Revised New Build
-
Logging is all to ram only so no worries there. If you used the NanoBSD image it's all taken care of anyway. No need to worry about flash memory life.
Steve
-
O.K., thanks Steve. I may buy a SATA DOM eventually–USB works but it takes a long time to boot!
-
How long? How often do you plan on re-booting!?
My machine is usually up until there's either a new release or I do something to kill it. ::)Steve
-
Once it is fully configured I plan to leave it on continuously without rebooting. It takes ca. two minutes for PfSense to boot up after the motherboard posts.
-
That's similar to my Firebox booting from CF. Not unusually slow.
Steve
-
By the way, it turned out I did not have to do any compensation for the boot to USB option. I have rebooted my build several times and have not run into such a problem. I just purchased an ADSL2+ PCI card (it is made in Australia and I had to buy it from a vendor in Europe). It will take a couple of weeks to arrive, but I plan to use it to bypass my external DSL modem.
-
The Vikiking card from Traverse? (They also seem to have re-branded as rocksolid electronics)
I ran their earlier Pulsar ADSL card under IPCop for years, totally reliable.Steve
-
"The Vikiking card from Traverse?"
Yes, I guess I'll have to adjust the settings to get it to work with my Verizon DSL service.
-
When using Snort in the embedded version of PfSense that I am using, will the updates download to RAM or will they write on my solid state memory? I don't want to install anything that will do periodic memory writes. ???
-
Hmm, I'm not too sure about this but if it's available for embedded installs then someone else has probably already thought of it.
How often does snort update? Even the most basic flash memory still has a large number of writes in it's lifespan.Steve
-
-
stephenw10:
You mentioned you had experience with something similar to the Viking card. I was able to install the card in my PfSense router and place it in bridge mode. I adjusted VPI/VCI to 0 and 35 per the Westel modem I use with my Verizon DSL account. All seemed to go well until I plugged my DSL telephone line into the card. The power and LAN lights are on but the DSL light just flashes slowly–the card does not appear to be trying to negotiate a sync with the DSLAM in my local central office. I will check to see if it a simple problem with my phone cord, but it seems odd that everything else has gone o.k. with the setup and then the card will not sync to my DSL service. I already tried changing the settings between ADSL2, ADSL2Plus, etc. Any ideas? ???
-
The Pulsar adsl card was a true modem rather than a router on a PCI card like the Viking is.
There will almost certainly be some logging available on the Viking card. If not on the web interface maybe on a telnet interface?Steve
-
I can't seem to get the web interface to work. I am using IPMI with the console. I guess I have to download the command index file and do some more research. I may not have hit on the right ADSL settings as yet.
-
How do you have it setup?
This should still apply to your situation:
http://doc.pfsense.org/index.php/How_can_i_access_my_PPPoE_Modem_on_WAN#For_2.0Steve
-
Steve:
It turns out that my Viking card was not getting 12VDC (to power its DSL front end) through my PCIe slot. My riser card adapter, however, has a 12VDC power connector; once I found the right adapter cable I was able to install it and supply 12VDC to the adapter and Viking cards (in addition to the 5VDC already present). The Viking card now works, yippie! :D
-
Steve:
The ability to access my modem's web interface is something in which I still might be interested. The instructions in the link you supplied, however, are a little confusing. My modem has a default address of 192.168.1.1 (I don't know yet if it can be changed) but my LAN network is on 192.168.0 etc. Is it possible for me to access the modem's web interface and how EXACTLY (please) should I set up PfSense to do so?
Thanks.
-
Most modem/routers (but not all!) have a web interface that is still accessible even when it's in 'pass through' or 'bridge' mode in order to see the line stats etc. This is useful!
You can almost certainly change the default subnet of the router and I would because you may end up using 192.168.1.1 later on (indeed it's the default address of the pfSense LAN). Set it to something less common, say, 192.168.200.1.
You may have to play about with the modem settings to do this. You might end up having to reset it, I did!Which part if the instructions are you unclear on?
Steve
-
Steve:
I did change the router subnet: I set my LAN to 192.168.0.1-254
My modem card default address is 192.168.1.1I tried following the instructions, added the "opt" interface o.k. but I am completely bewildered as to configuring NAT in the firewall.
Do I make up an address for the modem in my LAN subnet, e.g. 192.168.0.30, and use it to access my 192.168.1.1 modem? How do I configure NAT under firewall to do so. I see six rules when I save under "Manuel." Which one do I use? The instructions in the link you provided lack, as we use to say, "human engineering."
-
I tried following the instructions, added the "opt" interface o.k. but I am completely bewildered as to configuring NAT in the firewall.
Take a deep breath and proceed slowly.
http://doc.pfsense.org/index.php/How_can_i_access_my_PPPoE_Modem_on_WAN#For_2.0 says
Add an Outbound NAT rule as described above but do NOT choose the WAN interface, choose your new OPT interface.
Scroll upwards through the document from the "For 2.0" section and you will come to the "Configure NAT" section which explains why NAT (Network Address Translation) is needed/recommended. Where this section says WAN you will need to give the OPTx name of the interface you have just added.
Now, where exactly in that section do you get stuck?
Do I make up an address for the modem in my LAN subnet, e.g. 192.168.0.30, and use it to access my 192.168.1.1 modem?
No.
How do I configure NAT under firewall to do so. I see six rules when I save under "Manuel." Which one do I use?
None, you add a new rule as described in the "Configure NAT" section of the document.
The instructions in the link you provided lack, as we use to say, "human engineering."
You are probably correct. I sympathise with technical writers. Many readers are used to scanning (rather than reading) technical documentation and seem to get flustered if they come across "too many" unfamiliar terms "too quickly". And it can be quite difficult for a full-time developer/part-time technical writer who is very familiar with a field to enter into the mind set of a technically competent person who is unfamiliar with the details of a field and so doesn't have a lot of the context that people working in the field naturally assume is shared.