Please check my Firewall:Rules and tell me if they are ok.



  • I've not used pfsense before, but after having annoying issues with my DGL4100 and BEFSR41v5 I decided to try out Pfsense.
    However, configuring the ports on this router is very different from anything I've worked with yet. I'm simply trying to get the feel of the router now, so I'm not ready to get into 'traffic shaping' just yet. First I need to make sure my Firewall Pass-through rules are configured properly. Would one or more of you pfsense savvy individuals be able to help me?

    WAN, dynamic, LAN is static(20.55.77.0/24[fake]). As far as the games, it may or may not be working. From Portland to Sea/Tac(280ml) is averaging 16ms playing CSS, without jitter or hanging(with NAT:Portforward). Playing 'Project Reality'(BF2 mod) yields a 12ms drop over using the DGL4100 connected PDX to Chicago for 72ms average play latency. However, this was done without creating a NAT:Portforward for BF2/PR.87. NAT:Aliases really helped when creating Firewall:Rules and NAT:Portforward for gaming ports. Never seen that before on any of my old Firewall appliances. Makes writing rules much easier!

    Internet and games are running smooth, but streaming video keeps hanging/buffering, even when only one of three PC's on the LAN are on. Youtube, Liveleak, anything streaming video, all PC's on the network are having this issue with hanging and constant buffering. I looked for the RTSP and other stream related ports via SpeedGuides and created a rules for them to pass-through, but I must have not wrote the rule correctly, because I keep getting hanging and buffering. But if I did not write the rules correctly, I would think I would have issues with DNS & HTTP too. I wrote the three rules exactly the same starting with DNS.

    Thanks
    Mark

    I'll post some logs in a little bit-

    WAN Pings
    Pinging [208.146.44.40] with 30 bytes ->bytes=30 time=14ms TTL=57
    Pinging [208.146.44.40] with 30 bytes ->bytes=30 time=16ms TTL=57
    Pinging [208.146.44.40] with 30 bytes ->bytes=30 time=13ms TTL=57
    Pinging [69.12.111.29] with 30 bytes ->bytes=30 time=68ms TTL=117
    Pinging [69.12.111.29] with 30 bytes ->bytes=30 time=65ms TTL=117
    Pinging [69.12.111.29] with 30 bytes ->bytes=30 time=68ms TTL=117
    Pinging [8.6.15.64] with 30 bytes ->bytes=30 time=29ms TTL=54
    Pinging [8.6.15.64] with 30 bytes ->bytes=30 time=33ms TTL=54
    Pinging [8.6.15.64] with 30 bytes ->bytes=30 time=29ms TTL=54
    Pinging [68.87.60.144] with 30 bytes ->bytes=30 time=109ms TTL=112
    Pinging [68.87.60.144] with 30 bytes ->bytes=30 time=102ms TTL=112
    Pinging [68.87.60.144] with 30 bytes ->bytes=30 time=102ms TTL=112
    Pinging [208.49.52.58] with 30 bytes ->bytes=30 time=61ms TTL=55
    Pinging [208.49.52.58] with 30 bytes ->bytes=30 time=39ms TTL=55
    Pinging [208.49.52.58] with 30 bytes ->bytes=30 time=35ms TTL=55
    Pinging [193.10.252.19] with 30 bytes ->bytes=30 time=199ms TTL=240
    Pinging [193.10.252.19] with 30 bytes ->bytes=30 time=196ms TTL=240
    Pinging [193.10.252.19] with 30 bytes ->bytes=30 time=233ms TTL=240
    Pinging [66.230.207.58] with 30 bytes ->bytes=30 time=108ms TTL=46
    Pinging [66.230.207.58] with 30 bytes ->bytes=30 time=111ms TTL=46
    Pinging [66.230.207.58] with 30 bytes ->bytes=30 time=106ms TTL=46
    Pinging [218.32.192.112] with 30 bytes ->bytes=30 time=180ms TTL=49
    Pinging [218.32.192.112] with 30 bytes ->bytes=30 time=174ms TTL=49
    Pinging [218.32.192.112] with 30 bytes ->bytes=30 time=172ms TTL=49
    Pinging [72.14.213.113] with 30 bytes ->bytes=30 time=19ms TTL=51
    Pinging [72.14.213.113] with 30 bytes ->bytes=30 time=19ms TTL=51
    Pinging [72.14.213.113] with 30 bytes ->bytes=30 time=22ms TTL=51
    Ping statistics for above hosts:
     Packets: Sent = 27, Received = 27, Lost = 0 (0% loss)
    Approximate round trip times (RTT) in milli-seconds:
     Minimum = 13ms, Maximum =  233ms, Average =  86ms

    Internal IP's, modem IP's, DNS

    Pinging [xx.xx.xx.x] with 42 bytes ->bytes=42 time=0ms TTL=64
    Pinging [xx.xx.xx.x] with 42 bytes ->bytes=42 time=0ms TTL=64
    Pinging [xx.xx.xx.x] with 42 bytes ->bytes=42 time=0ms TTL=64
    Pinging [xx.xx.xx.xx] with 42 bytes ->bytes=42 time=0ms TTL=64
    Pinging [xx.xx.xx.xx] with 42 bytes ->bytes=42 time=0ms TTL=64
    Pinging [xx.xx.xx.xx] with 42 bytes ->bytes=42 time=0ms TTL=64
    Pinging [xx.xx.xx.xxx] with 42 bytes ->bytes=42 time=11ms TTL=52
    Pinging [xx.xx.xx.xxx] with 42 bytes ->bytes=42 time=8ms TTL=52
    Pinging [xx.xx.xx.xxx] with 42 bytes ->bytes=42 time=11ms TTL=52
    Pinging [xx.xx.xx.xxx] with 42 bytes ->bytes=42 time=41ms TTL=55
    Pinging [xx.xx.xx.xxx] with 42 bytes ->bytes=42 time=46ms TTL=55
    Pinging [xx.xx.xx.xxx] with 42 bytes ->bytes=42 time=42ms TTL=55
    Ping statistics for above hosts:
     Packets: Sent = 12, Received = 12, Lost = 0 (0% loss)
    Approximate round trip times (RTT) in milli-seconds:
     Minimum = 8ms, Maximum =  46ms, Average =  13ms

    2  68.85.150.177 (68.85.150.177)  11.464 ms  18.966 ms  6.517 ms
    3  te-9-3-ar01.troutdale.or.bverton.comcast.net (68.87.216.89)  10.868 ms  6.481 ms  6.500 ms
    4  te-0-4-0-1-cr01.seattle.wa.ibone.comcast.net (68.86.90.81)  12.909 ms  13.481 ms  13.005 ms
    5  e1-4.cr01.sea01.mzima.net (75.149.228.182)  12.923 ms  25.008 ms  19.017 ms
    6  ge0-nuclearfallout.cust.sea01.mzima.net (72.37.232.54)  11.924 ms  23.501 ms  20.485 ms
    7  c-208-146-44-213.premium-seattle.nuclearfallout.net (208.146.44.213)  12.937 ms  18.984 ms  24.526 ms





Log in to reply