Extreme slowdown of download speed with Netgate SG-1000
-
Well, in Norway 300/300 is probably in the lower end. Most fibre customers have the standard 500/500+TV package. I have a company consisting of one person, me. I translate, and it's not very highly paid, I'm afraid. But I need a stable line because of my home automation hobby, and because my alarm and similar stuff goes over the Internet. I had to drive two hours from my cabin to reset the fibre router/modem a few months ago, that's why I wanted something that didn't fall down. And again it really never occured to me that it could be that slow. As for phone I bought my Sony Xperia X Performance when it was a one year old model, and I have been using it for two years now. The previous phone I think I had four years... I really don't care much about phones, I prefered the O2 Atom series of Windows Mobile ten years ago... ;)
-
hehehe - my point to the phones was more how much your typical user pays for them... And needs the next new shiny one next year but then they balk at paying a few hundred for a quality product their their home/business internet runs on.
Shoot there are soho products that cost more than the the sg3100 that is for sure... And what do they do exactly? I would suggest you look at the 3100, it might be a bit more than you wanted to spend.. And it is a shame of the costs outside the US not being more reflected of exchange rates, etc. But that can be said for almost any electronics.. And many goods really..
You could look to DIY and bring your own hardware and just run pfsense on it... Many people like to do that, it might save you a few bucks... But I am not a fan of the china boxes to save a buck.. Rather support the company that is putting out such a fine product. So they can continue to do so - and I do believe they have some different models coming out that will cover the bases better from low to high, etc.
Sorry to hear your disappointed, but the specs are listed. And everyone is here ready to answer any questions before you purchased in the forums or even sales directly, etc.
To your gig comment.. The new PI3 B+ has gig interface - do you think it can do gig?? ;) No not even close... And that is just moving packets not firewall them and nat them and route them, etc. Gig interface just means more than 100 as mentioned already.
-
I did get the one about the phone, I only saw my chance to play the wise, old nerd who longs for the days of WinMo... ;) But I have contacted the Norwegian reseller. They have had very good service and been nice people so far, so maybe I can upgrade to an SG-3100. We'll see.
-
The nice guy at the Norwegian reseller is letting me replace the unit with the (did I mention quite a bit more expensive? ;) ) 3100. So I guess that should work.
-
So he is charging you the extra money, or giving you as even exchange for what you paid for the sg-1000?
-
I'm getting back the money for the 1000 and getting an OK deal on the 3100. So no even exchange. I would have demanded that if I had told them that I was going to use it for a 300/300 line and they didn't say anything, but I never mentioned that in my mails to them.
-
Up and running (the postal service must recently have fed the tortoises they use to carry their packages through Norway, because it came over night in a recular package). The unit works perfectly, no problem pulling 300/300 (and I have read that it actually can do gigabit fibre speed), so I'm good. :) I see that it has an optical input, so I have to find out if I can actually use that instead of the fibre modem that my ISP gave me. That would be slick!
-
@mastiff said in Extreme slowdown of download speed with Netgate SG-1000:
I see that it has an optical input,
Huh? The sg-3100 has no fiber input... Or sfp or sfp+ port to add one.
https://www.netgate.com/solutions/pfsense/sg-3100.htmlDid you get some other model? Or some other box running pfsense?
-
Embarassing... I didn't look at the damn port, I only saw that OPT designation. I guess it's optional wan or something!
-
Yes its another router interface... Can use it for another wan, or another lan side network..
The switch ports can be isolated as well via vlans so those could all be other networks on the lan side or wan connections. The only limitation is the switch uplink into the soc is only 2.5gbps
-
Btw I was looking for how to do DMZ the easiest way (I want all ports from WAN to be routed to a single IP on the LAN), and I stumbled over this (which ironically enough seems to use the OPT1 port...):
https://www.ceos3c.com/pfsense/how-to-create-a-dmz-with-pfsense-2-4-2/
Is this the simplest/only way to do this or is there a simpler solution?
Oh, btw, I would like the rest of the LAN from the Netgate to be accesible from the DMZ as well, there's stuff there that I have to maintain.
-
Oh, almost syncronized posting. Much like syncronized swimming, except for not using a swimsuit. At least, I don't wear one now, but of course I don't know what you're wearing! ;)
-
Not sure why anyone would ever want to do something like that... Just forward the ports you NEED.. But that link is just creating another network and calling it dmz.. You can call your other network segments whatever you want.
-
heheheheehhe - ROFL... dude that is funny ;) To be honest I am wearing a bath robe since its very early in the morning here 4:44 am...
-
Well, then I wasn't all off... ;) But the reason is that I do home automation and I have 30-40 different ports that goes to different parts of the system, and I change them every now and then too. :) And at the same time it keeps the rest of the system totally safe, because all attacks will go to the same place. So what would be the easiest way to forward everything?
-
Yes I would suggest you put your Iot devices, home automation stuff into their own segment... And sure call it dmz... I have a segment called that.. Its where my ntp server sits since it serves up traffic ntp to the public ntp pool.. So I have 123 forwarded to it.
And this segment has no access into my other lan segments. I then have a segment that my amazon alexas are in, nest, harmony.. But there are no inbound ports to them.. But they are limited access into my other network segments..
If you need 30 or 40 ports then forward those 30 or 40 ports. But to be honest if your forwarding ports into your network to do home automation - your doing it wrong.. Your home automation should go outbound to creates its connection. You shouldn't need to do inbound..
-
This is my cabin, and I have 10 cameras (some internal security, some to keep an eye on the garden and some to watch the view when I'm not there). Three receivers with different ports for control. Then there's separate systems for NodeRED, Home Assistant and EventGhost and 15 different ports for different segments of the webserver for Girder (so I can log in to control AV in a particular room, for a group of rooms or the whole cabin). Everything is set up like this so I don't even have to go on the cabin's wifi, I can control it just as well from 4G. That's why I use so many ports. But I don't think it will work to use a separate segment because I need to be able to connect to stuff on the main segment too from the automation server, because I have some things there that are accessible only from inside the network. So using a separate segment is really not that good for me. Is there really no simple way to forward everything to one IP?
-
Oh, and I change them from time to time because I give guests access to AV for their room, and when the guest leaves, I change the port for that room, so they don't wake up the next guest in the middle of the night with Highway to Hell! ;)
-
Why would you not just vpn if you need to access multiple devices and multiple ports?
That doesn't sound like 1 IP, so how would you do it a forward or even a "dmz host" as you call it to that... Sure you can forward ALL the ports to an IP... But you can not forward all the ports to multiple IPs... You can forward port X to IPA and Y to IPB but those are different rules.
Why would your devices not be able to be on different network segments. Only thing that needs to be on the same layer 2 is shitty soho devices that use some L2 discovery protocol to find what they are looking for. As long as the application or device allows you to set an IP, and use IP or fqdn to get to whatever it is it needs to talk to. Then they can be on the internet, or different network segment.
You can then limit access to specific ports and protocols on the firewall between your segments.
Butt if your controlling this remote to your cabin, accessing your camera's etc.. Then you should VPN into this cabin and access it whatever it is you need to access without any need to port forward anything.
So your guests to control something while they are there - go out to the internet and back in. Or do you have wifi at this cabin they connect to?
-
This isn't multiple IP's. They are all running on the same virtual machine (except for Node-RED and Hass, wich runs on a Rasberry PI, but they don't change their ports, and they go through the home automation VM with MQTT). And I don't want to be rude, but I don't really need these suggestions and questions, I only need a simple answer to the simple question of how I route all ports to one IP, if you have that answer. I have been running a system like this for several years without problems, before I came to the first device I've had that does not have a dedicated DMZ.
