CSU/DSU options?
-
Just curious on what people are doing when running pfsense on a digital line. I currently use M0n0wall on a Soekris Net 5501 and am looking to upgrade my existing WAN access to a T1. I noticed that Sangoma makes an PCI/PCI express CSU/DSU that would be perfect for what I am wanting, but it looks like support is limited (or non-existant) for either M0n0wall and pfsense.
So, that begs the question, how are people hooking up pfsense and M0n0wall solutions to digital circuits?? I'm trying to stay away from digging out my old Cisco router that I learned my CCNA on which DOES have a WIC on it. I was thinking more of an older external CSU/DSU but it would have to have a RJ-45 Ethernet Jack (not an old school serial) on the DTE side which would then connect to the Soekris box.
Ideas?
-
I'd say generally speaking people just use the cpe (csu/dsu/router) provided to them from the company they bought the T1 from.
I use the cisco 1720 the T1 provider gave us and plug that into the wan of my pfSense. The 1720 has no access rules, it just flows free.
I have a true external IP on my pfSense, along with a handful of other IP's that are routable.Think of all the big international companies with multiple T1's/T3's. None them fiddle around with their own csu/dsu's.
-
I'd say generally speaking people just use the cpe (csu/dsu/router) provided to them from the company they bought the T1 from.
I use the cisco 1720 the T1 provider gave us and plug that into the wan of my pfSense. The 1720 has no access rules, it just flows free.
I have a true external IP on my pfSense, along with a handful of other IP's that are routable.Think of all the big international companies with multiple T1's/T3's. None them fiddle around with their own csu/dsu's.
I guess this makes sense. I was just trying to stay away from having TWO routers.
I have multiple computers/hardware behind my Soekris box and each ones has its own IP. My Soekris (which handles all the NAT) is currently hooked to my ADSL modem.
Doing it like you suggest, I would need at LEAST two public IP's, one for the router provided by the telco (or whomever I am getting the T1 through) and then another for the WAN port on the Soekris/M0n0wall box. The Soekris box would then handle normal NAT operations for all my private IP clients which are behind it on the remaining LAN ports.
So basically, if I want to continue with NAT and private addressing, I need two public IP's. Else, I need an IP block, each hosts gets a public IP, and no more NAT…
Again, was just trying to think of a simple way, but I suppose that is pretty damn simple since you really haven't done much configuration for the Cisco router at all. I'm assuming all you did was tell the Cisco what subnets are attached to your pfsense box. That way you can route to them. Correct? Or do you just have one subnet?? If that is the case, than I bet it was easy! ;)
-
Well in our situation we have 5 public IP's. 4 are usable by us. So the ISP router has 1, my pfsense has 1 and I use the others for email, etc.
You don't need to do anything to the ISP's router just let the pf box do the NATing. Most of the time a T1 comes with 5 public IP's (4 for you to use). Some fake T1's don't have a csu, and route T1 speeds over ethernet I think Speakeasy does that. In that case your method would work too.
The T1 should cost about $400/month or so.
If you forgo the T1, then you could do it your way and ixnay the ISP's device. A bit like what I do for my Fios/cable/dsl clients. Skip the cheap router, and just stick the pfSense box there.