New to pfSense, 3 questions about wireless, ICMP and DNS ACLs.
-
I'm just finding my way around pfSense - have had some Checkpoint and Debian Linux experience in the distant past. So my first pfSense post.
From the forums here i decided to try out pfSense on the Celeron 1037U and the installation has be a breeze so far. No troubles in getting UK delivery, the packing tape skill of the sender - a work of art in itself. IPSEC VPN working within a few minutes. I added a cheap 20GB SSD and 4GB memory. CPU hardly stressing. Really happy.
The web interface is very professional, a joy to use. A few little questions after a couple of days running.
a) The wireless interface is not recognised, and is probably not suitable for running an Access Point (i don't need one in the firewall). I'm assuming I can leave it "unrecognised" until I need that interface for something (thinking wireless secondary route in the future). Is that a sane idea, or should i just remove the miniPCIE wireless card or track down some drivers and disable it?
b) Decided to run some diagnostics, looking at the pfTop i noticed a large amount of ICMP traffic -packet captured this to a CAP file and reviewed in Wireshark. Seems the firewall is pinging the next upstream router every second.
The WAN interface is PPPoE but i can not find if this in the PPPoE settings or online help, cause - or perhaps some other link monitor is going on.
So my question is - is this ICMP traffic normal ?
c) on the DNS Resolver Setup (to support local LAN DNS, and local DNS values from DCHP) a question on Access Lists
I wanted to have three subnets "allowed access list" and then one "Catchall List 0.0.0.0/0" which i planned to set to "block". I found i could not set the CIDR to value 0 (1-32 only) for the second. I suspect I'm not understanding the defaults?
Thanks all
-
OK I found the answer to b) is this ICMP traffic normal ? - Yes - its the default for monitoring and can be tweaked in the System / Routing / Edit Gateway section - and it works perfectly.