Run a server behind pfSense router
-
Ah snap, I found out that Comcast Business comes with a dynamic IP by default. So it changes whenever it pleases, anywhere from 3 hours to 3 months! That is soo messed up, and the guy says that it's the same for Home service as well ??? . Anyway, I ordered the addon for 1 static IP address for an extra $15 a month and have to wait a week for it to kick in. Oh well, the wait begins.
Also, the siemens device wasn't a firewall, it was just a T1 gateway device which was already disconnected and not in use. I couldn't tell before because it was on a rackmount and too hard to tell what's going on in the back until I took some pictures with my phone's camera 8) . There were no connections and so I removed the device. The firewall was this tiny box with a 2005 PC Engine board with AMD SC1100 @267MHz processor and 512MB Compact Flash card. So no doubt it used some firewall software.
Lol, too sleepy to ask any questions, later ;D
-
I found out that Comcast Business comes with a dynamic IP by default.
That's what dynDNS services are for.
The firewall was this tiny box with a 2005 PC Engine board with AMD SC1100 @267MHz processor and 512MB Compact Flash card. So no doubt it used some firewall software.
If that WRAP board is running m0n0wall (from which pfsense is forked) you may get some clues from it's config file.
Steve
-
Wait, so how does dynDNS keep track of all those IP changes and still manages to link it to a url? And can I still use Failover in pfSense for this?
(Just checked DNSmadeeasy, and they support monitoring upto 5 IPs and cost $50 to monitor more!)
-
Wait, so how does dynDNS keep track of all those IP changes and still manages to link it to a url?
It doesn't keep track of IP address changes by itself - it relies on holder of the name reporting IP address changes. For example, if I have registered myfancywebhost.dyndns.org it is up to me (or my system) to report changes in the IP address to which that name is to map. pfSense has a configurable service to report such IP address changes.
-
Wallabybob, please describe this service for me and how to configure it. This sounds like the exact thing I'm looking for! :o
So assume that I have Internet Connection 1 connected to WAN and Internet Connection 2 connected to OPT1, and Local Connection 1 connected to LAN. I have Failover enabled, no load balancing. Will this service you mentioned monitor the active incoming IP and report it to my dns provider? Or am I at least close?
-
What would be nice would be if you could set pfSense's dynDNS client to monitor whichever interface was currently the default gateway. That way when it fails over and the gateway changes it would update the dynDNS service immediately. Unfortunately that doesn't appear to be possible. There may well be some technical reason for this. In fact it may work anyway. :-\ Hopefully one of the developers might chime in here.
It doesn't really matter for you since dnsmadeeasy is not one of the supported services. ::) (though I'm sure it could easily be added)
Where do you run the client? If the client is the type that detects what your public IP is by connecting to the service then it will simply update the dynDNS servers when your WAN switches. However it will be limited by the time between checks. Perhaps you can alter that?Steve
Edit: You could use this: http://www.dnsmadeeasy.com/services/dns-failover-system-monitoring/
;)
Are you running the dnsmadeeasy client on your server?
Steve
-
Currently no. In fact, I don't think they have their own software. They have some methods that can be developed to monitor the change, but that requires time and development that I'd rather not do.
Then I found this: http://doc.pfsense.org/index.php/Dynamic_DNS#DynDNS
According to this I can use DNS-O-Matic and somehow reroute that to DNSMadeEasy, according to pfSense docs link above. What I need to know is what I need to setup in the pfSense device and how to do so.
-
As I said above there is no way of telling the built in dynamic DNS client in pfSense to use more than one interface in a failover scenario. What you need to do is run a client on your server (or on any machine that is behind pfSense) and have that check as often as it can be set to do so.
Dnsmadeeasy appear to have a number of clients available:
http://www.dnsmadeeasy.com/services/dynamic-dns/
I have no idea how much it costs though.What OS is your server running?
Steve
-
OK, I thought there was some sort of built-in feature of pfSense that can tell which IP is currently being directed to the NAT that can be reported externally and that the same feature will be able to act immediately since it is within pfSense. This way it doesn't have anything to do with Failover as it is simply looking at the input IP of the NAT.
Take your pick, I got Windows Server 2008 R2, Windows 2000, Linux. Heh, when I read the "Java/Cross Platform" I kinda didn't want to go that route. Should've tried to click the link because I see the program "Direct Update" and "DynSite". The server that I need to get online is the Server 2008 R2.
So with one of the above programs running, it will simply update the IP address when there's a change. The program will simply treat Failover feature in pfSense as a Dynamic IP change! If this is the case, then VERY NIIIIIIICE!
This…is correct, right?
-
Exactly. Most dyndns client programs will ping out to some site in order to determine what their outgoing IP is, they don't rely on reading it from the machine they run on. E.g. www.pfsense.org/ip.php
The advantage of running it on pfSense is that it would know immediately if the IP changes where as running on the server behind there will be some delay. Since the pfSense dyndns client does not appear to be setup for multiwan it won't failover correctly. So although there is a built-in feature exactly as you suggested it's not usable in this situation.
I'm still half expecting one developers to come in here and tell me I'm not reading it right.. ::)Steve