Hello,
I am planning to deploy pfSense, mostly for firewall and NAT, on my
production Cloud. It is based on VMware.
What do you recommend:
+ 1 big multi-CPU pfSense VM, or
+ 2 smaller single-CPU pfSense VMs
A question:
Will 2 smaller VMs provide higher throughput than a single big VM?
And some
h, so I'd value your input very much.
Rgds,
--
Pandu E Poluan
On Wed, Jan 5, 2011 at 09:42, Jesse Vollmar wrote:
> On Tue, Jan 4, 2011 at 9:32 PM, Pandu Poluan wrote:
>
>> Hello,
>>
>> I am planning to deploy pfSense, mostly for firewall and NAT, on my
>> pro
Ahh, okay! Thanks for the help!
I <3 pfSense :-)
Rgds,
--
Pandu E Poluan
On Wed, Jan 5, 2011 at 12:24, Chris Buechler wrote:
>
>
> On Wed, Jan 5, 2011 at 12:00 AM, Pandu Poluan wrote:
>
>> Well, I just divide the servers in the private network, half using the
Hello again!
I think I'm having trouble with VIP.
The scenario is this (IP addresses obfuscated):
+ WAN address is 100.2.2.8/25
+ LAN address is 192.168.1.1/24
+ I create a VIP, CARP, 100.2.2.9/25
Now, I tried to make a NAT:
+ 100.2.2.9:53 forwards to 192.168.1.20:53
+ A firewall rule is automat
his
> 100.2.2.8/25 on your WAN interface. Check this 100.2.2.9:53 from outside
> your network. From inside, you can not use this (100.2.2.9:53) address to
> query your DNS. Use the internal network address of the DNS server.
>
> On Thu, Jan 6, 2011 at 10:58 AM, Pandu Poluan wrote:
>
&g
Yes, I've setup NAT for TCP/UDP. No joy.
Rgds,
--
Pandu E Poluan
On Thu, Jan 6, 2011 at 15:22, Chris Buechler wrote:
> On Thu, Jan 6, 2011 at 12:58 AM, Pandu Poluan wrote:
> > Hello again!
> >
> > I think I'm having trouble with VIP.
> >
> > Th
nd UDPCan you share the
> screen shot of your firewall rule..?
>
>
> On Thu, Jan 6, 2011 at 1:18 PM, Pandu Poluan wrote:
>
>> Yes, I was accessing the external IP address from a different network.
>>
>> E.g. The 100.x.y.z is on ISP A, I tried to access it
s for 10.2.2.8 and 10.2.2.9
> + The four blackened nets are 192.168.1.
>
> Rgds,
> --Pandu E Poluan
>
>
>
> On Thu, Jan 6, 2011 at 15:22, Abdulrehman wrote:
>
> ok...for DNS...you need to allow both TCP and UDPCan you share the
> screen shot of your firewall
Although I never found myself in a situation where I need to have an
auto-revert, I can see how this will be useful for some. Or for
myself, someday.
Rgds,
On 2011-01-14, David Burgess wrote:
> On Thu, Jan 13, 2011 at 2:00 PM, Charles N Wyble
> wrote:
>
>> Phase one applies the configuration.
Have you configured the Cisco router with a static route to the XP's network?
Rgds,
On 2011-01-21, Danny wrote:
> Hi,
>
> I´ve got a 1.2.3 pfSense connected this way:
>
> XP > [LAN] PFSense [WAN] ---> [WAN] Cisco router [LAN]
>
> I can ping from XP to LAN and WAN pfsense interfaces, but can
l pfsense,
> virtual XP, with VMWare using GNS3... maybe that causes that weird
> behaviour.
>
> thanks a lot
> Rgards
>
> On Fri, Jan 21, 2011 at 12:52 PM, Pandu Poluan wrote:
>
>> Have you configured the Cisco router with a static route to the XP's
>> ne
I agree with Jim.
A firewall box should be exclusively a firewall, no matter how 'stout'
it is. More components == more attack surface area. Not to mention the
intricacies of interaction that might bollix the firewall's mechanisms
in a non-repeatable way.
Better to put all analysis packages in an
On Sat, Feb 5, 2011 at 02:54, Mark Jones wrote:
> Well, I hear of people running pfSense in a VM, and I wonder how do you avoid
> exposing the host OS to the network? How can a firewall be run in a VM and
> not leave the host OS hanging out to be attacked? Or, go the otherway and
> put the VM
13 matches
Mail list logo
