Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Jeff V.

Pages: [1] 2
1
IPv6 / Re: Native IPV6 with DCHP6
« on: June 18, 2014, 04:15:09 pm »
This doesn't make any sense. I've had this working on both my pfSense box and my Adtran router, and both had rapid-commit (solicit < reply) enabled.  But some of my own pfSense debugs, and packet capture info from the GFNB, make it look like normal-commit (solicit < advertise > request < reply) is being used.

Here's my debug from the successful DHCP6 pull on my pfSense box.  Hopefully it helps.

Code: [Select]

Jun/17/2014 16:19:03: cfdebug_print: <3>end of sentence [;] (1)
Jun/17/2014 16:19:03: configure_pool: called
Jun/17/2014 16:19:03: clear_poolconf: called
Jun/17/2014 16:19:03: dhcp6_reset_timer: reset a timer on em0, state=INIT, timeo=0, retrans=383
Jun/17/2014 16:19:03: client6_send: a new XID (7f98bd) is generated
Jun/17/2014 16:19:03: copy_option: set client ID (len 14)
Jun/17/2014 16:19:03: copyout_option: set identity association
Jun/17/2014 16:19:03: copy_option: set elapsed time (len 2)
Jun/17/2014 16:19:03: copy_option: set option request (len 4)
Jun/17/2014 16:19:03: copyout_option: set IA_PD
Jun/17/2014 16:19:03: client6_send: send solicit to ff02::1:2%em0
Jun/17/2014 16:19:03: dhcp6_reset_timer: reset a timer on em0, state=SOLICIT, timeo=0, retrans=1088
Jun/17/2014 16:19:03: client6_recv: receive advertise from fe80::ea4:2ff:fea2:c01%em0 on em0
Jun/17/2014 16:19:03: dhcp6_get_options: get DHCP option server ID, len 10
Jun/17/2014 16:19:03:   DUID: 00:03:00:01:0c:a4:02:a2:0c:01
Jun/17/2014 16:19:03: dhcp6_get_options: get DHCP option client ID, len 14
Jun/17/2014 16:19:03:   DUID: 00:01:00:01:1b:33:6d:47:00:90:7f:aa:bb:cc
Jun/17/2014 16:19:03: dhcp6_get_options: get DHCP option identity association, len 40
Jun/17/2014 16:19:03:   IA_NA: ID=0, T1=900, T2=1200
Jun/17/2014 16:19:03: copyin_option: get DHCP option IA address, len 24
Jun/17/2014 16:19:03: copyin_option:   IA_NA address: 2605:a601:fe04:zzzz::1 pltime=1800 vltime=3600
Jun/17/2014 16:19:03: dhcp6_get_options: get DHCP option IA_PD, len 41
Jun/17/2014 16:19:03:   IA_PD: ID=0, T1=900, T2=1200
Jun/17/2014 16:19:03: copyin_option: get DHCP option IA_PD prefix, len 25
Jun/17/2014 16:19:03: copyin_option:   IA_PD prefix: 2605:a601:43e:xxxx::/56 pltime=1800 vltime=3600
Jun/17/2014 16:19:03: dhcp6_get_options: get DHCP option vendor specific info, len 39
Jun/17/2014 16:19:03: dhcp6_get_options: unknown or unexpected DHCP6 option vendor specific info, len 39
Jun/17/2014 16:19:03: client6_recvadvert: server ID: 00:03:00:01:0c:a4:02:a2:0c:01, pref=-1
Jun/17/2014 16:19:03: client6_recvadvert: reset timer for em0 to 0.990653
Jun/17/2014 16:19:04: select_server: picked a server (ID: 00:03:00:01:0c:a4:02:a2:0c:01)
Jun/17/2014 16:19:04: client6_send: a new XID (2f3e02) is generated
Jun/17/2014 16:19:04: copy_option: set client ID (len 14)
Jun/17/2014 16:19:04: copy_option: set server ID (len 10)
Jun/17/2014 16:19:04: copyout_option: set IA address
Jun/17/2014 16:19:04: copyout_option: set identity association
Jun/17/2014 16:19:04: copy_option: set elapsed time (len 2)
Jun/17/2014 16:19:04: copy_option: set option request (len 4)
Jun/17/2014 16:19:04: copyout_option: set IA_PD prefix
Jun/17/2014 16:19:04: copyout_option: set IA_PD
Jun/17/2014 16:19:04: client6_send: send request to ff02::1:2%em0
Jun/17/2014 16:19:04: dhcp6_reset_timer: reset a timer on em0, state=REQUEST, timeo=0, retrans=977
Jun/17/2014 16:19:04: client6_recv: receive reply from fe80::ea4:2ff:fea2:c01%em0 on em0
Jun/17/2014 16:19:04: dhcp6_get_options: get DHCP option server ID, len 10
Jun/17/2014 16:19:04:   DUID: 00:03:00:01:0c:a4:02:a2:0c:01
Jun/17/2014 16:19:04: dhcp6_get_options: get DHCP option client ID, len 14
Jun/17/2014 16:19:04:   DUID: 00:01:00:01:1b:33:6d:47:00:90:7f:aa:bb:cc
Jun/17/2014 16:19:04: dhcp6_get_options: get DHCP option identity association, len 40
Jun/17/2014 16:19:04:   IA_NA: ID=0, T1=900, T2=1200
Jun/17/2014 16:19:04: copyin_option: get DHCP option IA address, len 24
Jun/17/2014 16:19:04: copyin_option:   IA_NA address: 2605:a601:fe04:zzzz::1 pltime=1800 vltime=3600
Jun/17/2014 16:19:04: dhcp6_get_options: get DHCP option IA_PD, len 41
Jun/17/2014 16:19:04:   IA_PD: ID=0, T1=900, T2=1200
Jun/17/2014 16:19:04: copyin_option: get DHCP option IA_PD prefix, len 25
Jun/17/2014 16:19:04: copyin_option:   IA_PD prefix: 2605:a601:43e:xxxx::/56 pltime=1800 vltime=3600
Jun/17/2014 16:19:04: dhcp6_get_options: get DHCP option vendor specific info, len 39
Jun/17/2014 16:19:04: dhcp6_get_options: unknown or unexpected DHCP6 option vendor specific info, len 39
Jun/17/2014 16:19:04: get_ia: make an IA: PD-0
Jun/17/2014 16:19:04: update_prefix: create a prefix 2605:a601:43e:xxxx::/56 pltime=1800, vltime=3600
Jun/17/2014 16:19:04: get_ia: make an IA: NA-0
Jun/17/2014 16:19:04: update_address: create an address 2605:a601:fe04:zzzz::1 pltime=1800, vltime=3600
Jun/17/2014 16:19:04: ifaddrconf: add an address 2605:a601:fe04:zzzz::1/128 on em0
Jun/17/2014 16:19:04: client6_recvreply: executes /var/etc/dhcp6c_wan_script.sh
Jun/17/2014 16:19:11: client6_script: script "/var/etc/dhcp6c_wan_script.sh" terminated
Jun/17/2014 16:19:11: dhcp6_remove_event: removing an event on em0, state=REQUEST
Jun/17/2014 16:19:11: dhcp6_remove_event: removing server (ID: 00:03:00:01:0c:a4:02:a2:0c:01)
Jun/17/2014 16:19:11: client6_recvreply: got an expected reply, sleeping.


I noticed your box isn't calling /var/etc/dhcp6c_wan_script.sh.  That's not something I've touched at all.  It was included and called by default as part of my dhcp6c_wan.conf file.

2
General Questions / Re: 802.1p/q pfsense setup
« on: June 17, 2014, 06:42:08 pm »
For anyone who's interested, I have a working IPv6 config now. 

Go here and see post 7.  Beware possible hard crashes when you have IPv4 + IGMP + IPv6 configured though.

https://forum.pfsense.org/index.php?topic=76322.0

3
IPv6 / Re: Native IPV6 with DCHP6
« on: June 17, 2014, 06:40:01 pm »
Good news / bad news time.

The good news is, I have IPv6 support working. 

The bad news is, I'm probably going to have to scrap my pfSense/Watchguard box.  I'm still having way too many problems with the IPTV aspect of this, and now the box is having some weird crashing issues.  (I've explained in a bit more detail down at the end of this post)

Per Google, they only allow one MAC address per subscriber to get a /56 IPv6 allocation.  The timeout on this is about 1 hour.  So you'll need to disconnect your GFNB if it's still hooked up.  You can connect the pfSense box right away and just use the IPv4 connectivity until the IPv6 lease timeout passes.

The first thing I did was to edit /var/etc/dhcp6c_wan.conf.  You need to enable the option for rapid-commit.  This lets the client exchange DHCP info with only 2 packets instead of 4.  I think this is the most critical thing that was missing.  Here's my complete dhcp6c_wan.conf file:

Code: [Select]
interface em0 {
    send ia-na 0;   # request stateful address
send ia-pd 0; # request prefix delegation
send rapid-commit;
request domain-name-servers;
request domain-name;
script "/var/etc/dhcp6c_wan_script.sh"; # we'd like some nameservers please
};
id-assoc na 0 { };
id-assoc pd 0 {
prefix-interface em1 {
sla-id 0;
sla-len 8;
};
};


The only line I had to add was 'send rapid-commit'.

Once the 1 hour timer was up, I ran this from the shell:

/usr/local/sbin/dhcp6c -d -c /var/etc/dhcp6c_wan.conf -p /var/run/dhcp6c_re0.pid -f -D em0

You should see debug output showing that your WAN interface (em0 in my case) received both an IA-NA (non-temporary IPv6 address for the WAN interface itself) and an IA-PD (the /56 prefix assigned by Google)

Now go into the GUI, and go to Interfaces > WAN.  Under 'DHCP6 client configuration' set the 'prefix delegation size' dropdown to 56.  Leave the other IPv6 boxes unchecked and apply your settings.

Next, go to Interfaces > LAN.

Under IPv6 config type, change it to 'track interface'.  That'll enable some new IPv6 options further down the page. Set the 'track interface' dropdown to WAN, and set the 'IPv6 prefix ID' to 0.  Apply the changes.

You should see something like the following in the GUI or shell output:

Code: [Select]
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC>
ether 00:90:7f:aa:bb:cc
inet 23.228.aaa.bbb netmask 0xfffff000 broadcast 23.228.191.255
inet6 fe80::290:7fff:feaa:bbcc%em0 prefixlen 64 scopeid 0x1
inet6 2605:a601:fe04:xxxx::1 prefixlen 128 tentative
nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=9b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
ether 00:90:7f:32:38:76
inet 172.16.zzz.254 netmask 0xffffff00 broadcast 172.16.zzz.255
inet6 2605:a601:43e:xxxx:yyyy:7fff:feaa:bbdd prefixlen 64
inet6 fe80::1:1%em1 prefixlen 64 scopeid 0x2
nd6 options=1<PERFORMNUD>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active


Release and renew the interface on your PC and you should have routable IPv6 addresses.  I tested against test-ipv6.com and got a score of 10/10.


I'd like to pass along one warning though.  I originally started this with a stable IPv4 + IGMP setup. (Albeit with flaky IPTV).  Once I started messing with the dhcp6c_wan.conf file, I started having 'fatal trap 12' crashes.  To the point where the box would crash as soon as I brought up the LAN interface, while the WAN was unplugged.  I started swapping RAM and testing hardware and everything came up clean.  So I completely re-imaged the CF card with a fresh copy of 2.1.3-release.

From there, I rebuilt everything from scratch without any problems or crashes all the way up through the successful IPv6 compliance tests.  However, IPTV does not work with IPv6 alone.  Or at least I wasn't able to figure out how to make it work in my testing.  Anyway, I went through Atlantisman's pfSense guide and rebuilt all of the IPv4 + IGMP stuff.  Next time I rebooted my Storage Box, my pfSense box crashed again.  By this time I'd had enough and just switched everything back to the Google hardware.

Between the IGMP problems and this new crashing issue, I think I'm done.  I've got the crash console output if anyone wants to go down that road.

4
General Questions / Re: 802.1p/q pfsense setup
« on: May 16, 2014, 04:40:57 pm »
Also, I figured out how to disable the stack ports on the FSM73xxS series.

http://rivald.blogspot.com/2009/05/netgear-switches-fsm7352s-and-disabling.html

Quote
To disable stacking from the command line:

enable (if you aren't there already)
configure
stack
stack-port 1/0/51 ethernet
stack-port 1/0/52 ethernet

To revert them back to stack ports:

configure
stack
stack-port 1/0/51 stack
stack-port 1/0/52 stack

I had to reboot my switch to get the change to take effect.   Substitute 1/0/27 and 1/0/28 if you only have the 28 port version like I do.

5
General Questions / Re: 802.1p/q pfsense setup
« on: May 15, 2014, 11:25:56 pm »
The weird part for me is that I tried to get a v6 address when I had my MacBook connected directly to the switch, before I had hooked up the pfSense box.

If I set up VLAN 2 on my MacBook and plug directly into the fiber jack, I get both v4 and v6 addresses a v4 address only. These Netgear boxes I'm testing are pretty old, so it wouldn't surprise me if something isn't up to spec.

I like your idea of splitting the networks.  But that would break the Fiber guide app, right?  As it sits, I'm going to have to shelve this whole project because my wife is losing patience with the TV situation, and breaking the Fiber app will be the last straw.  If it was up to me, this wouldn't even be an issue.  I'd have the gigabit-only package...

EDIT:  I have to backtrack part of what I said.  I didn't actually test v6 directly to the fiber jack on the night I installed the Netgear.  My recollection of getting a v6 address directly off the fiber jack was based on an apparently incorrect memory of the first time I tried this many months ago.  I am definitely not getting a v6 address right now.

I'm still a little fuzzy on it, but I found this thread that may help explain it.

http://apple.stackexchange.com/questions/60608/does-os-x-have-a-builtin-dhcpv6-client

It's directly more towards OSX, but I think the theory could apply to pfSense too (especially since they're both based on FreeBSD).   It looks like you need certain options enabled on the upstream router in order for DHCPv6 to work.  Without those options enabled, you need to rely on other IPv6 mechanisms (router announcements?)

So my speculation is that the Google Network Box requests a v6 prefix from the upstream Google interface. The LAN facing side of the Network Box has the necessary options turned on, so DHCPv6 works on inside your network.

6
General Questions / Re: 802.1p/q pfsense setup
« on: May 15, 2014, 08:53:21 pm »
Well, good news.  The FSM7328S works great.  The config needs a few tweaks vs the GSM7312, but it overall it's the same.

The ports are numbered 1/0/1 - 1/0/24 for the 10/100 ports, and 1/0/25 - 1/0/28 for the gig ports.

Right off the bat, this switch is meant for stacking with other compatible Netgear switches.  As best I can tell, there's no way to disable this.  Thus, ports 1/0/27 and 1/0/28 are hard coded stack ports and don't seem to be available for general purpose use.  They took the config, but I wasn't able to pass traffic.  It cleared up when I moved the pfSense box to 1/0/25 and the Google ONT to 1/0/26.    I was able to get ~930x930 Mbit when I tested directly from the switch.

This is basically the box-stock config, with the bare minimum to get it working on a Google connection.  The config is attached.  You'll be able to telnet or access the web UI at 192.168.1.4 from any of the 10/100 ports.

The other nice thing about this vs the GSM73xx box is that it's smaller, and fanless.  For $35 shipped, I couldn't be happier.

Now on to the not so good news.

I'm still seeing some IPTV issues.  It was bad enough that my wife gave up on watching TV while she worked from home today.  I may have found a partial fix though.

If you go into System > Advanced and then go to the System Tunables tab, there's an option called net.inet.ip.fastforwarding.  Edit that value, and change it from 'default' to '1'.   Then reboot your box.   I noticed a nice 10% increase in my speed tests, though the tests were hardly scientific.    I've been watching a movie for the last couple hours, and the video has been damn near perfect the entire time.   Be warned though.  I've read some posts that say this setting can break IPSEC VPN clients. That may have just been for older versions though.  The information is conflicting in some places.

I've read about people successfully using far less powerful pfSense setups on other IPTV systems, so all I can figure is that Google has very tight timing tolerances that the pfSense IGMP proxy or firewall code struggles to meet.

One last thing....IPv6 DHCP.  I tried to get an IPv6 address when I tested directly from the Netgear switch.  I wasn't able to.  Technically the switch should just pass any ethernet frames, regardless of whether they've got v4 or v6 payloads.  But clearly something is missing.  I don't know enough about IPv6 yet to really make much headway on it.

I've got access to a few other switches, so I'll see if I can't line up some more tests for the IPv6 stuff.

7
General Questions / Re: 802.1p/q pfsense setup
« on: May 12, 2014, 02:29:06 pm »
This weekend, I finally got a chance to mess with this some more.

I was able to borrow a Netgear GSM7312 switch from work.  While the GUI is laid out differently from the GS108T, it follows the same unintuitive logic.  Fortunately rhornsby created a great guide for the GS108T that I was able to follow to get the 7312 working.

When I was directly connected to the 7312, I was pulling ~930 mbit in both directions. That's about as fast as I've seen any Google Fiber connection go, so I'm really pleased.

My pfSense box is a rebuilt and upgraded Watchguard X5000.  With that in place, I'm seeing around 800 both ways.   So a little bit of loss, but I'm still pleased. Especially for something that didn't even power up when I bought it.   Video is working nearly perfectly.  I've seen a couple very minor interruptions, and I'm hoping I can eventually tune those out.

Given what I've seen on eBay, I don't think the Netgear GSM switches are preferable to the GS108T.  They can be rack mounted, but they take up more space and power than the GS108T.  They're also a bit more expensive.  On the bright side, they have a text based command line and config file.  I've attached a fairly generic config for my 7312.  Port 1 goes to the Google ONT.  Port 2 goes to the router. And port 3 is set up to allow you to connect via telnet or the web GUI on 192.168.1.4.

What I'm really curious about is the Netgear FSM series.  These are 10/100 switches that have 2-4 gigabit uplink ports. They're quite a bit cheaper than the all-gigabit GSM series.  I was able to grab a FSM7328S for $35 shipped.  According to the data sheet, the backplane bandwidth is competitive with the GSM7312, and it uses the same base firmware and command line.   So hopefully I can just paste in my config file and be right back in business.

Thanks to Atlantisman and rhornsby and everyone else for their hard work on this.  It was so well documented that it was actually enjoyable to work on.  I should hopefully have a report on the FSM7328S this weekend.

8
General Questions / Re: 802.1p/q pfsense setup
« on: February 06, 2014, 07:21:34 pm »
That is spectacular.  If the occasion ever arises, I'll buy you a beer or two :)

Can you post the config details that get the TV going?

9
General Questions / Re: 802.1p/q pfsense setup
« on: January 30, 2014, 09:12:22 am »
Have you read up on IGMP at all?  I've seen people in other threads about IPTV systems mentioning that they had to run some kind of IGMP proxy in order to get TV working.    I haven't dug too deep into it myself since my focus until now has been getting the data working correctly.

I really hope it's possible to get the .1p stuff working in pfSense.  I've got a really nice gig switch, but I'd rather not have it managing both internal and external traffic, mainly from a simplicity standpoint. That was a big part of my reason for buying the Watchguard.

10
General Questions / Re: 802.1p/q pfsense setup
« on: January 29, 2014, 07:21:10 pm »
I've made a bit of progress.  It's not strictly pfSense related, but I'm hoping we can use this to bridge the gap.

I borrowed an Adtran Netvanta 1335 from work.   It's basically a router with some Layer 3 switching capabilities.  There's 24 10/100 ports and 2 gig ports.

Right off the bat, this old POS looks to be hardware limited to ~120 Mbit/sec even on the gig ports.  I knew they were running out of gas (which is why we're replacing them at work) but I thought it was a CPU/ # of firewall sessions problem.  I guess it's all of the above.

Also, I have no IPv6 enabled.  I'm not even sure it's supported on this platform.  No IPv6 = IPTV on this system.

Anyway, I fixed the upload problem. Once I got basic connectivity established, I was pulling 120 down, and only 10 up.  Which is what Atlantis and I were seeing on pfSense.

After I got a QoS policy in place, upload improved to match the download rates.  I was getting 120 both ways.   I did verify that the gig ports were auto-negotiating at the correct rate and not accumulating errors.

So here's what I'm hoping for.  Adtran configs are very similar to Cisco.  It's my hope that some of the more knowledgeable folks will read what I did with this Adtran, and then chime in with how we might be able to implement a similar config on pfSense.

I'll explain the relevant parts of the config, and I'll upload the entire thing as an attachment.  The only changes I've made is to remove the password hashes.  Everything else is line for line identical to my running config.   Please don't critique it too hard.  It's just something I banged together in a few minutes for testing purposes.

So, to get this working:

Create interface VLAN 2, and set it to DHCP.
*Put interface gigabit-switchport 0/1 into VLAN trunking mode.  Verify that VLAN 2 obtains an IP address and you can ping out.
*Turn up interface gigabit-switchport 0/2 and let it go on the default VLAN.  Add the necessary policies to allow outbound NAT. Verify access.

Create access list GF-dhcp
*Set the ACL to match both TCP and UDP port 67.  Probably only needs UDP.  Whatever.

Create access list GF-default
*Set this as a permit IP any <-> any

Create QoS policy GF-QoS
* On the first policy term, match against the GF-dhcp ACL
* When packets match the ACL, set the VLAN priority / 802.1p / CoS bit 2
* On the second policy term, match against GF-default
* This is the catch-all rule, which applies VLAN priority / 802.1p / CoS bit 3
* I wanted to do a ACL and QoS term for IGMP, but I couldn't figure out how to enable that.   Maybe later.

Apply the QoS policy in the outbound direction on VLAN 2. 

All traffic exiting VLAN 2 towards the internet will have the .1p / CoS bits set, and upload speeds should see a dramatic improvement.

Anyone want to take a crack at interpreting this into a pfSense config?

11
General Questions / Re: 802.1p/q pfsense setup
« on: January 27, 2014, 06:36:58 pm »
Quote from: stephenw10
Are you still running the 2.8GHz P4?

Yeah.  I haven't done anything to the CPU.  I stuck more RAM in it because it was sitting in a box doing nothing.  But that's the only performance chance I made.  I had to replace the PSU and every capacitor on the motherboard though.  That was not fun.

I haven't done any throughput testing on it.  The reduced speeds could be due to the .1p situation.  My outbound requests for data are going into the 'best effort' bin, which has the default effect of slowing down a server's response to me.

12
General Questions / Re: 802.1p/q pfsense setup
« on: January 27, 2014, 10:04:34 am »
400 is slow.  It's supposed to be a gig both directions ;)   Unfortunately, I think my old Watchguard box will be hardware-limited to ~400.  As long as I can fix the upload speeds and get the TV working, I don't really care.  Even 400 is faster than pretty much anything else I can connect to.

That's not a bad idea on segregating the ISP router. I'm not yet convinced that it's necessary though.  It looks like the TV devices just need to pass certain kinds of IPv6 traffic which pfSense seems to block by default. 

Later this week I'll see about borrowing some hardware from work so I can set up a Wireshark tap between the ONT and router. Then we'll see exactly what's going over the wire.

I'm also going to set up one of my Adtran routers to do some testing.  I've got a much better understanding of those, and I've got a much easier interface to mess with the .1p tags.

13
General Questions / Re: 802.1p/q pfsense setup
« on: January 26, 2014, 12:49:49 pm »
I noticed the TV boxes and the storage box send a UDP IPv6 packet to  ff02::1 approximately once per minute.  This is roughly equivalent to IPv4 multicast on 224.0.0.1?  I'm still really green on IPv6. 

Even though my pfSense install had a permit any <> any rule for IPv6, it was still blocking these multicast messages.  I put in a pass rule using the auto-generate tool in the logs.  That let the traffic out, but no replies were coming in.   It seems there's a lot that needs fixing.  This will really test the patience of my wife  ;D

14
General Questions / Re: 802.1p/q pfsense setup
« on: January 26, 2014, 11:40:23 am »
Still no joy on the uploads.

I do have some possible insight into the problem with the TV, though I'm no closer to fixing it.   Atlantisman, let me know if you're a TV subscriber or if you're internet-only.  I won't clutter up the thread with TV service details if I'm the only one using it right now.

15
General Questions / Re: 802.1p/q pfsense setup
« on: January 26, 2014, 11:02:02 am »
I fixed the VLAN and I'm getting out just fine.   I'm pulling ~400 down to Softlayer in Dallas, but uploads are still stuck at 10.

What's worse is the TV system is not working. The guide is showing, but that could just be cached.  I get a black screen on every channel I try.

I set up outbound rules from the WAN interface to 'any' to try to apply the tags as provided in the first post.  Nothing seems to help so far.

I'm starting to wonder if the original info was deleted simply because it was wrong or incomplete, and not because it's some conspiracy to keep 3rd party routers off the network.

Pages: [1] 2