructure.
Click to expand...

What are the peformance issues? As far as I can see there is no encryption, so is there a speed decrease?
 
Stratt said:
To achieve this, your router will need to be in bridge mode. The Pfsense box will need to do PPPoE dialup for the ADSL account. Then you will need to establish a L2TP VPN tunnel with the same ADSL credentials as specified on Afrihost's site:

http://www.afrihost.com/site/page/static_ip_configuration_settings

I have previously posted how to set this up on Cisco kit here, if it helps:

http://mybroadband.co.za/vb/showthr...t-Static-IP-Setup-on-a-Cisco-800-Series/page2
Click to expand...

Thanks, then to set up a VPN connection to my workplace, I do this separately in pfSense right?
 
g.c said:
What are the peformance issues? As far as I can see there is no encryption, so is there a speed decrease?
Click to expand...

There's always a slight overhead when using a VPN even if it's not encrypted. It's not significant, but it's there.
 
g.c said:
Thanks, then to set up a VPN connection to my workplace, I do this separately in pfSense right?
Click to expand...

If you want a site to site VPN yes. L2TP/IPSec would be best. In short, regarding the overhead/speed, yes, depending on the encryption you use, every packet sent will contain slightly less actual payload data as VPN header utilizes some of it.

This explains it in a bit more detail: http://packetpushers.net/ipsec-bandwidth-overhead-using-aes/
 
Anyone knows the config in pfSense to set up static ip to Afrihost?
 
g.c said:
Anyone knows the config in pfSense to set up static ip to Afrihost?
Click to expand...

I doubt if there is a doc or way you can do it. Technically you should, but from the ISP side they only tested with Cisco, and Billion. OpenWeb had Netgear as a stage, but stay FAAARRR away.

The Billion has been tested and approved with the ISP, so you would need one. Depending on your selection you would get 1 or 5 usable public IP's, and your DSL router would do the connection and setting up of the IP Sec tunnel for you. So you configure one or multiple Public IP's on the WAN interface, and then do your filtering and routing on PFSense.

Unfortunately you can't use that DSL router for 2 purposes. It or make the tunnel to the ISP to give you static IP's, or it is the Firewall and does NATting for you. (and DNS/DHCP etc.)
 
Last edited:
gfmalan said:
I doubt if there is a doc or way you can do it. Technically you should, but from the ISP side they only tested with Cisco, and Billion. OpenWeb had Netgear as a stage, but stay FAAARRR away.

The Billion has been tested and approved with the ISP, so you would need one. Depending on your selection you would get 1 or 5 usable public IP's, and your DSL router would do the connection and setting up of the IP Sec tunnel for you. So you configure one or multiple Public IP's on the WAN interface, and then do your filtering and routing on PFSense.

Unfortunately you can't use that DSL router for 2 purposes. It or make the tunnel to the ISP to give you static IP's, or it is the Firewall and does NATting for you. (and DNS/DHCP etc.)
Click to expand...

so my setup is described as in my first post, i've got an adsl modem in bridged mode, connected to WAN port of pfSense box. So pfSense controls PPPoE connection and should set up the l2tp connection as well.
What I want is the L2TP connection settings in pfSense.
 
g.c said:
What I want is the L2TP connection settings in pfSense.
Click to expand...

If you figure that out let me know. There isn't currently a way to set this up in pfSense that I'm aware of.

What is the purpose of the static IP? Is it really necessary?
 
DrJohnZoidberg said:
If you figure that out let me know. There isn't currently a way to set this up in pfSense that I'm aware of.

What is the purpose of the static IP? Is it really necessary?
Click to expand...

vpn setup to my workplace. they need ip address to load in their firewall.
 
g.c said:
so my setup is described as in my first post, i've got an adsl modem in bridged mode, connected to WAN port of pfSense box. So pfSense controls PPPoE connection and should set up the l2tp connection as well.
What I want is the L2TP connection settings in pfSense.
Click to expand...

I can give you those settings, but it would be a trail and error situation.
I would however say the router is doing its thing (not in bridged mode) and then leave the tunnel to be created by the billion.

For educational purposes we can try your proposed route. We have load shedding, so can only gove you details closer to 21pm
 
g.c said:
vpn setup to my workplace. they need ip address to load in their firewall.
Click to expand...

Ah okay. Tell your office to get a better firewall :p :D

We use a combo of pfSense and Fortinet firewalls, both allow dynamic dns setups.
 
gfmalan said:
I can give you those settings, but it would be a trail and error situation.
I would however say the router is doing its thing (not in bridged mode) and then leave the tunnel to be created by the billion.

For educational purposes we can try your proposed route. We have load shedding, so can only gove you details closer to 21pm
Click to expand...

Really need this set up now... any help would be appreciated, how would we go about setting this up?
 
Ill get my pf box running tomorrow afternoon, and then we can do tests, do you have a static ip arranged with AH, or should we make this work with dyndns?
 
gfmalan said:
Ill get my pf box running tomorrow afternoon, and then we can do tests, do you have a static ip arranged with AH, or should we make this work with dyndns?
Click to expand...

I've got the static ip arranged with AH. Should we do it over phone? I can phone you...
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X