- Joined
- Aug 19, 2008
- Location
- Tn
Does anyone use it. I have it installed but it's just plain with no add-ons. All the guides I've found are outdated. Any have some tips? A guide they cab point me to?
-
Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!
pfSense questions
- Thread starter OGMCVilleTC
- Start date
- Joined
- May 15, 2006
Can I move the thread for you? Not sure if you have the ability here.
pfSense is very easy to setup. After the install, it asks you to map the network connections, so you will want a WAN and LAN connection. From there, you can get to the graphical configuration through your browser.
pfSense is very easy to setup. After the install, it asks you to map the network connections, so you will want a WAN and LAN connection. From there, you can get to the graphical configuration through your browser.
- Joined
- May 15, 2006
You can look through your created threads, but I don't see one. I'll move the thread in a second.
- Joined
- Nov 10, 2005
I'd keep the nighthawk unless you really need the cash since it has good throughput and AC wireless. Make sure it's not running DHCP or firewalling and connect it to the pfsense box on the lan side directly or though a switch.
I just setup pfsense recently also and I'm liking it so far over the smoothwall setup I had previously. The basic configuration is pretty easy to work with. I'd suggest saving your config XML and then look at the traffic shaper options if you want to use QoS - start with the wizards (in PRIQ mode unless you really know what you're doing with it) and then you can add or modify queue rules from there. Port forwarding like for BT/SFTP can be added from the Firewall>NAT menu and you can add them to queues in Firewall>Rules. If you want to set up static DHCP leases like for a printer or NAS you can do that through Services>DHCP.
I don't have many services running on top of the basic stuff other than Squid, Snort, Darkstat, and PFBlocker. Squid's easy to use if you want a transparent web proxy, Darkstat gives you more per-IP bandwidth information, and PFBlocker and Snort can integrate IPBlocklist rules along with Snort IDS rules for automatic blocking, but they're a little harder to use and require hands-on setup. For example, Snort can protect against various types of bad traffic but the default http_inspect rules can block normal websites that just happen to be coded poorly, and PFBlocker_NG can protect against various spammers and such but it can also accidentally block stuff like twitch from connecting (IE: if you use the ads rulelist and deny both directions instead of incoming connections).
Pfsense and SSDs don't really get along as far as I know but you could do what I did and install a second copy on another HDD and just load the XML from your current install. I left the second drive in so if this one ever goes down I can just connect the drive and be ready to go in minutes. I've got WAN and LAN interfaces running though a dual-port PCI-E 4x gigabit Intel card (Amazon for ~$30) and I left the motherboard connection in case I want to setup a guest network or something.
Did you have anything specific you needed help with?
I just setup pfsense recently also and I'm liking it so far over the smoothwall setup I had previously. The basic configuration is pretty easy to work with. I'd suggest saving your config XML and then look at the traffic shaper options if you want to use QoS - start with the wizards (in PRIQ mode unless you really know what you're doing with it) and then you can add or modify queue rules from there. Port forwarding like for BT/SFTP can be added from the Firewall>NAT menu and you can add them to queues in Firewall>Rules. If you want to set up static DHCP leases like for a printer or NAS you can do that through Services>DHCP.
I don't have many services running on top of the basic stuff other than Squid, Snort, Darkstat, and PFBlocker. Squid's easy to use if you want a transparent web proxy, Darkstat gives you more per-IP bandwidth information, and PFBlocker and Snort can integrate IPBlocklist rules along with Snort IDS rules for automatic blocking, but they're a little harder to use and require hands-on setup. For example, Snort can protect against various types of bad traffic but the default http_inspect rules can block normal websites that just happen to be coded poorly, and PFBlocker_NG can protect against various spammers and such but it can also accidentally block stuff like twitch from connecting (IE: if you use the ads rulelist and deny both directions instead of incoming connections).
Pfsense and SSDs don't really get along as far as I know but you could do what I did and install a second copy on another HDD and just load the XML from your current install. I left the second drive in so if this one ever goes down I can just connect the drive and be ready to go in minutes. I've got WAN and LAN interfaces running though a dual-port PCI-E 4x gigabit Intel card (Amazon for ~$30) and I left the motherboard connection in case I want to setup a guest network or something.
Did you have anything specific you needed help with?
Last edited:
OP
- Joined
- Aug 19, 2008
- Location
- Tn
- Thread Starter
- #8
Nothing specific really. Just some pointers on what would be some good add-ons or standard practices. I'm by far not a network genius and three options were a little overwhelming. Thanks for the input. I'm trying to find time now to setup some if the mentioned add-ons.
- Joined
- Nov 10, 2005
Squid's an easy one out of those. Also Darkstat.
For squid you can allocate a little more HDD/RAM space if you want though I'd start with a cache of around 3gb if you can. I gave mine 512mb of RAM and raised the minimum cached data sizes a bit. There's a more advanced squid addon that caches youtube but I couldn't get it to work without killing the internet.
For squid you can allocate a little more HDD/RAM space if you want though I'd start with a cache of around 3gb if you can. I gave mine 512mb of RAM and raised the minimum cached data sizes a bit. There's a more advanced squid addon that caches youtube but I couldn't get it to work without killing the internet.
