Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Pages: 1 [2]

Author Topic: Yet Another pfSense Build!  (Read 797 times)

displaced

  • Member
  • **
  • Posts: 84
Re: Yet Another pfSense Build!
« Reply #15 on: February 08, 2017, 11:20:49 AM »

Interestingly, my Amazon order's showing tracking info which reads:

"Parcel has been handed over to the carrier and is in transit - NL".  So it seems my order's coming from the Netherlands too.  That might explain why my delivery charge was lower than that currently showing on the site, too.

...and with a bit of luck, perhaps I'll be getting it sooner than I'd prepared for!
Logged
Vodafone Landline+Fibre: Huawei HG612 modem with AirPort 802.11ac.  50/10 sync, Huawei DSLAM. GigE home LAN with Netgear ProSafe switches. Mac, FreeBSD and Win10.

displaced

  • Member
  • **
  • Posts: 84
Re: Yet Another pfSense Build!
« Reply #16 on: February 11, 2017, 11:34:13 AM »

I got impatient and set up pfSense in a VirtualBox VM on my MicroServer. 

I've shifted DHCP and DNS from the FreeBSD installation on the MicroServer itself over to the pfSense VM.

I like the presentation of active DHCP leases -- much better than the script I'd bodged together as a Webmin custom command.  DNS updating from the DHCP server was really simple to set up too. 

I need to figure out a way to override a DNS entry for a specific host.  I use PlexConnect to get my Plex library on my 3rd Gen Apple TV.  This works by redirecting DNS lookups for trailers.apple.com to the IP of my Plex server.  On my previous setup, I'd configured PowerDNS to perform this override only for the Apple TV and not for other clients. 

I'm toying with the idea of moving PPPoE and Gateway duties over from my Airport router to the pfSense box.  But I don't want to overwork the VM.  So perhaps I'll need to learn some patience!
Logged
Vodafone Landline+Fibre: Huawei HG612 modem with AirPort 802.11ac.  50/10 sync, Huawei DSLAM. GigE home LAN with Netgear ProSafe switches. Mac, FreeBSD and Win10.

Dray

  • Kitizen
  • ****
  • Posts: 1952
Re: Yet Another pfSense Build!
« Reply #17 on: February 11, 2017, 03:58:33 PM »

A simple way is to make it a static mapping then you can select which DNS servers to use for that device
Logged

displaced

  • Member
  • **
  • Posts: 84
Re: Yet Another pfSense Build!
« Reply #18 on: February 11, 2017, 04:02:37 PM »

A simple way is to make it a static mapping then you can select which DNS servers to use for that device

I've ended up doing just that!  My old DNS server (PowerDNS) allowed custom python scripts which could examine the client IP and the queried host/domain, then decide to return a different IP if needed.  That's perfect, since it meant my Apple TV resolved 'trailers.apple.com' to my internal machine, but all other hosts would resolve it as normal.

The 'unbound' DNS resolver in pfSense can do the same, but the feature isn't compiled in to the version pfSense includes.  So I'll stick a version of unbound on my MicroServer that supports those scripts, write one, then use a static lease in pfSense to tell my Apple TV to use that as its DNS server. 

Working on it now :)
Logged
Vodafone Landline+Fibre: Huawei HG612 modem with AirPort 802.11ac.  50/10 sync, Huawei DSLAM. GigE home LAN with Netgear ProSafe switches. Mac, FreeBSD and Win10.

displaced

  • Member
  • **
  • Posts: 84
Re: Yet Another pfSense Build!
« Reply #19 on: February 16, 2017, 11:24:24 PM »

Well, I got twitchy waiting for the hardware so I went ahead and made the pfSense virtual machine my network's gateway.  It's running fine!

My former router, the an AirPort 802.11ac is now running as just an access point.  I also went through the procedure to get stats from the HG612 on the same port as internet access.  The HG612 config change and the pfSense outbound NAT config worked fine.  My internal LAN is on 192.168.50.0/24, with pfSense and the modem forming a 2-host subnet at 10.0.50.0/30.  So that's an ethernet run I can remove from the modem to the lounge!

We had a brief power outage yesterday - a bulb blew that, for some reason, tripped the main breaker rather than just the lighting circuit. So I'm back to my 'normal' sync speed.  Still, with a bit of luck, the upcoming 3dB SNRM profile will boost it a bit.

I'm enjoying the ability to see what traffic's getting blocked, and to see which devices are opening ports via NAT-PMP and uPNP.  There's actually far fewer such ports than I'd expected -- I'm particularly surprised that my Nest Thermostat doesn't open itself up to the internet.  It's pretty much just my Plex server, my consoles and PC games (well, to be honest, only tested Elite Dangerous as that's all I'm playing these days!).

So all that's left is for the actual machine to arrive!  Next Wednesday appears to be the day...
Logged
Vodafone Landline+Fibre: Huawei HG612 modem with AirPort 802.11ac.  50/10 sync, Huawei DSLAM. GigE home LAN with Netgear ProSafe switches. Mac, FreeBSD and Win10.

nallar

  • Just arrived
  • *
  • Posts: 12
    • Smokeping
Re: Yet Another pfSense Build!
« Reply #20 on: February 17, 2017, 12:21:36 AM »

Have you considered putting your networking gear on a UPS? It's nice to continue using the internet during power outages (or accidents :)).
Logged
Virgin Media cable, A&A and Sky DSL. pfSense router.

displaced

  • Member
  • **
  • Posts: 84
Re: Yet Another pfSense Build!
« Reply #21 on: February 17, 2017, 07:58:35 AM »

I'll get there eventually!

Originally I had the modem in the hall, the Airport router doing pppoe in the lounge and my dhcp/dns server under the stairs, so a UPS would be tricky.

The modem's now power-over-Ethernet'd so it's powered from under the stairs and soon I'll have the pfSense box in the same place.  Once it's all set up there, I'll get a UPS 😄
Logged
Vodafone Landline+Fibre: Huawei HG612 modem with AirPort 802.11ac.  50/10 sync, Huawei DSLAM. GigE home LAN with Netgear ProSafe switches. Mac, FreeBSD and Win10.

displaced

  • Member
  • **
  • Posts: 84
Re: Yet Another pfSense Build!
« Reply #22 on: February 21, 2017, 01:49:57 PM »

Hmm.  It looked like the Qotom machine would arrive tomorrow... but the UPS tracking has taken a strange direction: Eastwards.

After leaving the Netherlands, it arrived just inside Germany.  It's now travelled as far as Nurnberg and is leaving central Germany, heading towards Austria.

Last time I checked, I didn't live in Austria.

I'm hoping Qotom had a fat-finger moment when sending me my tracking number and I'm just looking at the wrong parcel.  The delivery address showing against the order on Amazon's correct. 

Anyway, a bit more on pfSense running as a VM...

It's been handling my day-to-day traffic superbly.  Dynamic DNS for my hostname and HE.net IPv6 tunnel are working fine.  Interestingly, pfSense's gateway monitor shows my IPv6 tunnel gateway as responding faster than the 'parent' IPv4 link to my ISP.  (~9-10ms for the ISP, 7-9ms for HE.net IPv6).  I'm wondering if ICMPv6 pings are quicker/more efficient than v4 ones.

Logged
Vodafone Landline+Fibre: Huawei HG612 modem with AirPort 802.11ac.  50/10 sync, Huawei DSLAM. GigE home LAN with Netgear ProSafe switches. Mac, FreeBSD and Win10.

nallar

  • Just arrived
  • *
  • Posts: 12
    • Smokeping
Re: Yet Another pfSense Build!
« Reply #23 on: February 21, 2017, 02:16:28 PM »

It's been handling my day-to-day traffic superbly.  Dynamic DNS for my hostname and HE.net IPv6 tunnel are working fine.  Interestingly, pfSense's gateway monitor shows my IPv6 tunnel gateway as responding faster than the 'parent' IPv4 link to my ISP.  (~9-10ms for the ISP, 7-9ms for HE.net IPv6).  I'm wondering if ICMPv6 pings are quicker/more efficient than v4 ones.

This typically occurs when the ICMP ping replies from your gateway are handled by a low priority software process, but packets routed further on are handled with hardware acceleration.
Logged
Virgin Media cable, A&A and Sky DSL. pfSense router.

displaced

  • Member
  • **
  • Posts: 84
Re: Yet Another pfSense Build!
« Reply #24 on: February 22, 2017, 03:22:31 PM »

Thanks -- that makes sense!

Well, the Qotom box arrived today at work.  Quickly opened it up to fit the mSATA SSD and RAM and stuck it in my bag to take home tonight.  With a bit of luck it'll be up and running later.

Just in time too.  My virtual pfSense installation froze yesterday with a load of 'achi0 timeout' errors.  Seems I pushed the lil' N40L a bit too hard and the VM wasn't able to read/write to disk quick enough to prevent the guest OS from seeing timeouts.

I'll run the physical pfSense box for a couple of days and check CPU/disk load before deciding on things like Snort and ntopng.
Logged
Vodafone Landline+Fibre: Huawei HG612 modem with AirPort 802.11ac.  50/10 sync, Huawei DSLAM. GigE home LAN with Netgear ProSafe switches. Mac, FreeBSD and Win10.

displaced

  • Member
  • **
  • Posts: 84
Re: Yet Another pfSense Build!
« Reply #25 on: February 22, 2017, 10:46:42 PM »

Well, that was a bit of a let-down!

The box itself is great!  The RAM I'd bought, however, is not.

I tried installing pfSense and was getting all kinds of weird crashes during the installer's boot process.  Crash dumps, kernel panics, the lot.

I tried a few flash drives and re-wrote the image files from my PC and my Mac.  Each time it seemed to crash in some different spectacular way.  Eventually I found my high-quality Patriot flash drive and it still failed. 

So then I wrote a memtest86 installation to a flash drive and booted that up.  RAM errors galore.

I've got another stick arriving tomorrow, so hopefully I'll have more luck then.  In 25+ years of building PCs I've never had a bad DIMM (or even SIMM back in the day!).  I suppose it was about time!

Still, here's a quick mini-review of the Qotom box:

It's solid.  Really solid.  The fully-metal case is great.  I checked the PSU with my multimeter and the voltage was spot-on.  The mounting bracket, designed to attach to the VESA mount on the back of a monitor, is a great idea.  The computer comes with four metal stand-off screws which you screw into the base of the PC.  These stand-offs have a little 'nub' at the top that slot into four keyholes in the bracket.  So the machine is easily attached and detached from it.  I'm planning on screwing the mount to the inside wall of the cupboard under the stairs, alongside a gigabit switch and a multi-way mains extension.  The bracket will also provide a nice bit of airflow underneath the case.

I had a nose around the American Megatrends BIOS.  Seems to have all the requisite weirdly-named knobs to twiddle.

The USB ports are rather close to each other.  So if you've got a chunky flash drive, you'll need a USB extension cable to fit it in beside the keyboard plug.

The power button doubles as a power LED in the usual retina-searing blue.  There's also a green power LED on the other side of the machine which is a bit calmer.

One last point on disassembly: You only need to undo the four screws on the bottom, NOT the four on the sides.  If you do all eight, it rapidly disassembles itself into lots of pieces and you need at least two-and-a-half hands free to keep everything lined-up to get it back together again.

So, until tomorrow!
Logged
Vodafone Landline+Fibre: Huawei HG612 modem with AirPort 802.11ac.  50/10 sync, Huawei DSLAM. GigE home LAN with Netgear ProSafe switches. Mac, FreeBSD and Win10.

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 1972
Re: Yet Another pfSense Build!
« Reply #26 on: February 22, 2017, 10:54:52 PM »

It's a great little box isn't it, I also took the wrong screws out.
Logged

displaced

  • Member
  • **
  • Posts: 84
Re: Yet Another pfSense Build!
« Reply #27 on: February 23, 2017, 09:31:19 PM »

It is indeed.

And, IT'S ALIVE!

Replacement RAM did the trick.  pfSense installed fine, then I backed up the config from my VM-based pfSense and restored it to the physical box.

It was nice to see that the interface names in pfSense matched those printed on the case - so LAN1-4 are interfaces em0-3. 

The config restoration got most things right.  It did lose the PPPoE login info and the interface for the modem stats.  Easy fixes though.

I've installed ntopng, but reduced the data retention periods to a max. of 30 days.  CPU and RAM usage are pleasantly low.

I'm looking forward to pfSense 2.4's introduction of ZFS.  I've got a 12TB ZFS pool on my Microserver (6x4TB drives arranged as 3 two-disk mirrors) and have been really impressed with how it tolerates all kinds of bad events (power cuts, failing/failed disks). 

I'll get it properly installed over the weekend, but pretty happy with it so far!
Logged
Vodafone Landline+Fibre: Huawei HG612 modem with AirPort 802.11ac.  50/10 sync, Huawei DSLAM. GigE home LAN with Netgear ProSafe switches. Mac, FreeBSD and Win10.
Pages: 1 [2]
 

anything