Best configuration - pfSense & SBS 2003?
-
Hi all -
I am looking for guidance in configuring pfSense and a SBS 2003 server.
My original config was:
WAN = DHCP from Comcast
LAN = Static 192.168.20.0
LAN DHCP = 192.168.20.2 SBS 2003 Server
IP Addresses excluded 192.168.20.1 through 192.168.20.9
IP Addresses excluded 192.168.20.100 through 192.168.20.238
LAN DNS = 192.168.20.2My current config is:
WAN = DHCP from Comcast
LAN = Static 192.168.20.0
LAN DHCP = 192.168.20.2 SBS 2003 Server = stopped
LAN DNS = 192.168.20.2 SBS 2003 Server = stopped
PCs = Manually pointing to pfSense for DNSpfSense DNS Server has OpenDNS & Google IPs in General Setup
pfSense DNS override unchecked
pfSense DNS forwarding is enabledWhich is best, allow pfSense to handle DNS & DHCP or the SBS server?
What about DNS forwarding?
I based my original config from: http://forum.pfsense.org/index.php?topic=8204.0
And my current from: http://forum.pfsense.org/index.php/topic,48059.0.htmlSomething in my config is STILL wrong because LAN side users, using Chrome on Win7 64 are having WWW requests getting stuck with the message "Sending request…" Pages take 30+ seconds to load or timeout with the message ERR_NAME_NOT_RESOLVED, or never timeout. Many times the page loads fast on second try. It is random and intermittent.
I hope NOT to offend any members. I switched to pfSense because the SBS logs were filling from a "Dictionary Attack".
I need happy employees and don't want to switch back to a consumer router.
Thanks for you help - Brad
-
Something in my config is STILL wrong because LAN side users, using Chrome on Win7 64 are having WWW requests getting stuck with the message "Sending request…" Pages take 30+ seconds to load or timeout with the message ERR_NAME_NOT_RESOLVED, or never timeout. Many times the page loads fast on second try. It is random and intermittent.
Are these users using the old DNS or the new? (Unless they did an ipconfig/renew they will use the old DNS until their DHCP lease expires.)
Is there a common theme in the unresolved names?
"never timeout" is a stretch of the truth. How long are users waiting before they decide they have waited "long enough"? When the internet gets busy or significant routers crash packets can be dropped. TCP will attempt to recover by retransmitting. It takes a number of retransmit attempts before TCP decides the link is broken and reports it is broken.
Edit: When I clicked the Save button to post the first cut of this reply my browser reported Connected to forum.pfsense.org for what seemed (by counting) to be over 40 seconds. This sort of thing happens to me intermittently; sometimes the Saves completely seemingly instantaneously.
-
Edit: When I clicked the Save button to post the first cut of this reply my browser reported Connected to forum.pfsense.org for what seemed (by counting) to be over 40 seconds. This sort of thing happens to me intermittently; sometimes the Saves completely seemingly instantaneously.
Some discussion, here.
Steve
-
wallabybob -
Are these users using the old DNS or the new? (Unless they did an ipconfig/renew they will use the old DNS until their DHCP lease expires.)
Don't know, too many changes… rebooted router, sbs, then PCs. Will test today.
Is there a common theme in the unresolved names?
Yes mostly google searches
"never timeout" is a stretch of the truth. How long are users waiting before they decide they have waited "long enough"? When the internet gets busy or significant routers crash packets can be dropped. TCP will attempt to recover by retransmitting. It takes a number of retransmit attempts before TCP decides the link is broken and reports it is broken.
Well after 15 minutes of "Sending request..." at the bottom of chrome and the spinning tab, I stopped the request.
Edit: When I clicked the Save button to post the first cut of this reply my browser reported Connected to forum.pfsense.org for what seemed (by counting) to be over 40 seconds. This sort of thing happens to me intermittently; sometimes the Saves completely seemingly instantaneously.
I too have been having posting issues to the forum http://forum.pfsense.org/index.php/topic,47874.0.html
But I think they are separate issues.I will report back on my testing today. Thanks for your posts - Brad
-
Hi All -
After extensive troubleshooting my DNS issue was being caused by Snort.
To get things running smoothly I had to remove the Snort interface from the Snort services page and reboot pfSense.
Stopping the service was not enough.
Hope this helps others.
Brad
-
I would think that you need to run dns on the SBS and not pfsense or you won't be able to resolve internal dns names. DHCP can run on either or even both with the proper exclusions.
-
Hi All -
Since my last post, I restarted snort BUT with the "block offenders" checkbox unchecked. Having this checked wreaked havoc on my system. I have been running smoothly for 32 hrs.
I decided to keep SBS running DNS and DHCP.
WAN = DHCP from Comcast
LAN = Static 192.168.20.0
LAN DHCP = 192.168.20.2 SBS 2003 Server
IP Addresses excluded 192.168.20.1 through 192.168.20.9
IP Addresses excluded 192.168.20.100 through 192.168.20.238DNS Server (General Setup) = 192.168.20.2 with none selected
Thanks to all who replied - Brad
