PfSense Router?



  • Hello all,

    I currently have a Cisco 2621 Router routing my 10Mbit connection, but we are upgrading to a 100Mbit connection in January.  I want to replace the 2621, seeing as it has a max throughput of 12.8Mbps, with a pfsense box.  I am not sure what to do here, I just want it to route between the /30 block from my ISP to my /26 block of public addresses, nothing more.  I have disabled the firewall in System > Advanced and then added "pass anything all" rules for LAN and WAN, but i am not able to communicate with any ip on the wan side, besides the WAN address of pfsense.  What am I missing here?

    Right now I am just testing on my LAN to see if the hardware I have selected is sufficient to pass 100Mbit (Any recommendations for stress testing 100Mbit would be greatly appreciated, I just planned to get a high bandwidth capable file server on one end of the pfsense "router" with various large size files and as many clients on the other end and do some transferring over ftp, http, netbios, etc).  I have a Dell Optiplex GX270: Intel P4 2.8Ghz 533FSB, 512Mb DDR333 Ram (I can up this to 1GB if you recommend I do so), 1 Integrated Intel Pro 1000 MT, 2x 32-Bit PCI Intel Pro 1000 GT (3rd NIC is in case the integrate needs to get disabled and/or CARP if CARP will work in this setup) and I have disabled all integrated devices that aren't necessary such as serial port, parallel port, sound, etc.

    I am essentially trying to avoid purchasing a Cisco 2851 for a few grand.  Thanks a bunch.  Merry Christmas everyone.



  • If this helps to make it more clear, a quick diagram.

    LAN 2.3.4.128 /26 –---> Wan 2.3.4.0 /30

    For my test I have it setup like this:

    LAN Clients 10.20.0.0 /16 -----> pfSene LAN 10.20.0.1 ------> pfSense WAN 10.65.198.2 w/ def GW 10.65.198.1 --------> File Server (Dell PE 2800) 10.65.198.1

    I thought that turning off the firewall and having the default gateway set, it would route everything back and forth without a hitch, but I see no states, no traffic crossing the 2 subnets. :(  Thanks for your help. :D



  • the clients on your WAN side have a default GW other than the WAN-IP of the pfsense, right?
    you need to set a static route on the GW your client use on WAN side to the subnet behind pfSense. (pointing at the WAN IP of your pf)



  • Sorry I didn't mention adding the static route, but it was done from the beginning.  The file server on WAN side has no default gateway. I tried with and without the static route, but it just looks like pfsense isn't routing traffic between the LAN's.  I am about to setup wireshark on both ends to see what I can figure out.  I have the release 1.01 installed, no newer snapshot.

    Question: Will states still show up in Diagnostics > States with firewall off?  Will traffic graph still work as well?  Right now it shows 0 states :(



  • @DWAyotte:

    The file server on WAN side has no default gateway. I tried with and without the static route, but it just looks like pfsense isn't routing traffic between the LAN's.

    Question: Will states still show up in Diagnostics > States with firewall off?  Will traffic graph still work as well?  Right now it shows 0 states :(

    to 1: how is the fileserver supposed to know where the subnet behind pfsense is?
    where did you add the static route? on the file server?

    to 2: i dont know if you'll see states. probably not. the traffic graph should still work.



  • Well I re-installed pfSense and now everything works like a charm?  We did throughput testing and were able to achieve a solid 300mbit without any issues.  Possible we could push more, but I think at this point it was a limitation on my file server, but its more than I need for this project so I am pretty happy about it! :)

    Anyone know of any utility or method to test a few thousand states (preferably 10,000)?

    Thanks :D



  • @DWAyotte:

    Anyone know of any utility or method to test a few thousand states (preferably 10,000)?

    Thanks :D

    Yeah somebody on my network had loaded this Weather Watcher program. The program must of have been a zombie for a DoS attack as a couple weeks ago on Friday morning the network just went down. I pulled up the pfSense router webgui, which took forever to load, and the states were pegged at the 10k max. It was making thousands of requests to weather.com.


Log in to reply