Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - kejianshi

Pages: 1 2 3 [4] 5 6 7 8 ... 332
46
Installation and Upgrades / Re: 2.4.2 Install Woes
« on: December 14, 2017, 10:41:46 pm »
Now it all makes perfect sense (-:

Its a common problem.  You already did the right thing.

47
Installation and Upgrades / Re: 2.4.2 Install Woes
« on: December 14, 2017, 09:12:11 pm »
Try using an entirely different IP range for pfsense and everything on the LAN side.

For instance 192.168.23.0 / 24

Where pfsense gets the 192.168.23.1 IP

DHCP range is say from .50 to .100

and static IPs can be from .2 - .49 or .101 - .254

or just anything like that.  See if it works. 

48
2.4 Development Snapshots / Re: Disk Usage Space Error
« on: December 13, 2017, 01:57:30 am »
No idea.  Does that work with google docs etc?

49
2.4 Development Snapshots / Re: Disk Usage Space Error
« on: December 12, 2017, 03:50:13 pm »
Speaking of logs, I just had a silly idea.  Wonder how hard it would be to make a package that maintained extensive logs offsite on something like google docs or microsoft docs etc?

50
Installation and Upgrades / Re: Pfsense 2.4.2
« on: December 11, 2017, 09:31:45 am »
I still remember when I bought a batch of several MCCOE64G5MPP-0VA

Bought them for about $60 each...

SLC SSD SATA 3.0Gbps 2.5"

SLC drives are just indestructible.  All are still going strong. 

Anyway - To check to see if it is enabled by default after install, in Diagnostics > Command Prompt try something like:

camcontrol identify /dev/ada0

Look down and find Data Set Management (DSM/TRIM) - See if it says yes and yes. 

If so, its on by default if the drive supports trim.  Mine doesn't.  But I suspect the drive will be running strong long after the sata interface is as legacy as usb 1.0


51
Hardware / Re: Is this setup going to work without any errors?
« on: December 07, 2017, 12:03:35 pm »
My experience with design temperatures....

CPUs with design temperatures of 100c start throttling at 70c.

People can say they do not, but I've never had a chip with a t-junction of 100c make it beyond 80c before my computer turned into a snail.

52
Feedback / Re: Share your pfSense stories!
« on: December 04, 2017, 07:49:35 am »
I began using pfsense for a few reasons.  Basically, it appeared to me that the normal verizon actiontech routers were purposely designed to allow anyone to crack the wifi and access the router remotely. 

The other major reason was that the ISP provided router did a horrible job with managing static DHCP and seemed to leave ports opened by u-pnp open forever. 

Also, as mentioned previously pfsense can be provisioned with an enormous state table.

After using it, I also really liked all of the added features such as VPN. 

It does what it is supposed to do very reliably and has been doing so for many years now.

53
IDS/IPS / Re: Suricata not dropping any traffic
« on: December 03, 2017, 02:35:44 am »
I didn't know that method existed.  My way is based on brute force and ignorance.  It the short way works, I'd use that.

54
Hardware / Re: Is this setup going to work without any errors?
« on: December 02, 2017, 10:47:53 am »
Anything sold in the pfsense store, starting with the SG-1000, can probably handle your needs.  Its not expensive.

However, you would also have a very hard time finding a used desktop machine made after 2012 that couldn't handle this.

55
Hardware / Re: Is this setup going to work without any errors?
« on: December 02, 2017, 10:43:32 am »
You can do it for $50 probably.  No more than $100.
Your SSD will be the most expensive thing you "need", and honestly...   You probably don't "Need" an SSD. 

AES-NI capable CPUs from 2012 and forward can handle this and can be found very cheap.  Almost free. 

Just get a couple of good and cheap intel network cards.  I can easily saturate a 60/60 connection with a AMD x4200 dual core processor.  And thats really old junk.

Or you could buy the netgate $150 machine.  That also works.

56
Hardware / Re: Is this setup going to work without any errors?
« on: December 02, 2017, 08:46:11 am »
Most people like to see if they can make their pfsense be about the same form factor as your average consumer router and run forever on 5w or so.

I'm with Grimson.

I like being able to easily pull and replace components and I don't like to wrestle with space, so I use cases that will fit just about any hardware.

I'm not too concerned with space or power requirements.  Just reliability. 

Everyone is different.  Depends on your wants and needs.

If you are like me, you can build a very nice and reliable pfsense using parts that people might pay you to cart away for them. 

Note - Bandwidth, throughput expectations and pps are a concern.  Extremely fast connections and some packages may require faster / newer hardware. 

57
Why should netflix work and amazon not?  That is fairly backwards

58
Swatting flies with cannons?

59
Yes - It is very odd that netflix would work but not amazon.  Its probably a simple fix.  We can see after you post your final configuration. 

This could be a DNS issue.  You might want to find out if your VPN provider has their own dedicated reliable DNS IP and use that. 

The problem I have with 8.8.8.8 and 8.8.4.4 is those can connect you to many different servers depending on your location.

In my laptop off the VPN from Manila when I ping 8.8.8.8, its 30ms

When in my vpn I use my remote pfsense LAN IP as my DNS server IP.  When I ping that IP, it shows about 250ms.  Far away as it should be.

When I ping 8.8.8.8 in the vpn, again over 250ms.  So, it is being tunneled properly.

We might want to do that test with you to be sure that the DNS servers you are connecting to are physically in the USA and not close by.

Could be something else though.  Not sure.  Its strange. 


60
I looked into that, of course, but it was very automatic.  Anything I'd have wanted to add was already there.

Pages: 1 2 3 [4] 5 6 7 8 ... 332