Jump to content

Welcome to ExtremeHW

Welcome to ExtremeHW, register to take part in our community, don't worry this is a simple FREE process that requires minimal information for you to signup.

 

Registered users can: 

  • Start new topics and reply to others.
  • Show off your PC using our Rig Creator feature.
  • Subscribe to topics and forums to get updates.
  • Get your own profile page to customize.
  • Send personal messages to other members.
  • Take advantage of site exclusive features.
  • Upgrade to Premium to unlock additional sites features.
IGNORED

the pfense club


Recommended Posts

2 hours ago, tictoc said:

I haven't used OPNSense with 10G routing, so I can't say for sure, but a 4790k should be able to get good throughput.  You might need to do some tuning, but a 4790k should be a pretty good all-around performer.  If you need a little more juice, didn't ASUS unlock OC'ing on the H81 boards?  Either way that CPU should be able to handle what you want to do.  I might know a guy, that knows a guy, with a delidded 4790k sitting on a shelf. :scared_animatedfear:

 

How about a 4c/8t 3770K or a 4c/8t 6700K for 10G ? I have a 4790K, but in use on another Linux setup

Owned

 Share

CPU: CPU: ><.......7950X3D - Aorus X670E Master - 48GB DDR5 7200 (8000) TridentZ SK Hynix - Giga-G-OC/Galax RTX 4090 670W - LG 48 OLED - 4TB NVMEs >< .......5950X - Asus CH 8 Dark Hero - 32GB CL13 DDR4 4000 - AMD R 6900XT 500W - Philips BDM40 4K VA - 2TB NVME & 3TB SSDs >> - <<.......4.4 TR 2950X - MSI X399 Creation - 32 GB CL 14 3866 - Asus RTX 3090 Strix OC/KPin 520W and 2x RTX 2080 Ti Gigabyte XTR WF WB 380W - LG 55 IPS HDR - 1TB NVME & 4TB SSDs
Full Rig Info
Link to comment
Share on other sites

On 09/08/2021 at 07:58, ENTERPRISE said:

 

Let's make the assumption I may beef to 10Gbps, What sort of CPU are we talking ? The motherboard I have is a Asus H81M-K whichever CPU it ends up being it would need i-gpu support. With it being a 4th gen CPU and likely fairly cheap, might be able to go for the top one it supports lol. (Intel 4790K)


Again, I'm no networking expert..... 🙂

I am using an Asus B85M-G CSM/SI motherboard with an i5 4590T 35w quad core, which I was led to believe is Devil's Canyon.  I figured if it is on 24/7, lower wattage is better.  I also figured since people quite literally run routers on Atom based systems, an i5 of any generation is probably more than enough.  I have your "standard home network" for the most part.  Couple of streaming boxes, a couple computers, couple phones.  The basics.  Using a VPN now too though.  My system under heavy network traffic load sees like 10% load.  I'm barely using 1GB of RAM out of my 8 I think.  And I'm using like 2-3GB of storage if that.  99% of the time, the system just sits there.  My NAS sees a lot worse loads than the router does, that's for sure.

My advice of a non expert?  Go for something with decent performance in the last decade, but something as low power as you're willing to go (without sacrificing performance).  It is an always on device afterall.  4490T's are still cheap, about the price of a 4770 non K.  No HT......but do you really need HT for a router replacement when consumer routers run on what, ARM processors?  If there's any special instruction sets needed, I couldn't tell you that one.  You said you have an i3 right?  Try it out!  Your i3 you already have is free and at least its lower power than the i7 4790.  Not being one of those energy conservative types by any means, but a router isn't exactly a place that needs a huge overclocked i7 / i9 / Ryzen.

Look forward to your build regardless! 🙂  

EDIT:
Forgot to mention too, my networking needs aren't necessarily the same as the next person's (obviously).  I'm perfectly fine on 10/100/1000 for my router since the router doesn't necessarily need to affect the rest of the local network.

Edited by pioneerisloud
  • Thanks 1
Link to comment
Share on other sites

7 hours ago, pioneerisloud said:


Again, I'm no networking expert..... 🙂

I am using an Asus B85M-G CSM/SI motherboard with an i5 4590T 35w quad core, which I was led to believe is Devil's Canyon.  I figured if it is on 24/7, lower wattage is better.  I also figured since people quite literally run routers on Atom based systems, an i5 of any generation is probably more than enough.  I have your "standard home network" for the most part.  Couple of streaming boxes, a couple computers, couple phones.  The basics.  Using a VPN now too though.  My system under heavy network traffic load sees like 10% load.  I'm barely using 1GB of RAM out of my 8 I think.  And I'm using like 2-3GB of storage if that.  99% of the time, the system just sits there.  My NAS sees a lot worse loads than the router does, that's for sure.

My advice of a non expert?  Go for something with decent performance in the last decade, but something as low power as you're willing to go (without sacrificing performance).  It is an always on device afterall.  4490T's are still cheap, about the price of a 4770 non K.  No HT......but do you really need HT for a router replacement when consumer routers run on what, ARM processors?  If there's any special instruction sets needed, I couldn't tell you that one.  You said you have an i3 right?  Try it out!  Your i3 you already have is free and at least its lower power than the i7 4790.  Not being one of those energy conservative types by any means, but a router isn't exactly a place that needs a huge overclocked i7 / i9 / Ryzen.

Look forward to your build regardless! 🙂  

EDIT:
Forgot to mention too, my networking needs aren't necessarily the same as the next person's (obviously).  I'm perfectly fine on 10/100/1000 for my router since the router doesn't necessarily need to affect the rest of the local network.

That gives a great in sight. May try with the i3 first to see what I get !

  • Thanks 1

£3000

Owned

 Share

CPU: AMD Ryzen 9 7950X3D
MOTHERBOARD: MSI Meg Ace X670E
RAM: Corsair Dominator Titanium 64GB (6000MT/s)
GPU: EVGA 3090 FTW Ultra Gaming
SSD/NVME: Corsair MP700 Pro SE Gen 5 4TB
PSU: EVGA Supernova T2 1600Watt
CASE: be quiet Dark Base Pro 900 Rev 2
FANS: Noctua NF-A14 industrialPPC x 6
Full Rig Info

Owned

 Share

CPU: Intel Core i5 8500
RAM: 16GB (2x8GB) Kingston 2666Mhz
SSD/NVME: 256GB Samsung NVMe
NETWORK: HP 561T 10Gbe (Intel X540 T2)
MOTHERBOARD: Proprietry
GPU: Intel UHD Graphics 630
PSU: 90Watt
CASE: HP EliteDesk 800 G4 SFF
Full Rig Info

£3000

Owned

 Share

CPU: 2 x Xeon|E5-2696-V4 (44C/88T)
RAM: 128GB|16 x 8GB - DDR4 2400MHz (2Rx8)
MOTHERBOARD: HP Z840|Intel C612 Chipset
GPU: Nvidia Quadro P2200
HDD: 4x 16TB Toshiba MG08ACA16TE Enterprise
SSD/NVME: Intel 512GB 670p NVMe (Main OS)
SSD/NVME 2: 2x WD RED 1TB NVMe (VM's)
SSD/NVME 3: 2x Seagate FireCuda 1TB SSD's (Apps)
Full Rig Info
Link to comment
Share on other sites

So I purchased a few upgrades for this Pfense/Opensense rig.

 

Decided to go with a lower power consumption CPU, the Core i7 4875T. Pairing it with 8GB DDR3 and a Noctua NH-L9X65 cooler. 

 

Will get it together soon.

  • Thanks 1

£3000

Owned

 Share

CPU: AMD Ryzen 9 7950X3D
MOTHERBOARD: MSI Meg Ace X670E
RAM: Corsair Dominator Titanium 64GB (6000MT/s)
GPU: EVGA 3090 FTW Ultra Gaming
SSD/NVME: Corsair MP700 Pro SE Gen 5 4TB
PSU: EVGA Supernova T2 1600Watt
CASE: be quiet Dark Base Pro 900 Rev 2
FANS: Noctua NF-A14 industrialPPC x 6
Full Rig Info

Owned

 Share

CPU: Intel Core i5 8500
RAM: 16GB (2x8GB) Kingston 2666Mhz
SSD/NVME: 256GB Samsung NVMe
NETWORK: HP 561T 10Gbe (Intel X540 T2)
MOTHERBOARD: Proprietry
GPU: Intel UHD Graphics 630
PSU: 90Watt
CASE: HP EliteDesk 800 G4 SFF
Full Rig Info

£3000

Owned

 Share

CPU: 2 x Xeon|E5-2696-V4 (44C/88T)
RAM: 128GB|16 x 8GB - DDR4 2400MHz (2Rx8)
MOTHERBOARD: HP Z840|Intel C612 Chipset
GPU: Nvidia Quadro P2200
HDD: 4x 16TB Toshiba MG08ACA16TE Enterprise
SSD/NVME: Intel 512GB 670p NVMe (Main OS)
SSD/NVME 2: 2x WD RED 1TB NVMe (VM's)
SSD/NVME 3: 2x Seagate FireCuda 1TB SSD's (Apps)
Full Rig Info
Link to comment
Share on other sites

3 hours ago, ENTERPRISE said:

So I purchased a few upgrades for this Pfense/Opensense rig.

 

Decided to go with a lower power consumption CPU, the Core i7 4875T. Pairing it with 8GB DDR3 and a Noctua NH-L9X65 cooler. 

 

Will get it together soon.

I didn't know they made i7 "T" versions.  I thought they were only for the i3.  I might have gotten an i7 instead of the i3-6100T...not that I need it.  The i3 is usually hovering at 1% CPU usage.

Link to comment
Share on other sites

4 hours ago, Diffident said:

I didn't know they made i7 "T" versions.  I thought they were only for the i3.  I might have gotten an i7 instead of the i3-6100T...not that I need it.  The i3 is usually hovering at 1% CPU usage.

I didn't either. I only spotted it after looking at the full list of CPU's my mobo will support. Sometimes that is a good way to spot unknown CPU's apparently 😛

  • Thanks 1

£3000

Owned

 Share

CPU: AMD Ryzen 9 7950X3D
MOTHERBOARD: MSI Meg Ace X670E
RAM: Corsair Dominator Titanium 64GB (6000MT/s)
GPU: EVGA 3090 FTW Ultra Gaming
SSD/NVME: Corsair MP700 Pro SE Gen 5 4TB
PSU: EVGA Supernova T2 1600Watt
CASE: be quiet Dark Base Pro 900 Rev 2
FANS: Noctua NF-A14 industrialPPC x 6
Full Rig Info

Owned

 Share

CPU: Intel Core i5 8500
RAM: 16GB (2x8GB) Kingston 2666Mhz
SSD/NVME: 256GB Samsung NVMe
NETWORK: HP 561T 10Gbe (Intel X540 T2)
MOTHERBOARD: Proprietry
GPU: Intel UHD Graphics 630
PSU: 90Watt
CASE: HP EliteDesk 800 G4 SFF
Full Rig Info

£3000

Owned

 Share

CPU: 2 x Xeon|E5-2696-V4 (44C/88T)
RAM: 128GB|16 x 8GB - DDR4 2400MHz (2Rx8)
MOTHERBOARD: HP Z840|Intel C612 Chipset
GPU: Nvidia Quadro P2200
HDD: 4x 16TB Toshiba MG08ACA16TE Enterprise
SSD/NVME: Intel 512GB 670p NVMe (Main OS)
SSD/NVME 2: 2x WD RED 1TB NVMe (VM's)
SSD/NVME 3: 2x Seagate FireCuda 1TB SSD's (Apps)
Full Rig Info
Link to comment
Share on other sites

26 minutes ago, ENTERPRISE said:

I didn't either. I only spotted it after looking at the full list of CPU's my mobo will support. Sometimes that is a good way to spot unknown CPU's apparently 😛

Honestly was a fantastic find.  Had I known about a 35w i7 with HT, I'd have bought that same CPU myself lol.  Didn't even know that SKU existed.

Link to comment
Share on other sites

13 hours ago, pioneerisloud said:

Honestly was a fantastic find.  Had I known about a 35w i7 with HT, I'd have bought that same CPU myself lol.  Didn't even know that SKU existed.

 

Good find, but short lived as it arrived FUBAR, so it is going back for a refund. Gouge out of the top and likely thermal paste on the contacts...thermal paste no big deal, but bugger the gouge.

 

 

605775587_BadCPU.thumb.jpg.3bc523cd0078740bcfdad16866c51505.jpg

 

2146727787_BadCPU2.thumb.jpg.f193e46e1df329784c20081ae730bb25.jpg

 

So likely will go for something a little faster while only 10Watts extra, the Intel® Xeon® Processor E3-1240L v3

£3000

Owned

 Share

CPU: AMD Ryzen 9 7950X3D
MOTHERBOARD: MSI Meg Ace X670E
RAM: Corsair Dominator Titanium 64GB (6000MT/s)
GPU: EVGA 3090 FTW Ultra Gaming
SSD/NVME: Corsair MP700 Pro SE Gen 5 4TB
PSU: EVGA Supernova T2 1600Watt
CASE: be quiet Dark Base Pro 900 Rev 2
FANS: Noctua NF-A14 industrialPPC x 6
Full Rig Info

Owned

 Share

CPU: Intel Core i5 8500
RAM: 16GB (2x8GB) Kingston 2666Mhz
SSD/NVME: 256GB Samsung NVMe
NETWORK: HP 561T 10Gbe (Intel X540 T2)
MOTHERBOARD: Proprietry
GPU: Intel UHD Graphics 630
PSU: 90Watt
CASE: HP EliteDesk 800 G4 SFF
Full Rig Info

£3000

Owned

 Share

CPU: 2 x Xeon|E5-2696-V4 (44C/88T)
RAM: 128GB|16 x 8GB - DDR4 2400MHz (2Rx8)
MOTHERBOARD: HP Z840|Intel C612 Chipset
GPU: Nvidia Quadro P2200
HDD: 4x 16TB Toshiba MG08ACA16TE Enterprise
SSD/NVME: Intel 512GB 670p NVMe (Main OS)
SSD/NVME 2: 2x WD RED 1TB NVMe (VM's)
SSD/NVME 3: 2x Seagate FireCuda 1TB SSD's (Apps)
Full Rig Info
Link to comment
Share on other sites

biggest pull for T series SKUs over non-T is that Intel drops the minimum multiplier from 8x to 4x. No idea on Xeons though. 

  • Thanks 1

1337.69

Owned

 Share

CPU: Intel i9 10900K @ 51/47 1.26v
MOTHERBOARD: Asus Z590 Maximus XIII Hero
RAM: G.Skill DDR4-4266 CL17 32GB @ 4300 15-16-16-35 2T 1.55v
GPU: Gigabyte Aorus Master RTX 3080 Ti
SSD/NVME: Team Group MP34 4TB NVMe + WD Blue 4TB SATA SSD
CPU COOLER: Arctic Liquid Freezer II 360 + Noctua iPPC 3000
PSU: Super Flower Leadex Titanium 1000W
CASE: Fractal Design Meshify S2
Full Rig Info

420.42

Owned

 Share

CPU: Intel i7 8700K @ 47/43 1.22v
MOTHERBOARD: Asrock Z390 Taichi
RAM: Corsair LPX DDR4-3000 CL16 64GB @ 3200 16-20-20-38 1T 1.35v
SSD/NVME: SN850 1TB + HP EX950 2TB + SX8200 2TB NVMe
HDD: 4x Seagate Exos X16 14TB
OPERATING SYSTEM: Windows Server 2022 Datacenter
OTHER: LSI Logic 9207-8i
NETWORK: Intel X540 10 GbE
Full Rig Info

$600

Owned

 Share

CPU: Ryzen 7 5825U
MOTHERBOARD: SFX14-42G-R607
RAM: 16GB LPDDR4-4266
SSD/NVME: SK Hynix P31 Gold 2TB M.2 NVME
SSD/NVME 2: Samsung PM991a 512GB M.2 NVME
GPU: NVIDIA RTX 3050 Ti 4GB 35W @ 55W
OPERATING SYSTEM: Windows 10 Enterprise LTSC 2021
OPERATING SYSTEM 2: Debian 12.5 KDE
Full Rig Info
Link to comment
Share on other sites

  • 3 months later...

Hey Chaps, 

 

So I am trying to get my pfSense box running. I have pfSense installed and configured the WAN to DHCP. (192.168.1.xxx) and I have my LAN configured to Static (192.168.1.6). Essentially what I am expecting is to plug in the my ISP router into the pfSense WAN port of  and then be able to get internet out of the pfSense LAN port, which I will then connect to my main switch. The issue is that for some reason the internet is not passing through the WAN to LAN on the pfSense box. Any immediate ideas ? I was under the impression that the Firewall auto configures but I am wondering if this is where my problem lays.

 

Thanks !

£3000

Owned

 Share

CPU: AMD Ryzen 9 7950X3D
MOTHERBOARD: MSI Meg Ace X670E
RAM: Corsair Dominator Titanium 64GB (6000MT/s)
GPU: EVGA 3090 FTW Ultra Gaming
SSD/NVME: Corsair MP700 Pro SE Gen 5 4TB
PSU: EVGA Supernova T2 1600Watt
CASE: be quiet Dark Base Pro 900 Rev 2
FANS: Noctua NF-A14 industrialPPC x 6
Full Rig Info

Owned

 Share

CPU: Intel Core i5 8500
RAM: 16GB (2x8GB) Kingston 2666Mhz
SSD/NVME: 256GB Samsung NVMe
NETWORK: HP 561T 10Gbe (Intel X540 T2)
MOTHERBOARD: Proprietry
GPU: Intel UHD Graphics 630
PSU: 90Watt
CASE: HP EliteDesk 800 G4 SFF
Full Rig Info

£3000

Owned

 Share

CPU: 2 x Xeon|E5-2696-V4 (44C/88T)
RAM: 128GB|16 x 8GB - DDR4 2400MHz (2Rx8)
MOTHERBOARD: HP Z840|Intel C612 Chipset
GPU: Nvidia Quadro P2200
HDD: 4x 16TB Toshiba MG08ACA16TE Enterprise
SSD/NVME: Intel 512GB 670p NVMe (Main OS)
SSD/NVME 2: 2x WD RED 1TB NVMe (VM's)
SSD/NVME 3: 2x Seagate FireCuda 1TB SSD's (Apps)
Full Rig Info
Link to comment
Share on other sites

If your ISP router is supplying a private area address such as 192.168.1.xxx then you should turn off routing in your ISP's box to then allow your pfsense WAN port to DHCP your real world IP address. In most ISP modem router combos this would be referred to as bridge mode... or in some cases routed bridge. I've seen it named some odd things in ATT modems, so you may have to refer to your modem's userguide. This would be the correct way to setup the WAN side of your pfsense box for you to have the most control and let pfsense do all of your fire-walling and port forwarding duties. If you pursue this route, disregard what i say next.

 

 

If you just want it to work, so you can play with it and aren't actually looking to replace the duties of your current router/firewall; but make another routed secure firewalled network inside your currently routed and firewalled network then continue on. Know that all clients on the LAN side of the pfsense box will effectively be running through double NAT though, which causes issues for some network services.

 

If your pfsense's WAN port is indeed picking up a 192.168.1.xxx address, then that is the reason things are not working. Your wan network and lan network cannot reside in the same subnet... choose a different subnet for the lan side such as 192.168.2.1. Also, if you choose to run this way then make sure to uncheck the box that says "Block Private Networks" under the WAN interface tab. When you apply that, it will lose connection to the pfsense interface and require you to set a static ip address in that same subnet (192.168.2.xxx) on your client computer you are using to configure the pfsense box so you can reconnect to the interface and setup the DHCP service pool on the LAN interface to now hand out ip addresses in the 192.168.2.xxx range.

 

After that your pfsense LAN clients will be handed the correct addresses again, at this point you can switch your configuration computer back to DHCP from the static ip. Should have full access to the internet and the 192.168.1.xxx network from your LAN on the pfsense... your 192.168.1.xxx network devices will not be able to see your pfsense LAN devices (192.168.2.xxx) as that is how the firewall works.

 

Hope this helps!

Edited by AllenG
Forgot LAN DHCP service stuff.
  • Thanks 1
Link to comment
Share on other sites

7 hours ago, Diffident said:

In Interfaces/LAN, and Interfaces/WAN did you click enable interface at the top?  Also make sure on Interfaces/LAN that neither of the "Reserved Networks" options are enabled.

 

30 minutes ago, AllenG said:

If your ISP router is supplying a private area address such as 192.168.1.xxx then you should turn off routing in your ISP's box to then allow your pfsense WAN port to DHCP your real world IP address. In most ISP modem router combos this would be referred to as bridge mode... or in some cases routed bridge. I've seen it named some odd things in ATT modems, so you may have to refer to your modem's userguide. This would be the correct way to setup the WAN side of your pfsense box for you to have the most control and let pfsense do all of your fire-walling and port forwarding duties. If you pursue this route, disregard what i say next.

 

 

If you just want it to work, so you can play with it and aren't actually looking to replace the duties of your current router/firewall; but make another routed secure firewalled network inside your currently routed and firewalled network then continue on. Know that all clients on the LAN side of the pfsense box will effectively be running through double NAT though, which causes issues for some network services.

 

If your pfsense's WAN port is indeed picking up a 192.168.1.xxx address, then that is the reason things are not working. Your wan network and lan network cannot reside in the same subnet... choose a different subnet for the lan side such as 192.168.2.1. Also, if you choose to run this way then make sure to uncheck the box that says "Block Private Networks" under the WAN interface tab. When you apply that, it will lose connection to the pfsense interface and require you to set a static ip address in that same subnet (192.168.2.xxx) on your client computer you are using to configure the pfsense box so you can reconnect to the interface and setup the DHCP service pool on the LAN interface to now hand out ip addresses in the 192.168.2.xxx range.

 

After that your pfsense LAN clients will be handed the correct addresses again, at this point you can switch your configuration computer back to DHCP from the static ip. Should have full access to the internet and the 192.168.1.xxx network from your LAN on the pfsense... your 192.168.1.xxx network devices will not be able to see your pfsense LAN devices (192.168.2.xxx) as that is how the firewall works.

 

Hope this helps!

 

That is really helpful, thanks guys. I am unsure whether or not I will have the IPS router handle DHCP or if pfSense will do that for my network, will decide on that. I know that I will need to disable routing/firewall on the ISP router for obvious reasons, thanks for reminding me. 

 

As it happened, the SSD in my box died yesterday. It was an old work rig, so I had no idea on the SSD health....now I know. I have a new one coming in today so will re-install and give it another blast !

£3000

Owned

 Share

CPU: AMD Ryzen 9 7950X3D
MOTHERBOARD: MSI Meg Ace X670E
RAM: Corsair Dominator Titanium 64GB (6000MT/s)
GPU: EVGA 3090 FTW Ultra Gaming
SSD/NVME: Corsair MP700 Pro SE Gen 5 4TB
PSU: EVGA Supernova T2 1600Watt
CASE: be quiet Dark Base Pro 900 Rev 2
FANS: Noctua NF-A14 industrialPPC x 6
Full Rig Info

Owned

 Share

CPU: Intel Core i5 8500
RAM: 16GB (2x8GB) Kingston 2666Mhz
SSD/NVME: 256GB Samsung NVMe
NETWORK: HP 561T 10Gbe (Intel X540 T2)
MOTHERBOARD: Proprietry
GPU: Intel UHD Graphics 630
PSU: 90Watt
CASE: HP EliteDesk 800 G4 SFF
Full Rig Info

£3000

Owned

 Share

CPU: 2 x Xeon|E5-2696-V4 (44C/88T)
RAM: 128GB|16 x 8GB - DDR4 2400MHz (2Rx8)
MOTHERBOARD: HP Z840|Intel C612 Chipset
GPU: Nvidia Quadro P2200
HDD: 4x 16TB Toshiba MG08ACA16TE Enterprise
SSD/NVME: Intel 512GB 670p NVMe (Main OS)
SSD/NVME 2: 2x WD RED 1TB NVMe (VM's)
SSD/NVME 3: 2x Seagate FireCuda 1TB SSD's (Apps)
Full Rig Info
Link to comment
Share on other sites

If you disable routing and firewalling on the ISP's box AKA bridge mode, then pfsense will have to handle your DHCP services. That would effectively be going the first route. If you fix the ISP routing issue, then you run pfsense the way it is currently configured.

 

That second half i said to possibly disregard of changing your subnet, and messing with the LAN interfaces DHCP parameters will not be needed if you do go that first route.

Link to comment
Share on other sites

On 23/11/2021 at 07:43, AllenG said:

If your ISP router is supplying a private area address such as 192.168.1.xxx then you should turn off routing in your ISP's box to then allow your pfsense WAN port to DHCP your real world IP address. In most ISP modem router combos this would be referred to as bridge mode... or in some cases routed bridge. I've seen it named some odd things in ATT modems, so you may have to refer to your modem's userguide. This would be the correct way to setup the WAN side of your pfsense box for you to have the most control and let pfsense do all of your fire-walling and port forwarding duties. If you pursue this route, disregard what i say next.

 

 

If you just want it to work, so you can play with it and aren't actually looking to replace the duties of your current router/firewall; but make another routed secure firewalled network inside your currently routed and firewalled network then continue on. Know that all clients on the LAN side of the pfsense box will effectively be running through double NAT though, which causes issues for some network services.

 

If your pfsense's WAN port is indeed picking up a 192.168.1.xxx address, then that is the reason things are not working. Your wan network and lan network cannot reside in the same subnet... choose a different subnet for the lan side such as 192.168.2.1. Also, if you choose to run this way then make sure to uncheck the box that says "Block Private Networks" under the WAN interface tab. When you apply that, it will lose connection to the pfsense interface and require you to set a static ip address in that same subnet (192.168.2.xxx) on your client computer you are using to configure the pfsense box so you can reconnect to the interface and setup the DHCP service pool on the LAN interface to now hand out ip addresses in the 192.168.2.xxx range.

 

After that your pfsense LAN clients will be handed the correct addresses again, at this point you can switch your configuration computer back to DHCP from the static ip. Should have full access to the internet and the 192.168.1.xxx network from your LAN on the pfsense... your 192.168.1.xxx network devices will not be able to see your pfsense LAN devices (192.168.2.xxx) as that is how the firewall works.

 

Hope this helps!

 

On 23/11/2021 at 08:27, AllenG said:

If you disable routing and firewalling on the ISP's box AKA bridge mode, then pfsense will have to handle your DHCP services. That would effectively be going the first route. If you fix the ISP routing issue, then you run pfsense the way it is currently configured.

 

That second half i said to possibly disregard of changing your subnet, and messing with the LAN interfaces DHCP parameters will not be needed if you do go that first route.

 

Does not look like I can get it to work in bridge mode, so will likely have to have a subnet off of it, which is a little bit of a bummer as I will need to adjust a few devices round the house lol. 

 

So far as the Pfsense Firewall, by default how good is it ? Good as the standard ISP firewall ?

£3000

Owned

 Share

CPU: AMD Ryzen 9 7950X3D
MOTHERBOARD: MSI Meg Ace X670E
RAM: Corsair Dominator Titanium 64GB (6000MT/s)
GPU: EVGA 3090 FTW Ultra Gaming
SSD/NVME: Corsair MP700 Pro SE Gen 5 4TB
PSU: EVGA Supernova T2 1600Watt
CASE: be quiet Dark Base Pro 900 Rev 2
FANS: Noctua NF-A14 industrialPPC x 6
Full Rig Info

Owned

 Share

CPU: Intel Core i5 8500
RAM: 16GB (2x8GB) Kingston 2666Mhz
SSD/NVME: 256GB Samsung NVMe
NETWORK: HP 561T 10Gbe (Intel X540 T2)
MOTHERBOARD: Proprietry
GPU: Intel UHD Graphics 630
PSU: 90Watt
CASE: HP EliteDesk 800 G4 SFF
Full Rig Info

£3000

Owned

 Share

CPU: 2 x Xeon|E5-2696-V4 (44C/88T)
RAM: 128GB|16 x 8GB - DDR4 2400MHz (2Rx8)
MOTHERBOARD: HP Z840|Intel C612 Chipset
GPU: Nvidia Quadro P2200
HDD: 4x 16TB Toshiba MG08ACA16TE Enterprise
SSD/NVME: Intel 512GB 670p NVMe (Main OS)
SSD/NVME 2: 2x WD RED 1TB NVMe (VM's)
SSD/NVME 3: 2x Seagate FireCuda 1TB SSD's (Apps)
Full Rig Info
Link to comment
Share on other sites

I've found the pfsense firewall to be pretty robust out of the box, and a little complicated to get working when trying to allow stuff out. If you're decent with firewalls it's probably a no brainer. Again though too, mine is setup differently as I have 2 separate lan's with one going through a VPN. I also use dns. So my stuff is all kind of messed up right now and I gave up lol. 

 

A simple setup like you're trying with yours E, it should be as simple as googling "port forward on opnsense" and following a guide. Again out of the box, it appears pretty robust to me. But I'm also not a network guru either, I just play around with stuff. 

EDIT:
You could also change the subnet on your ISP's router too instead.  If your devices are used to the default say 192.168.1.x address space, you could change your ISP router to 192.168.0.x, and leave the 192.168.1.x to OPNsense instead of changing OPNsense to something different.  

Edited by pioneerisloud
  • Respect 1
Link to comment
Share on other sites

19 hours ago, pioneerisloud said:

I've found the pfsense firewall to be pretty robust out of the box, and a little complicated to get working when trying to allow stuff out. If you're decent with firewalls it's probably a no brainer. Again though too, mine is setup differently as I have 2 separate lan's with one going through a VPN. I also use dns. So my stuff is all kind of messed up right now and I gave up lol. 

 

A simple setup like you're trying with yours E, it should be as simple as googling "port forward on opnsense" and following a guide. Again out of the box, it appears pretty robust to me. But I'm also not a network guru either, I just play around with stuff. 

EDIT:
You could also change the subnet on your ISP's router too instead.  If your devices are used to the default say 192.168.1.x address space, you could change your ISP router to 192.168.0.x, and leave the 192.168.1.x to OPNsense instead of changing OPNsense to something different.  

 

Thanks for the input bud. Cannot believe I didn't think of changing the subnet of the ISP router. Just goes to show how clouded my thinking is at the moment. Rocking suggestion.

 

I took a look into the Firewall and port forwarding, certainly a different layout, more than what I'm used to lol.

  • Thanks 1

£3000

Owned

 Share

CPU: AMD Ryzen 9 7950X3D
MOTHERBOARD: MSI Meg Ace X670E
RAM: Corsair Dominator Titanium 64GB (6000MT/s)
GPU: EVGA 3090 FTW Ultra Gaming
SSD/NVME: Corsair MP700 Pro SE Gen 5 4TB
PSU: EVGA Supernova T2 1600Watt
CASE: be quiet Dark Base Pro 900 Rev 2
FANS: Noctua NF-A14 industrialPPC x 6
Full Rig Info

Owned

 Share

CPU: Intel Core i5 8500
RAM: 16GB (2x8GB) Kingston 2666Mhz
SSD/NVME: 256GB Samsung NVMe
NETWORK: HP 561T 10Gbe (Intel X540 T2)
MOTHERBOARD: Proprietry
GPU: Intel UHD Graphics 630
PSU: 90Watt
CASE: HP EliteDesk 800 G4 SFF
Full Rig Info

£3000

Owned

 Share

CPU: 2 x Xeon|E5-2696-V4 (44C/88T)
RAM: 128GB|16 x 8GB - DDR4 2400MHz (2Rx8)
MOTHERBOARD: HP Z840|Intel C612 Chipset
GPU: Nvidia Quadro P2200
HDD: 4x 16TB Toshiba MG08ACA16TE Enterprise
SSD/NVME: Intel 512GB 670p NVMe (Main OS)
SSD/NVME 2: 2x WD RED 1TB NVMe (VM's)
SSD/NVME 3: 2x Seagate FireCuda 1TB SSD's (Apps)
Full Rig Info
Link to comment
Share on other sites

1 hour ago, ENTERPRISE said:

 

Thanks for the input bud. Cannot believe I didn't think of changing the subnet of the ISP router. Just goes to show how clouded my thinking is at the moment. Rocking suggestion.

 

I took a look into the Firewall and port forwarding, certainly a different layout, more than what I'm used to lol.

As I said earlier too though, the firewall options shouldn't be too terribly difficult to figure out with a simple "how to port forward" search online for a guide.  If you're trying to go through a VPN or use DNS or something you might have a more difficult time like I am.  But your average network use, it should be pretty straightforward with a guide.

Link to comment
Share on other sites

Hey Chaps, 

 

So I managed to get the network mostly working. The one thing I am struggling with, and likely as I am messing something up in the Firewall rules is that my NAS that sits on 192.168.1.27 is not able to update its apps any longer. 

 

So I assume I have to configure a rule on the WAN side to allow my NAS to communicate back and fourth from the internet right ? I did try it but still no particular joy. Can someone screenshot a pfense rule page of theirs as an example of allowing a device sitting on the LAN to communicate back and fourth to the internet. All very simple stuff...but apparently I don't know enough haha.

  • Thanks 1

£3000

Owned

 Share

CPU: AMD Ryzen 9 7950X3D
MOTHERBOARD: MSI Meg Ace X670E
RAM: Corsair Dominator Titanium 64GB (6000MT/s)
GPU: EVGA 3090 FTW Ultra Gaming
SSD/NVME: Corsair MP700 Pro SE Gen 5 4TB
PSU: EVGA Supernova T2 1600Watt
CASE: be quiet Dark Base Pro 900 Rev 2
FANS: Noctua NF-A14 industrialPPC x 6
Full Rig Info

Owned

 Share

CPU: Intel Core i5 8500
RAM: 16GB (2x8GB) Kingston 2666Mhz
SSD/NVME: 256GB Samsung NVMe
NETWORK: HP 561T 10Gbe (Intel X540 T2)
MOTHERBOARD: Proprietry
GPU: Intel UHD Graphics 630
PSU: 90Watt
CASE: HP EliteDesk 800 G4 SFF
Full Rig Info

£3000

Owned

 Share

CPU: 2 x Xeon|E5-2696-V4 (44C/88T)
RAM: 128GB|16 x 8GB - DDR4 2400MHz (2Rx8)
MOTHERBOARD: HP Z840|Intel C612 Chipset
GPU: Nvidia Quadro P2200
HDD: 4x 16TB Toshiba MG08ACA16TE Enterprise
SSD/NVME: Intel 512GB 670p NVMe (Main OS)
SSD/NVME 2: 2x WD RED 1TB NVMe (VM's)
SSD/NVME 3: 2x Seagate FireCuda 1TB SSD's (Apps)
Full Rig Info
Link to comment
Share on other sites

2 hours ago, ENTERPRISE said:

Hey Chaps, 

 

So I managed to get the network mostly working. The one thing I am struggling with, and likely as I am messing something up in the Firewall rules is that my NAS that sits on 192.168.1.27 is not able to update its apps any longer. 

 

So I assume I have to configure a rule on the WAN side to allow my NAS to communicate back and fourth from the internet right ? I did try it but still no particular joy. Can someone screenshot a pfense rule page of theirs as an example of allowing a device sitting on the LAN to communicate back and fourth to the internet. All very simple stuff...but apparently I don't know enough haha.

What I did in a similar situation, I just put the new router's IP address (OPNsense) into the DMZ on the gateway.  You're not using the router on the ISP's gateway anyway, so that'll just bypass your ISP firewall entirely.  Thus, allowing OPNsense full access naked to the internet.  However you're then entirely reliant on the firewall in OPNsense.  Which....is kind of the point to begin with if you didn't have a router from the ISP.

I could be wrong, but it does work. :lachen:

Link to comment
Share on other sites

28 minutes ago, pioneerisloud said:

What I did in a similar situation, I just put the new router's IP address (OPNsense) into the DMZ on the gateway.  You're not using the router on the ISP's gateway anyway, so that'll just bypass your ISP firewall entirely.  Thus, allowing OPNsense full access naked to the internet.  However you're then entirely reliant on the firewall in OPNsense.  Which....is kind of the point to begin with if you didn't have a router from the ISP.

I could be wrong, but it does work. :lachen:

The firewall on the ISP router is disabled and only using the one on Pfense, the router is essentially just acting as a modem at this point.

£3000

Owned

 Share

CPU: AMD Ryzen 9 7950X3D
MOTHERBOARD: MSI Meg Ace X670E
RAM: Corsair Dominator Titanium 64GB (6000MT/s)
GPU: EVGA 3090 FTW Ultra Gaming
SSD/NVME: Corsair MP700 Pro SE Gen 5 4TB
PSU: EVGA Supernova T2 1600Watt
CASE: be quiet Dark Base Pro 900 Rev 2
FANS: Noctua NF-A14 industrialPPC x 6
Full Rig Info

Owned

 Share

CPU: Intel Core i5 8500
RAM: 16GB (2x8GB) Kingston 2666Mhz
SSD/NVME: 256GB Samsung NVMe
NETWORK: HP 561T 10Gbe (Intel X540 T2)
MOTHERBOARD: Proprietry
GPU: Intel UHD Graphics 630
PSU: 90Watt
CASE: HP EliteDesk 800 G4 SFF
Full Rig Info

£3000

Owned

 Share

CPU: 2 x Xeon|E5-2696-V4 (44C/88T)
RAM: 128GB|16 x 8GB - DDR4 2400MHz (2Rx8)
MOTHERBOARD: HP Z840|Intel C612 Chipset
GPU: Nvidia Quadro P2200
HDD: 4x 16TB Toshiba MG08ACA16TE Enterprise
SSD/NVME: Intel 512GB 670p NVMe (Main OS)
SSD/NVME 2: 2x WD RED 1TB NVMe (VM's)
SSD/NVME 3: 2x Seagate FireCuda 1TB SSD's (Apps)
Full Rig Info
Link to comment
Share on other sites

3 hours ago, ENTERPRISE said:

Hey Chaps, 

 

So I managed to get the network mostly working. The one thing I am struggling with, and likely as I am messing something up in the Firewall rules is that my NAS that sits on 192.168.1.27 is not able to update its apps any longer. 

 

So I assume I have to configure a rule on the WAN side to allow my NAS to communicate back and fourth from the internet right ? I did try it but still no particular joy. Can someone screenshot a pfense rule page of theirs as an example of allowing a device sitting on the LAN to communicate back and fourth to the internet. All very simple stuff...but apparently I don't know enough haha.

It would be on the LAN, everything on your LAN should already have access to the WAN by default from these following rules.   From your NAS you should be able to ping the internet.

 

1191311250_Screenshotfrom2021-11-2712-23-57.thumb.png.8d6bac49288ce05589f462a74b5cc2ec.png

1785073952_Screenshotfrom2021-11-2712-24-37.thumb.png.d9e4cc96f8bac68e8a2779abdbc83410.png

 

 

 

 

1495210263_Screenshotfrom2021-11-2712-42-05.png.792d5bea73942322e4c7abb5521cb29d.png

Edited by Diffident
  • Thanks 1
Link to comment
Share on other sites

17 minutes ago, Diffident said:

It would be on the LAN, everything on your LAN should already have access to the WAN by default from these following rules.   From your NAS you should be able to ping the internet.

 

1191311250_Screenshotfrom2021-11-2712-23-57.thumb.png.8d6bac49288ce05589f462a74b5cc2ec.png

1785073952_Screenshotfrom2021-11-2712-24-37.thumb.png.d9e4cc96f8bac68e8a2779abdbc83410.png

 

 

 

 

1495210263_Screenshotfrom2021-11-2712-42-05.png.792d5bea73942322e4c7abb5521cb29d.png

 

Thanks for that. I actually think it is more the ports. I realised later than inherently everything on the LAN should be good to go as per the default firewall rule. So I figured that the NAS App Store is using a specific port to communicate that I will have to locate and allow through. 

 

I did some port forwarding to allow Call Of Duty to play better so it has an Open NAT, though it still comes up as Strict. Some more things to investigate I guess. I am used to doing all these things on a super simple interface but I am getting the hang of it slowly I think. 

 

Thus far my port forwards look like the below, feel free to let me know if they are wrong haha. 

 

Ports.thumb.png.e5ca463b52becb9d7415ec2bca23707d.png

£3000

Owned

 Share

CPU: AMD Ryzen 9 7950X3D
MOTHERBOARD: MSI Meg Ace X670E
RAM: Corsair Dominator Titanium 64GB (6000MT/s)
GPU: EVGA 3090 FTW Ultra Gaming
SSD/NVME: Corsair MP700 Pro SE Gen 5 4TB
PSU: EVGA Supernova T2 1600Watt
CASE: be quiet Dark Base Pro 900 Rev 2
FANS: Noctua NF-A14 industrialPPC x 6
Full Rig Info

Owned

 Share

CPU: Intel Core i5 8500
RAM: 16GB (2x8GB) Kingston 2666Mhz
SSD/NVME: 256GB Samsung NVMe
NETWORK: HP 561T 10Gbe (Intel X540 T2)
MOTHERBOARD: Proprietry
GPU: Intel UHD Graphics 630
PSU: 90Watt
CASE: HP EliteDesk 800 G4 SFF
Full Rig Info

£3000

Owned

 Share

CPU: 2 x Xeon|E5-2696-V4 (44C/88T)
RAM: 128GB|16 x 8GB - DDR4 2400MHz (2Rx8)
MOTHERBOARD: HP Z840|Intel C612 Chipset
GPU: Nvidia Quadro P2200
HDD: 4x 16TB Toshiba MG08ACA16TE Enterprise
SSD/NVME: Intel 512GB 670p NVMe (Main OS)
SSD/NVME 2: 2x WD RED 1TB NVMe (VM's)
SSD/NVME 3: 2x Seagate FireCuda 1TB SSD's (Apps)
Full Rig Info
Link to comment
Share on other sites

5 hours ago, ENTERPRISE said:

 

Thanks for that. I actually think it is more the ports. I realised later than inherently everything on the LAN should be good to go as per the default firewall rule. So I figured that the NAS App Store is using a specific port to communicate that I will have to locate and allow through. 

 

I did some port forwarding to allow Call Of Duty to play better so it has an Open NAT, though it still comes up as Strict. Some more things to investigate I guess. I am used to doing all these things on a super simple interface but I am getting the hang of it slowly I think. 

 

Thus far my port forwards look like the below, feel free to let me know if they are wrong haha. 

 

Ports.thumb.png.e5ca463b52becb9d7415ec2bca23707d.png

 

I would make a "Warzone" alias so everything is in one rule.  But since you have a NAT issue, this tutorial may work better.

 

 

  • Respect 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now



×
×
  • Create New...

Important Information

This Website may place and access certain Cookies on your computer. ExtremeHW uses Cookies to improve your experience of using the Website and to improve our range of products and services. ExtremeHW has carefully chosen these Cookies and has taken steps to ensure that your privacy is protected and respected at all times. All Cookies used by this Website are used in accordance with current UK and EU Cookie Law. For more information please see our Privacy Policy