Firewall behind firewall?
-
You should allow pfSense to hand out itself (LAN IP address) as the DNS server to clients behind it. That would be the usual configuration. TTL expired is interesting.
Try pinging Google from the pfSense console both by url and at, say, 8.8.8.8. What is the actual response?Steve
-
If I ping google.com or 8.8.8.8 from WAN interface as source adress (192.168.1.78) it works fine. But if I try from default, LAN or localhost as source, I get this:
PING google.com (173.194.40.232) from 192.168.2.1: 56 data bytes
36 bytes from localhost (127.0.0.1): Time to live exceeded
Vr HL TOS Len ID FLG off TTL PRO cks Src Dst
4 5 00 5400 a326 0 0000 01 01 0000 192.168.2.1 173.194.40.232x3, just different ID's from the pings. I'm gessing the pfSense isn't letting stuff through?
Interesting result from a traceroute to 8.8.8.8.
If I do it from the WAN-adress, it all works fine. If I do it from LAN-source, I get 18 hops of 127.0.0.1 with sub-ms times. Only 127.0.0.1.
Whaaaat..?
-
Ok if you're doing that via the webgui you specify which interface to send the ping from. Obviously only WAN is the correct inerface but that implies that 'default' is sending from the wrong interface which is bad.
Did you do this:…then go to System: Routing: and make sure it's removed from there too and that the WAN gateway is now default.
Steve
-
Ok if you're doing that via the webgui you specify which interface to send the ping from. Obviously only WAN is the correct inerface but that implies that 'default' is sending from the wrong interface which is bad.
Did you do this:…then go to System: Routing: and make sure it's removed from there too and that the WAN gateway is now default.
Steve
Totally missed that step. Works fine now, thanks a bunch, guys!
EDIT:
The modem is now in stupid-mode, so the pfSense is my only firewall and DHCP-server. Works like a charm! :DJust gotta find out how to shut it the hell up…sounds like a vacuumcleaner. =P
-
Nice. ;D
What hardware are you running? Have you investigated powerd?Steve
-
The cheapest crap I could get my hands on! :D
AMD Athlon 64 X2 5600+ on a ASUS M2N32-SLI Deluxe Wifi-edition w/ 2 onboard NICs, working just fine.
Got it stationed in a SilverStone LC17 HTPC chassis, so it looks real good too. ;)The preinstalled chassis fans were cheap LED-lighted basterds, so I ripped them out and made sure that the CPU cooler is unobstructed. That cut the noise down radically, and will get some more silent fans soon to keep the case a bit cooler. With only the CPU cooler fan running in the whole system (not counting PSU) the CPU runs at about 45-48C, acceptable if not optimal.
Next step is to get familiar with the Traffic Shaper to setup bandwidth throttling/limiting to specific LAN DHCP clients. Need to be able to make sure certain units on the network doesn't eat up all the available bandwidth.
-
Well that CPU has power saving features in the form of 'cool'n'quiet' and powerd should be able to control that via the powernow_k8 driver. Probably save you some Watts at idle and hence fan noise (if your fans are thermal control).
It should show up in the boot log if it's working. For example:
CPU: AMD Athlon(tm) 64 X2 Dual Core Processor 5200+ (2705.78-MHz K8-class CPU) FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs cpu0 (BSP): APIC ID: 0 cpu1 (AP): APIC ID: 1 cpu0: <acpi cpu=""> on acpi0 cpu1: <acpi cpu=""> on acpi0 powernow0: <powernow! k8=""> on cpu0 powernow1: <powernow! k8=""> on cpu1</powernow!></powernow!></acpi></acpi>Steve
-
Well, the CPU fan noise is not an issue, I got a replacement for the loud Zalman previously installed (it was also too large for the new chassis). The problem was the chassis fans, and those were not PWM, so I could not control their RPMs properly. So I yanked them out, and now the box is mostly silent.
Will look into powerd tho, guessing it is installed as some kind of addon?
-
It's included by default but not enabled. Try enabling it under System: Advanced: Miscellaneous: You may have to tweak it or load some further modules. You might find it throws errors for various reasons. Check the system logs.
Steve
-
Coolio. However, does the cool'n'quiet-mode need to be enabled in BIOS beforehand? 'Cuz I ripped out the Graphics card as well to decrease noise, so to enable it is a bit more work than just rebooting the system.. ^^
-
I have no experience with cool'n'quiet but I would expect it needs to be enabled in the BIOS. It might be enabled already.
Steve
-
Ok. At any appropriate moment I will tear down the firewall and install the GPU again. =)
