Help, connection limit giving out wrong IP + Configuring Wireless with PFSense



  • Hey everyone,

    First off I'd like to say thank you for making pfsense so awesome and free, I've been using it for 7 months so far and it's been great.

    I have a few things that I have questions about though.

    I just recently added an email server a couple days ago and I've been receiving email from PfSense about the connection limit being reached, the IP address its telling me about is not an IP on my network, its giving me the IP of 192.168.1.5 in the email subject and body, my network runs on 192.168.200.0, where is this IP coming from? I searched the state table and I have found no results for anything on 192.168.1.x, the email server that was added has the IP of x.x.200.25, it does use a lot of connections at times, is there a way I could increase the connections for that IP?

    Second question, my Pfsense router is running on an ESXi machine, I want to add a wireless N network to my network, I'm aware of the lack of wireless N support of Pfsense at the moment, I found out that the wireless card doesn't even work at all in the ESXi machine. So I am going to put it in another computer running Ubuntu, the question I have is, is it possible for me to make the wireless network on Ubuntu work together with pfsense? I would like for the wireless devices to be able to talk to the IPs that Pfsense gives out, is that possible?

    **tl;dr;

    How can I increase the connection limit for certain IPs in Pfsense?

    Can another computer that gives off a wireless network be on the same LAN as PfSense?**



  • I don't know of any connection limit per IP in pfSense.It might be helpful to see the subject line and body of the referenced email.

    Perhaps the email is bogus. Some email clients allow inspection of the complete set of mail headers and that should provide trace information - a post mark from every mail transfer agent that handled the email. In Thunderbird, View -> Headers -> All will show all the message headers.

    @Toasticuss:

    I just recently added an email server a couple days ago and I've been receiving email from PfSense about the connection limit being reached, the IP address its telling me about is not an IP on my network, its giving me the IP of 192.168.1.5 in the email subject and body, my network runs on 192.168.200.0,

    Your pfSense actually belongs to a number of IP networks; depending on the configuration details this could be one IP network for every enabled interface.

    You haven't provided enough configuration information, but perhaps an upstream router (on pfSsense WAN side, maybe a 192.168.1.x network) is reporting it is out of capacity for connections coming from 192.168.1.5, the pfSense WAN address (?). I suspect a cheap modem/router that is also doing NAT is likely to run out of connection capacity before your pfSense. But I don't have enough information to determine if that is relevant to your configuration.

    @Toasticuss:

    Second question, my Pfsense router is running on an ESXi machine, I want to add a wireless N network to my network, I'm aware of the lack of wireless N support of Pfsense at the moment, I found out that the wireless card doesn't even work at all in the ESXi machine. So I am going to put it in another computer running Ubuntu, the question I have is, is it possible for me to make the wireless network on Ubuntu work together with pfsense? I would like for the wireless devices to be able to talk to the IPs that Pfsense gives out, is that possible?

    The least troublesome way to do that is probably to buy a $25 Wireless router/AP and connect it to a switch connected to the pfSense LAN interface, following the appropriate how-to on http://doc.pfsense.org. If you insist on going the Ubuntu (or Linux)  route you could
    1. bridge the wireless interface and the wired interface connecting to pfSense LAN and have pfSense DHCP serve IP configurations to Ubuntu and Wireless clients; or
    2. you could create a new IP subnet on the Linux system for the wireless interface and its clients, route the wireless clients through the Linux system and create appropriate firewall rules (and static route) on pfSense to allow traffic from the wireless subnet and tell pfSense how to get traffic to the wireless subnet.



  • @wallabybob:

    I don't know of any connection limit per IP in pfSense.It might be helpful to see the subject line and body of the referenced email.

    Perhaps the email is bogus. Some email clients allow inspection of the complete set of mail headers and that should provide trace information - a post mark from every mail transfer agent that handled the email. In Thunderbird, View -> Headers -> All will show all the message headers.

    @Toasticuss:

    I just recently added an email server a couple days ago and I've been receiving email from PfSense about the connection limit being reached, the IP address its telling me about is not an IP on my network, its giving me the IP of 192.168.1.5 in the email subject and body, my network runs on 192.168.200.0,

    Your pfSense actually belongs to a number of IP networks; depending on the configuration details this could be one IP network for every enabled interface.

    You haven't provided enough configuration information, but perhaps an upstream router (on pfSsense WAN side, maybe a 192.168.1.x network) is reporting it is out of capacity for connections coming from 192.168.1.5, the pfSense WAN address (?). I suspect a cheap modem/router that is also doing NAT is likely to run out of connection capacity before your pfSense. But I don't have enough information to determine if that is relevant to your configuration.

    @Toasticuss:

    Second question, my Pfsense router is running on an ESXi machine, I want to add a wireless N network to my network, I'm aware of the lack of wireless N support of Pfsense at the moment, I found out that the wireless card doesn't even work at all in the ESXi machine. So I am going to put it in another computer running Ubuntu, the question I have is, is it possible for me to make the wireless network on Ubuntu work together with pfsense? I would like for the wireless devices to be able to talk to the IPs that Pfsense gives out, is that possible?

    Thank you for your quick reply, after reading your reply I took a closer look at the email and it appears as if it did not even come from Pfsense, the email is from myself to myself, I'm not quite sure what service is sending it as it has nothing identifiable on it…

    At one point I thought I remember entering in my SMTP information for PFsense to send me information.


    –------------------------------------------------
    The emails seemed to have started coming right after plugging in the new email server which hosts my email address, I'm still puzzled by the IPs, I also believed it could be something from the WAN side further up but nothing has my email address and the WAN runs on 192.168.0.1 with a forced DHCP server.

    If you insist on going the Ubuntu (or Linux)  route you could
    1. bridge the wireless interface and the wired interface connecting to pfSense LAN and have pfSense DHCP serve IP configurations to Ubuntu and Wireless clients; or
    2. you could create a new IP subnet on the Linux system for the wireless interface and its clients, route the wireless clients through the Linux system and create appropriate firewall rules (and static route) on pfSense to allow traffic from the wireless subnet and tell pfSense how to get traffic to the wireless subnet.

    You wouldnt happen to have any guides or information on how I could do this do you?

    Thanks.



  • @Toasticuss:

    The emails seemed to have started coming right after plugging in the new email server which hosts my email address, I'm still puzzled by the IPs, I also believed it could be something from the WAN side further up but nothing has my email address and the WAN runs on 192.168.0.1 with a forced DHCP server.

    Did you look at the full mail headers? Saving the email as a file might make them available in the file.

    @Toasticuss:

    You wouldnt happen to have any guides or information on how I could do this do you?

    No, I have never had a need or desire to do this. I expect a google on something like "Ubuntu wireless bridge" would probably fairly quickly turn up something useful.



  • @wallabybob:

    @Toasticuss:

    The emails seemed to have started coming right after plugging in the new email server which hosts my email address, I'm still puzzled by the IPs, I also believed it could be something from the WAN side further up but nothing has my email address and the WAN runs on 192.168.0.1 with a forced DHCP server.

    Did you look at the full mail headers? Saving the email as a file might make them available in the file.

    @Toasticuss:

    You wouldnt happen to have any guides or information on how I could do this do you?

    No, I have never had a need or desire to do this. I expect a google on something like "Ubuntu wireless bridge" would probably fairly quickly turn up something useful.

    I looked at the mail headers, they are coming straight from my domains, anyway, I'll work on that wireless bridge, thanks.



  • If you will not be using that computer for anything else but providing wireless access, I'd suggest installing OpenWrt on it and installing the luci web gui package if not already included on the image you install.



  • @Efonne:

    If you will not be using that computer for anything else but providing wireless access, I'd suggest installing OpenWrt on it and installing the luci web gui package if not already included on the image you install.

    Right, so I installed Ubuntu and got the PCI wireless card running at terrible speeds being a host bridge with hostapd, and I tried the same thing with OpenSuse, but I got the same speeds, I was getting 6Mbps down 4 Mbps up on wireless N, I want to try it on OpenWRT but unfortunately it looks like installing OpenWRT on to a real machine isn't the easiest thing, there are no preset bootable ISOs ready to go. Theres quite a bit of prep work =/.

    I don't have all the time in the world for it…



  • What kind of card is it, anyway?  Does it have an Atheros chipset for 802.11n or is it something else?  For open source, Atheros wireless is the best supported.  What form factor is the card?  What kind of antenna(s)?

    As for using OpenWrt, I suppose the reason I suggested it was that once installed it would be fairly easy to configure.  It is also possible it may have a more up-to-date or better tuned version of the driver for the wireless card.  I suppose at this point that may be the only reason to try it.  On that topic, I did forget to mention that you would also need to install the package for the wireless driver you need if you used OpenWrt.  I don't recall if the release images come with the web gui preinstalled or not; if not, you may need to configure it from the console for internet access and downloading the packages.

    There is no bootable ISO for installing OpenWrt, so you do need to either write it from the running OS (maybe booting from another LiveCD ISO to do it) or attach the drive to another computer to write it to the drive (with the dd command or another image writer).  The former would likely be less work if you already have a LiveCD available to boot from to download and write the image.  If you attempt this, you could try this image: http://downloads.openwrt.org/backfire/10.03.1/x86_generic/openwrt-x86-generic-combined-squashfs.img



  • @Efonne:

    What kind of card is it, anyway?  Does it have an Atheros chipset for 802.11n or is it something else?  For open source, Atheros wireless is the best supported.  What form factor is the card?  What kind of antenna(s)?

    As for using OpenWrt, I suppose the reason I suggested it was that once installed it would be fairly easy to configure.  It is also possible it may have a more up-to-date or better tuned version of the driver for the wireless card.  I suppose at this point that may be the only reason to try it.  On that topic, I did forget to mention that you would also need to install the package for the wireless driver you need if you used OpenWrt.  I don't recall if the release images come with the web gui preinstalled or not; if not, you may need to configure it from the console for internet access and downloading the packages.

    There is no bootable ISO for installing OpenWrt, so you do need to either write it from the running OS (maybe booting from another LiveCD ISO to do it) or attach the drive to another computer to write it to the drive (with the dd command or another image writer).  The former would likely be less work if you already have a LiveCD available to boot from to download and write the image.  If you attempt this, you could try this image: http://downloads.openwrt.org/backfire/10.03.1/x86_generic/openwrt-x86-generic-combined-squashfs.img

    This is the card
    http://www.amazon.com/gp/product/B0034CL2ZI/ref=oh_details_o01_s00_i00

    What exactly am I supposed to do with the .img's? I have plenty of LiveCDs but I don't quite understand how I can write the img to the HDD from a live CD to use it..



  • @Toasticuss:

    I don't have all the time in the world for it…

    @wallabybob:

    The least troublesome way to do that is probably to buy a $25 Wireless router/AP and connect it to a switch connected to the pfSense LAN interface, following the appropriate how-to on http://doc.pfsense.org.

    but if you are after a "learning experience" carry on. You can save the cash by spending hours. Only you can decide if the trade is worth it to you.



  • @wallabybob:

    @Toasticuss:

    I don't have all the time in the world for it…

    @wallabybob:

    The least troublesome way to do that is probably to buy a $25 Wireless router/AP and connect it to a switch connected to the pfSense LAN interface, following the appropriate how-to on http://doc.pfsense.org.

    but if you are after a "learning experience" carry on. You can save the cash by spending hours. Only you can decide if the trade is worth it to you.

    Well can you tell me if putting in the hours, the card will even come close to pushing past 50 Mbps on LAN?

    I don't think it will, I'm not coding a driver for it either…



  • @Toasticuss:

    Well can you tell me if putting in the hours, the card will even come close to pushing past 50 Mbps on LAN?

    I've been able to get around 70 or 80 Mbps from an Alix with a mini PCI card similar to your card, using OpenWrt partly since I wanted something meant to run on a device with flash memory.  How fast is your system you are trying this on? (Alix is only 500 MHz)  Of course, signal strength is a big part of it, too.

    That card you have should be an Atheros-based 802.11n card.

    To copy OpenWrt while booted from a LiveCD, download the file to /tmp/ and if your drive is /dev/sda (most likely is), run this command:
    dd if=/tmp/openwrt-x86-generic-combined-squashfs.img of=/dev/sda

    This will overwrite your installed OS and partition table on the drive, so don't do this if you have anything on the drive you don't want to lose.  If there are any other hard drives in the system, you should remove them or at least unplug them first.

    When you get it up, the default IP address will be 192.168.1.1.  To download packages, you will need to configure the system for internet access - give it a proper IP on your network and assign the gateway IP and DNS server IP.  The DHCP server may be turned on for lan by default; you will want to turn it off.  The packages you will want to install are kmod-ath9k and wpad.



  • @Efonne:

    @Toasticuss:

    Well can you tell me if putting in the hours, the card will even come close to pushing past 50 Mbps on LAN?

    I've been able to get around 70 or 80 Mbps from an Alix with a mini PCI card similar to your card, using OpenWrt partly since I wanted something meant to run on a device with flash memory.  How fast is your system you are trying this on? (Alix is only 500 MHz)  Of course, signal strength is a big part of it, too.

    That card you have should be an Atheros-based 802.11n card.

    To copy OpenWrt while booted from a LiveCD, download the file to /tmp/ and if your drive is /dev/sda (most likely is), run this command:
    dd if=/tmp/openwrt-x86-generic-combined-squashfs.img of=/dev/sda

    This will overwrite your installed OS and partition table on the drive, so don't do this if you have anything on the drive you don't want to lose.  If there are any other hard drives in the system, you should remove them or at least unplug them first.

    When you get it up, the default IP address will be 192.168.1.1.  To download packages, you will need to configure the system for internet access - give it a proper IP on your network and assign the gateway IP and DNS server IP.  The DHCP server may be turned on for lan by default; you will want to turn it off.  The packages you will want to install are kmod-ath9k and wpad.

    Thank you for the quick reply, the system it's going to be on is a normal computer actually, with a Pentium 4… I'll give it a shot, thanks for the quick guide.



  • That computer should definitely be fast enough to get a high speed if you are getting good enough signal on the connection.  If you are getting a sufficient signal, it should be able to at least match 100 Mbps wired ethernet for one-way traffic.  I'd try experimenting with different channels.  Regardless of the channels used by surrounding networks (or lack thereof), sometimes the antennas have a sweet spot frequency where they just work best.  Also wanted to note that 802.11n does not support WEP or TKIP (or at least is not supposed to), so 802.11n may get silently disabled if you tried to use either of those.



  • @Efonne:

    @Toasticuss:

    Well can you tell me if putting in the hours, the card will even come close to pushing past 50 Mbps on LAN?

    I've been able to get around 70 or 80 Mbps from an Alix with a mini PCI card similar to your card, using OpenWrt partly since I wanted something meant to run on a device with flash memory.  How fast is your system you are trying this on? (Alix is only 500 MHz)  Of course, signal strength is a big part of it, too.

    That card you have should be an Atheros-based 802.11n card.

    To copy OpenWrt while booted from a LiveCD, download the file to /tmp/ and if your drive is /dev/sda (most likely is), run this command:
    dd if=/tmp/openwrt-x86-generic-combined-squashfs.img of=/dev/sda

    This will overwrite your installed OS and partition table on the drive, so don't do this if you have anything on the drive you don't want to lose.  If there are any other hard drives in the system, you should remove them or at least unplug them first.

    When you get it up, the default IP address will be 192.168.1.1.  To download packages, you will need to configure the system for internet access - give it a proper IP on your network and assign the gateway IP and DNS server IP.  The DHCP server may be turned on for lan by default; you will want to turn it off.  The packages you will want to install are kmod-ath9k and wpad.

    I followed your simple command guide but unfortunately when trying to boot from /dev/sda/ it just sits at this screen -

    Any ideas?



  • That's after copying OpenWrt over?  Did you try connecting to 192.168.1.1 with a web browser or telnet? (on a computer configured to be in the same subnet)  It probably is just not booting up, but it is possible it is using a serial console instead for some reason and not displaying anything on the screen.  Probably unlikely though, because I tested the image in a VM and did get output on the display.

    As for what you've tested already, when you used a regular Linux distro did you try different channels when you were testing it?



  • @Efonne:

    That's after copying OpenWrt over?  Did you try connecting to 192.168.1.1 with a web browser or telnet? (on a computer configured to be in the same subnet)  It probably is just not booting up, but it is possible it is using a serial console instead for some reason and not displaying anything on the screen.  Probably unlikely though, because I tested the image in a VM and did get output on the display.

    As for what you've tested already, when you used a regular Linux distro did you try different channels when you were testing it?

    It's not getting past the boot loader, and yes I tried channels 1, 6, and 11, which are the standard channels in the US and they all gave the same result.



  • I suppose it was worth a try.  I don't know if there is some other distro you could try that would specifically have more up-to-date or tuned drivers.



  • I was finally able to get the wireless up and running on OpenWRT is been working pretty good, the max speed for file transfers is 6MB/s which I thought was kinda low but I can deal with it.

    However these connection limit emails are really starting to bug me, I don't know what is telling them to be sent out…


Locked