Menu
What's new
By:
Filters Better Search

pfSense - Netgate RCE-V 2440 thread

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Nullity said:
My pings were wired. From an ArchLinux GbE integrated-NIC, through my RT-N66U, to my pfSense GbE Intel NIC.
Click to expand...

Over wire makes more sense but still much faster than my wire ping.

My thinkpad (broadcom GbE) connects to RT-AC56U over wire. In Debian Jessie, ping time is about 0.3ms.
 
kvic said:
You guys have fast ping...about as fast as my ping over wire if not faster. Does pfSense really make such a difference? Hmm..
Click to expand...

I didn't think it was all that fast - just have a reasonably designed network in the first place and not a lot of unneeded stuff on it...
 
Now that every man and his dog is converting to pfSense as firewall/router I´m following this thread with great interest. SFX is an experienced and knowledgeable IT guy and it´s exciting to share his experience with implementing a pfSense configuration.

I´d like to buy a pfSense box from pfsense.org or netgate.com myself to support the project, but living in Norway I find it better to shop locally with local guaranty. Therefore I´m looking into buying a Supermicro A1SRi-2758F (Atom Rangeley SoC) prebuilt Mini-ITX pc. I can get it from Nextron, the official Norwegian Supermicro distributor, fully assembled and tested with 5 years warranty.
 
Last edited:
I wouldn't suggest every man and his dog to jump into pfSense - seriously - there's a lot of knobs and levels to tune and tweak, well beyond what most folks want to know or care about... and a lot of ways to get into trouble and have a poor end-user experience...

The Netgate solutions are bare bones and well engineered - rightly sized and ideal for pfSense or other solutions (perhaps), especially tailor made for pfSense deployment.

I do encourage folks to go for the branded solution, pfSense as the pfSense branded devices do directly support the pfSense community effort - and they're a more "turn-key" solution - same hardware, but pfSense is pre-installed, and there's an entitlement for professional support, which the Netgates don't have - don't get me wrong, but Netgate is more focused on the development side of the house - and there, the Netgate is a good option.
 
oletuv said:
Now that every man and his dog is converting to pfSense as firewall/router I´m following this thread with great interest.
Click to expand...

I only saw a handful of people who run or intend to run pfSense here. For home use, I would think ER-X/ER-L or a <$300 mikrokit are better suited.

But I'm interested in pfSense 3.0 for multi-gigabit home internet. :D
 
coxhaus said:
I was using latency in the general sense. It would be nice to have a pfsense compared on the router graphs here since they are our standard. The faster the clock the less latency between clock tics. This is small but there are lots of things which impact latency. I guess you can add instruction set and the quality of programming, etc. By instruct set I mean some CPUs can preform an operation in one clock tic whereas other CPUs may take several clock tics. Over all it makes a difference. The end result is what they can do on the router graphs which is the sum of all things for that device.
Click to expand...

Does this help? Took a little while for the network to settle, but things are looking ok...
status_rrd_graph_img-2.php.png


status_rrd_graph_img-1.php.png
 
kvic said:
I only saw a handful of people who run or intend to run pfSense here. For home use, I would think ER-X/ER-L or a <$300 mikrokit are better suited.

But I'm interested in pfSense 3.0 for multi-gigabit home internet. :D
Click to expand...

Any FOSS router distribution - pfSense, OpenWRT - with great power, comes a steep learning curve, and very fine grained control over the network.

For a turn-key solution - I would agree - ERL/ERX, along with MicroTik, these are also good solutions...
 
sfx2000 said:
I wouldn't suggest every man and his dog to jump into pfSense - seriously - there's a lot of knobs and levels to tune and tweak, well beyond what most folks want to know or care about... and a lot of ways to get into trouble and have a poor end-user experience...
Click to expand...
I guess some of the add-on packages can be tricky, but honestly the basic/general setup seems straightforward and the web GUI interface looks very nice to me, especially the new 2.3 (RC) version.

I find Mark Furneaux´s YouTube videos an excellent introduction to pfSense for new users.
 
sfx2000 said:
Saw that - can't do it right now, as it's a reboot, and will disrupt services...
Click to expand...

Was thinking about it last night, but had a broadband outage that was a bigger problem..

in any event, I'll probably wait a bit - but feel free to relate any experiences on the [Talk] thread I set up.
 
Fun stuff - I typically don't B1T0rr3nt (sorry, avoiding keyword traps here) - pulling down and sharing/seeding the 16.04 ISO...

No impact to downstream/upstream traffic... states table, you can see a fair amount of connections there...
ubuntu_1604_torrent.png


torrentflood.png
 
Last edited:
Lot's of folks feeding at the trough... It's the Ubuntu 16.04 release, so pretty popular - but pfSense, as you've seen above, it's just fine... at these loads, many consumer Router/AP's just fall over, or need to be rebooted after the firehose to recover...

(and yes, overall, I could do better with t0rr3nts, but so very rarely do I do this...)

Going into the shell on pfSense - no sweat...

router_local_ubu1604_torrent_top.png
xmission_piggies.png
 
Last edited:
I noticed you are not using resolver for DNS but DNS forwarder. When I tried DNS resolver my wife's iPhone 6s had issues of slow downs. Did you try it?

I also noticed you have pfsense setup to answer all DNS requests regardless of which DNS server is requested. Do you like this feature? I locked my pfsense to only 2 DNS servers. You don't work unless you use my DNS servers. Of course my preferred DNS servers are handed out by DHCP so as long as you don't change them they will work.
 
If you look under your system information, I am looking at the one you posted, has 127.0.0.1 under DNS which is there to accept all DNS requests and forward to your Google DNS servers. I don't have the 127.0.0.1 defined on my system. I removed it. You may have it defined and not working. You can test it by defining some other external DNS server on a client and do a DNS lookup. If pfsense answers then it is working. If it times out then it is not working which means there is a problem with your config in pfsense.

You may not want this feature if you want to override DNS entries with a client. It depends.
 
coxhaus said:
If you look under your system information, I am looking at the one you posted, has 127.0.0.1 under DNS which is there to accept all DNS requests and forward to your Google DNS servers. I don't have the 127.0.0.1 defined on my system. I removed it. You may have it defined and not working. You can test it by defining some other external DNS server on a client and do a DNS lookup. If pfsense answers then it is working. If it times out then it is not working which means there is a problem with your config in pfsense.

You may not want this feature if you want to override DNS entries with a client. It depends.
Click to expand...

Works fine here - and I had to double check - Resolver is Enabled, and Forwarder is disabled in my config...

dig smallnetbuilder.com from my laptop here - explicitly set to override DNS provided by DHCP...

Code: 
dig smallnetbuilder.com

; <<>> DiG 9.8.3-P1 <<>> smallnetbuilder.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51236
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;smallnetbuilder.com.        IN    A

;; ANSWER SECTION:
smallnetbuilder.com.    300    IN    A    104.25.62.25
smallnetbuilder.com.    300    IN    A    104.25.63.25

;; Query time: 33 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: Fri Apr 22 05:32:31 2016
;; MSG SIZE  rcvd: 69
 
I originally added 127.0.0.1 because it (sometimes...) fixed a bug where pfSense could not resolve DNS for the pfSense update check. I think it was fixed, but I left it anyway, partly because I use NAT to force all DNS queries to dnsmasq.
 
I
sfx2000 said:
Works fine here - and I had to double check - Resolver is Enabled, and Forwarder is disabled in my config...

dig smallnetbuilder.com from my laptop here - explicitly set to override DNS provided by DHCP...

Code: 
dig smallnetbuilder.com

; <<>> DiG 9.8.3-P1 <<>> smallnetbuilder.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51236
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;smallnetbuilder.com.        IN    A

;; ANSWER SECTION:
smallnetbuilder.com.    300    IN    A    104.25.62.25
smallnetbuilder.com.    300    IN    A    104.25.63.25

;; Query time: 33 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: Fri Apr 22 05:32:31 2016
;; MSG SIZE  rcvd: 69
Click to expand...

So you are using DNS resolver not DNS forwarder. I think there is some kind of contradiction in your setup or my understanding. Resolver works from the root DNS servers. You should not have it pointed to Google DNS servers if you use DNS resolver. If you want to lock pfsense to google DNS servers you need to use DNS forwarding not DNS resolver. I could be all wrong about this but this is my understanding reading on pfsense forum. Maybe this is why I had trouble with DNS resolver.
PS
I will post a link in a minute from pfsense forum. Interesting I can't link to pfsense.org right now.


Non-authoritative answer:
Name: pfsense.org
Addresses: 2610:160:11:11::69
208.123.73.69


C:\Users\lee>ping 208.123.73.69

Pinging 208.123.73.69 with 32 bytes of data:
Reply from 208.123.73.4: Destination host unreachable.
Reply from 208.123.73.4: Destination host unreachable.
Reply from 208.123.73.4: Destination host unreachable.
Reply from 208.123.73.4: Destination host unreachable.

Ping statistics for 208.123.73.69:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Anybody else seeing this?
 
Last edited:
You must log in or register to reply here.

Similar threads

M
OPNsense vs. pfSense CE in 2023, what are your thoughts?
Replies
8
Views
3K
ddaenen1
ddaenen1
S
MOCA issues with Xfinity
2
Replies
21
Views
2K
gv932n
G
RMerlin
  • Locked
Beta Asuswrt-Merlin 388.1 Beta is available for select models
44 45 46
Replies
903
Views
189K
RMerlin
RMerlin
drinkingbird
Tutorial Repeaters vs Bridges vs Routers
Replies
0
Views
638
drinkingbird
drinkingbird
Viktor Jaep
BACKUPMON BACKUPMON v1.5.10 -Mar 1, 2024- Backup/Restore your Router: JFFS + NVRAM + External USB Drive! (**Thread closed due to age**)
48 49 50
Replies
987
Views
93K
Viktor Jaep
Viktor Jaep
Similar threads
Thread starter Title Forum Replies Date
C Pfsense wins awards Routers 34
GHammer pfSense No More Without Paid Version? Routers 116
C Pfsense with newer CPUs Routers 22
C Att Fiber bypass for pfsense Routers 1
slackjaw99 pfSense vs. OPNsense AFA offloading logging, database etc to other hardware Routers 4
T pfSense/ OPNsense help Routers 111
A advice about pfsense/opnsense hardware: H87N-wifi Routers 6
M OPNsense vs. pfSense CE in 2023, what are your thoughts? Routers 8
Maverick009 Alternative to pfsense/Opnsense Routers 87
slackjaw99 Great OPNsense/pfSense mini PC with 4 x 2.5gb Intel NICs for just over $200usd on Amazon Routers 44

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 757 (members: 15, guests: 742)
Top