PfSense cratered. My fault.



  • Until recently, I've been using a Linksys WRT54G v3 connected to a 7Mbps DSL connection.  My roommate has a Mac and tends to download some very large files, so throttling began to be an issue.  It is annoying to be chugging along in Guild Wars and to suddenly have your ping jump to 3000 and stay there.  I found that QoS on the Linksys was worthless.  My workplace sold off some old Dell computers for $15 each, so I bought two.

    I installed pfSense on the Dell GX110 (866Mhz PIII, 512MB, 20GB) and set it up to replace the Linksys.  Right from the start, it works so much better than the Linksys, until last night.  Note that I have installed some of the optional packages available such as Squid and a few that I can't name at the moment.  Last night, as we weren't using the connection for anything else, I tried raising the maximum throughput for his NNTP transfer from 25% to 50%, but it made no difference with the download rate.  Tried raising it to 80%, still no difference.  We discovered later that if we tried to browse to anything from either of our local computers, we are somehow redirected to the web server in the basement, even though no LAN rule existed to do so.  Restarted the server, no difference.  I removed both the LAN and WAN rules, rebuilding them,  ran through the packet shaping utility again but no change.  This morning, I performed a factory reset but the system failed to come back up.  I went to the basement to walk through the initial setup again and after saving settings and it restarting, it hung on a point talking about stopping a proxy service.  So, I reconfigured from CD again, to blow away everything.

    Since I'm setting things back up again, here are my questions:

    1.  A little background is required on this one.  I currently have the integrated NIC (de0), one add-in NIC (xl0) and a DLink 520 (ath0).  xl0 was serving as WAN, de0 as LAN and the wireless was bridged to LAN.  Connected to LAN, I have an 8-port Netgear switch, to which I have connected three Windows PCs, one Fedora 7 web server, an xbox 360 and a PS2.  I want to replace the one network card with a 4-port Intel NIC.  I thought about having enough ports on the pfSense router to connect everything, but decided that might increase latency when multiple transactions are taking place.  The xbox 360 speaks primarily to one of the Windows PCs and that PC, other than having files uploaded to it, doesn't talk to anything.  Would the following setup be beneficial?  Connect one switch to the first Intel port.  To that switch, connect the xbox 360, PS2 and media server.  To the second port, connect the web server.  On the third port, connect another switch, where the two remaining Windows PCs are connected plus all other unused network jacks, leaving the fourth port on the Intel NIC for future use.

    2.  I've read that when using a multi-port NIC, each port is seen as an individual network card.  If this is the case, are access rules set up independently?  For example, if I want SMTP, POP and IMAP service to go to the two Windows desktops but not to the web server, would a multi-port card be the way to go?

    3.  When using a multi-port NIC, what considerations do I need to make to ensure that I'm still able to remote into it using VNC, SSH, upload and edit documents on the web server from a machine connected to a different port?  Same applies with being able to use the Windows remote desktop connection to get to the media server from the other machines.

    If you haven't figured it out, I hate having to go down the stairs when I need to make changes to any of the servers.


Log in to reply