Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    New to pfSense, 3 questions about wireless, ICMP and DNS ACLs.

    Scheduled Pinned Locked Moved General pfSense Questions
    2 Posts 1 Posters 772 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      agentb
      last edited by

      I'm just finding my way around pfSense - have had some Checkpoint and Debian Linux experience in the distant past.  So my first pfSense post.

      From the forums here i decided to try out pfSense on the Celeron 1037U and the installation has be a breeze so far.    No troubles in getting UK delivery, the packing tape skill of the sender - a work of art in itself.  IPSEC VPN working within a few minutes.  I added a cheap 20GB SSD and 4GB memory.  CPU hardly stressing.  Really happy.

      The web interface is very professional, a joy to use.  A few little questions after a couple of days running.

      a) The wireless interface is not recognised, and is probably not suitable for running an Access Point (i don't need one in the firewall).  I'm assuming I can leave it "unrecognised" until I need that interface for something (thinking wireless secondary route in the future).  Is that a sane idea, or should i just remove the miniPCIE wireless card or track down some drivers and disable it?

      b) Decided to run some diagnostics, looking at the pfTop i noticed a large amount of ICMP traffic -packet captured this to a CAP file and reviewed in Wireshark.  Seems the firewall is pinging the next upstream router every second.

      The WAN interface is PPPoE but i can not find if this in the PPPoE settings or online help,  cause - or perhaps some other link monitor is going on.

      So my question is - is this ICMP traffic normal ?

      c) on the DNS Resolver Setup (to support local LAN DNS, and local DNS values from DCHP) a question on Access Lists

      I wanted to have three subnets "allowed access list" and then one "Catchall List 0.0.0.0/0" which i planned to set to "block".  I found i could not set the CIDR to value 0 (1-32 only) for the second.  I suspect I'm not understanding the defaults?

      Thanks all

      1 Reply Last reply Reply Quote 0
      • A
        agentb
        last edited by

        OK I found the answer to b)  is this ICMP traffic normal ? - Yes - its the default for monitoring and can be tweaked in the System / Routing / Edit Gateway section - and it works perfectly.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.