Latency issue
-
latency issue to where? And how much, and sounds like more than likely have asynchronous routing setup. If you have pfsense behind your router and pfsense lan is the same network as your isp routers lan and you can point to either of them.
How exactly do you have pfsense in your network.. Are you just doing a double nat? Your setup should be normally like this
ips router –- either public or transit (192.168.0.0/24)---- pfsense --- lan 192.168.1.0/24
-
router is 192.168.1.1 > pfSense is 192.168.1.30
I'm not double natting, no route has been setup yet. pfSense is connect to an access switch behind the router. See attachment from pc ip config
thanks
 -
Just making sure this is what you're saying
Router: 192.168.1.1
PFSense: 192.168.1.30
Computer Screenshot: 192.168.1.35 -
You are adding latency by adding another route step to internet traffic by using 192.168.1.30 as your default gateway instead of 192.168.1.1.
-
How does pfsense get to the internet? Does it have its own internet connection or does it use the same internet router?
Sounds like you have this - which never going to work. Or do you have the 2nd setup, which again not going to work.
-
pfsense gateway is 192.168.1.1 which is the router IP
 -
dude that is NOT how you would set it up.. For starters its going to be asynchronous.. So your client bounces off pfsense, which then hairpins to send to your router.. Then when traffic comes back through your router its just going to go direct to your client.. BAD setup!!
So no shit that is going to have all kinds of problems!!!
-
Whooa what's up with the profanity? Johnpoz…..
-
While his language may not be your preference, his comment is spot on.
That design is all kinds of wrong. You seriously need to step back and think about what you are trying to do and whiteboard something more standard, and then implement.
-
I'm aware of that. So i refreshed pfSense… Plz provide guidance on design setup...
thanks
-
I'm aware of that. So i refreshed pfSense… Plz provide guidance on design setup...
First off, "no shit" is just colloquialism… I'm sure John meant no harm, just a bit of frustration perhaps. Often times, "no shit" is followed by "Sherlock".
As to your design, put everything in a downstream flow. Since pfSense is probably a better router than your router, do you even need it? I know, some ISPs require you to use a specific router. So your choices are:
ISP/TA > router > pfSense > devices (if you must use the ISP router/TA)
or
ISP/TA > pfSense > devices (if you can just come off the TA)
You can still have static IPs on your devices if that is your need or you can assign static IPs through the DHCP service.
Rocl
-
You have a problem with no shit?? Really are you 6 and your mommy told you was shit a bad word?? ;) I quite often would use no fuck as well… How about is the pope catholic ;) Would of you had a problem with.. It is a common phrase use to express that what is being discussed is obvious.. As in that sort of setup is fubar.. Would you like me to expand that acronym? hehehheeh
As to how you should it set it up comes down to what your wanting to accomplish. Pfsense is best to replace the router your using from your isp.. Common these days for isp to hand out a gateway device where its modem/router combo. If you can turn that into just modem (bridge mode) and pfsense wan gets public on its wan that is most often first choice.
if you can not turn off the nat on your isp device and give pfsense a public on its wan, then you would go with a double nat setup where your isp network is now your transit network to your pfsense wan.. No other devices would be on this transit other than routers. If any devices are put on this transit network that are not routers you would need to do host routing on these devices.
All your devices would be put on the network(s) behind pfsense. Only restriction here would be that your transit network is not the same as your networks behind pfsense.
Another option would be to maintain a network on your isp device, and then create a transit network to pfsense so be able to get to those networks. So devices on your isp device would use the isp device as their gateway, and the router would route to pfsense via this new transit network to pfsense wan. If you were going to go this route pfsense would not need to nat.
There are many a way to skin the cat.. Your attempt is not the right way to skin the cat ;)
