New to pfSense, and need advice on configuration settings.
-
Thank you Stephen, that bit of subnet info worked a treat :D
Within half an hour of me posting I realised exactly what I had done wrong, but couldn't work out the best way to correct it, but as soon as I read your reply, I was on it.
Initially, I could only access internet on the LAN based network, the OPT1 was blocking internet access, but I realised that the firewall was not set up, effectively blocking the internet. I have set the rules as per the rules that are automatically applied LAN, but I dare say that I am going to have apply more rules to both LAN and OPT1, but just or the moment I'm leaving everything as is for a few days just to test the system.
I haven't set traffic shaping yet either.It does appear to have improved the QoS already, even though I haven't set traffic shaping yet.
One more question that I have, is regarding my fallback service. If the pfsense box should fail, then I will be reconnecting to the previous network. The router for this is still in situ and transmitting SSID even though it doesn't have a wan connection and all of our devices are now connected to the new networks. All devices still have the settings saved for this network, so it's just a case of selecting the network and connecting, but obviously the router will not be connected to the modem, this will have to be done manually, but is there a device that I can connect the incoming wan from the modem to, that will automatically detect that my preferred router (pfsense) is not working, and route the wan to the back up router?
-
The correct way to do this, if you need this sort of uptime, is to use a pair of pfSense boxes in a CARP setup.
https://doc.pfsense.org/index.php/Configuring_pfSense_Hardware_Redundancy_(CARP)
That's probably beyond what you're looking for!It is possible to do what you're describing by using a LAN-bypass NIC. The NIC has two Ethernet ports that usually appear as two separate interfaces to pfSense but if the power fails the ports connect together bypassing the pfSense box. It can also be configured to go into bypass mode if the OS crashes using a watchdog timer but that requires some interaction with the OS.
Generally speaking bypass cards are more trouble than they're worth. If you search the forum you'll just find people trying to disable the by-pass mode.Steve
-
Hmmm, maybe I will just leave as is, and manually reconnect the wan, doesn't seem worth the hassle lol.
Oh well, now it's time for me start thinking about firewall rules… see how many hurdles I have to jump this time hahaJust want to say a big thanks for your prompt replies, your information has been very helpful ;)
-
I was just re-reading this thread, and noticed this question that you asked me:
Is your WAN using PPPoE from the pfSense box?
Steve
Sorry, I don't know how I missed it :-[
Anyhow, no, the WAN is using DHCP as I was under the impression that this is the protocol used by talktalk. If anybody can prove me wrong please let me know. However, I have not had any issues so far.
-
If the two choices are DHCP and PPPoE and one side is incorrect the link won't come up at all.
-
It was the wrong question anyway. What I should have asked was, does your pfSense WAN interface have a public IP? In other words is your modem acting as just a modem or is it routing and NATing which is much less desirable.
Steve
-
Hi Steve,
In all honesty, I don't know, how would I find this out?
Thanks
-
Look at the IPv4 address for WAN in status->interfaces. Go to a web page like www.wimi.com. Are the addresses the same?
-
Look at the IPv4 address for WAN in status->interfaces. Go to a web page like www.wimi.com. Are the addresses the same?
Yes, the addresses do match.
-
That's fine then. I was originally asking because it may have conflicted with the LAN subnet but that's not the case.
Steve
-
That's great, thanks guys ;)
