Finished my first project

hotsauce2007 · Sep 10, 2017, 11:39 PM

amazing job, maybe change some fans for noctuas fan if noise is a problem, ::)

do you mind to tell how much it cost? I´m planning to start my own pfsense too, to tired of comercial routers…

gotty101 · Sep 12, 2017, 7:43 AM

Thanks for the comments, ive started setting the pfsenses lan ports up as a router, and my main house lan runs through the switch to the right. I still want to work on the rules to control what protocols and ports are used by certain interfaces. Currently they are using the default rule. Appart from that im very pleased.

Its surprisingly quitet and alot of the time the cpu is idling but im keeping an eye on temps.

with regards to the case it was based off a PENN ELCOM R2110/1UK 19" Rack Enclosure:1U. Although i replaced the sides and back as there isnt enough space as it stands to house the power supply. Cost wise im not really sure. The Jetway JNF592-Q170 motherboard and cpu was the biggest cost, although its not too bad when you compare it to other high end motherboards.

just need to work on the config now.

Trev

johnpoz · Sep 12, 2017, 9:00 AM

So if your running your left interfaces as actual interfaces and not bridged, So you only have 1 device on them or they are running to other switches or AP with vlans on them?

Give an example of what you have connected to each interface and what you want to allow or prevent from a traffic point of view and we can walk through how to setup the rules.

You place the rules on the interface where the traffic enters pfsense - rules are evaluated top down, first rule to trigger wins no other rules are evaluated. Its that simple.

If you don't want lan to talk to opt1, the non lan put a rule to block lan net from talking to opt1 net. Then under that you could leave your any any rule. all comes down to how granular you want to get and what exactly your wanting to prevent or allow between your networks or between specific IPs on different networks.

But I don't know dude that rack looks like its got some space where you could of just added a 1U smart/managed switch. Guess you still can.. So which cable did you connect from your switch over to your network interfaces? I would of just used a little 6, 9 inch or 1ft patch between right most nic and the 8 port switch on the right.

VAMike · Sep 12, 2017, 12:41 PM

Note that there are sometimes problems with really short cable runs between devices. Not always, but worth being aware of the possibility, so if you have link issues you can try replacing a tiny cable with a 3 foot patch.

johnpoz · Sep 12, 2017, 2:57 PM

We have used 1 foot patches all the time.. I do not recall anything specifically in the ieee specs for min length of cat5 or 6 cable.. fiber is a different story. But if you have shoddy equipment or cable could always have some weirdness.

Check the ports for errors if you see them, then sure go with 1m cable.. But if your cable is certified.. then you should not have any problems.. You might have problem finding shorter than 1ft certified.. But just looked on 1ft patch on deepsurplus
http://www.deepsurplus.com/Network-Structured-Wiring/Cat6-Standard-Boot-1ft/1ft-Blue-Cat-6-Patch-Cable-Molded

"Meets or exceeds the ANSI/TIA/EIA-568-B.2-1 standard for CAT 6 CMR, communication riser cable, and certified by UL, Underwriters Laboratories."

Inxsible · Sep 12, 2017, 3:03 PM

@johnpoz:

…. You might have problem finding shorter than 1ft certified.. But just looked on 1ft patch on deepsurplus
http://www.deepsurplus.com/Network-Structured-Wiring/Cat6-Standard-Boot-1ft/1ft-Blue-Cat-6-Patch-Cable-Molded

"Meets or exceeds the ANSI/TIA/EIA-568-B.2-1 standard for CAT 6 CMR, communication riser cable, and certified by UL, Underwriters Laboratories."

6 inch patch cables that I use between my patch panel and switch.
https://www.monoprice.com/product?c_id=102&cp_id=10232&cs_id=1023203&p_id=9789&seq=1&format=2

From the website:

Monoprice Ethernet cables are made of 100% pure bare copper wire, as opposed to copper clad aluminum (CCA) wire, and are therefore fully compliant with UL Code 444 and National Electrical Code TIA-568-C.2 fire and safety standards, which require pure bare copper wire in communications cables.

Inxsible · Sep 12, 2017, 3:07 PM

@gotty101:

with regards to the case it was based off a PENN ELCOM R2110/1UK 19" Rack Enclosure:1U. Although i replaced the sides and back as there isnt enough space as it stands to house the power supply.

Thanks for the case information. Did you have to cut up the front yourself to have access to the ports, hdmi connection, lcd and the buttons?

Mats · Sep 12, 2017, 3:08 PM

There was minimum length on Ethernet once upon a time.
The length was a consequence of timing requirements in the CSMA/CD to reliably detect collisions, IE it shouldn't be an issue at all in switched Ethernet.
All based on my memory and about 20 years old network technology training (non of them are ECC)

VAMike · Sep 12, 2017, 4:11 PM

@Mats:

There was minimum length on Ethernet once upon a time.
The length was a consequence of timing requirements in the CSMA/CD to reliably detect collisions, IE it shouldn't be an issue at all in switched Ethernet.
All based on my memory and about 20 years old network technology training (non of them are ECC)

And yet I've seen actual problems in the field where use of really short patch cables between transceivers was resolved by a coiled up longer cable. :) (The basis of the problems wouldn't be collision detection timing, it would be signal reflection. I've seen it far less often with newer ethernet chipsets, which tend to be far more forgiving of all sorts of cable problems than older ones were, and signal strength reduction for EEE may also help. That's why I characterize it as "something to be aware of" rather than "don't do this".)

johnpoz · Sep 12, 2017, 5:31 PM

^exactly.. If you were having weirdness and you were using very short patch - it would be something to look at for sure.. And it was good of you to bring it up so the user or others might be aware that sure very short cables could have issues… But I have used 6 in patch to uplink a desktop (cheap) switch to another sitting right on top of it, etc. And never had any issues..

And have had hundreds of 1ft patch in the DC without any problems.. But those are normally from switch to patch, but in some cases from switch to switch, etc. Your experience could vary - but if there is nothing in the spec that says patch has to be X inches long then if looks better short why not give it a go ;) Your talking a few bucks at most for a patch cable.

gotty101 · Sep 12, 2017, 7:56 PM

Hi,

Yes they are running as interfaces. Some go to switches and some dont, but there arnt currently any vlans.

CCTV
Lan (goes to the little switch on the right)
Media (goes to a small switch to two different devices)
NAS
SKY
TV (goes to a built in switch on the HDBaseT distribution)
WAN
WIFI

Currently as a short term thing i have setup the default PF sense rule on each interface so effectivly every port and hit the other ports.
I would like to lock down the CCTV, Media, Nas, SKY, and TV ports.
Tonight i disabled the default rule i set on the CCTV interface and attempted the setup the correct ports but i think i must have got it wrong as i could nolonger view the CCTV via my mobile.
The ports are listed in this document http://www.hikvision.com/ueditor/net/upload/2015-06-10/3b56a0c6-f61c-4381-866e-dc49e5c30c88.pdf
It talks of
1080 external to 554 internal
8008 external to 80 internal
8000 external to 8000 internal

but i think i may have got it wrong somewhere.

There is another unit thats not in the rack at the mo, its a ZWave controller which is just going to be patched into the lan switch.

with regards to the front panel and replacement rear panel, i measured the motherboard ext and drew it in cad. I then cut it on a CNC router.

Trev

gotty101 · Sep 12, 2017, 8:05 PM