How to hide/protect my LAN size and keep it private from my ISP ?
-
Greetings everyone,
My ISP warned me that I have a large LAN which is considered abusive by their stupid policy.
I'm living in a family house, and we are a big family!
Many mobiles, tablets, laptops, and PCs!So, I had to move to another ISP after a fight with the previous one… And I don't want that fight to be repeated with my new current ISP.
I'm using pfSense for years now, and thought it covers my LAN and makes the main router/ADSL modem only sees the server's WAN interface.
But either that's not true, or my previous ISP was just guessing.How can I make sure that my pfSense server hides my LAN size from the ISP ?
-
They are probably judging your LAN size based on either bandwidth use or number of DNS queries.
You can use pfsense as your DNS server instead of their provided DNS servers but good luck hiding bandwidth use from them.
-
They are probably judging your LAN size based on either bandwidth use or number of DNS queries.
You can use pfsense as your DNS server instead of their provided DNS servers but good luck hiding bandwidth use from them.
As it's not possible to hide my bandwidth, I think :D , How do I use pfSense as DNS server?
I checked the DNS on my iPad now and it's the same IP of my pfSense server.
-
If you are on pfsense 2.2 and did a fresh install of pfsense 2.2 pfsense is your DNS server by default.
If not, you have to turn off dns forwarder in 2.2, turn on dns resolver so that all the queries hit pfsense and pfsense will query the root dns servers on the web.
-
You can also make sure that 5 people in the house don't have peer-to-peer file services running in the background 24/7
-
In addition to using pfSense DNS Resolver instead of DNS Forwarder… Block all LAN originated DNS queries to anything other than the pfSense machine.
LAN firewall rule example (at top of rules list):
Proto: IPv4+6 TCP/UDP
Src: *
Port: *
Dst: !DNS_Approved_Servers
Port: 53
Gateway: *
Queue: noneWhere DNS_Approved_Servers is an alias list of your approved DNS servers. For instance 192.168.1.1.
Another option is to purchase an external VPN service and route all traffic through the VPN. Then your ISP will only be able to see bandwidth usage.
-
The whole thing with your ISP is so idiotic. I have never heard of an ISP that even cares how many clients are on your LAN. They care about three things: How fast is your link, how much do you download, how much do you pay. You are paying for a service, and I can't imagine in what Universe they think they have any right to complain about how many clients are on your LAN. Do they specify such things in your service contract? If not, tell them to go take a long walk off a short pier.
-
Its somewhat the same on the ISP I am using right now. You pay for a plan and then they fine me 25% more because by actually using my bandwidth I'm in violation of their "fair use" policy. ISPs in lots of places are perfectly happy to sell you certain fast unlimited plans as long as you don't actually use it… I guess they think internet is just for email, chat and FaceBook...
-
All this ISP game-playing is depressing. Is it really that hard to decide on a firm access plan that doesn't have vagueness and threats of disconnection? But the instant they realize they can charge you per GB above your cap, suddenly they'll be pushing you to use as much data as possible and to upgrade your service.
-
Nope - I'd be disco. There is nothing in my life I can't put down, including internet.
If the expense outweighed the utility I'd drop it.
-
net.inet.ip.stealth=1(Then they won't complain that your LAN is too big, but that you are a horrible leecher instead… :P)
-
Are you using PFSense as a NAT or transparent firewall? My ISP will hand out as many IPs are you want via DHCP. Their official policy is 1 IP for marketing reasons, but in reality, they have customers that use switches instead of firewalls or routers, and those customers complained loudly, so I was told.