Re: [pfSense Support] interface shorthand
>Is there a way to craft a rule that is specific to >anything outbound on the >WAN >interface only? I would imagine an alias of all >internal networks, then a >'Not' >rule , but is my only option, I just don't like the >fact that list has to be >manually >updated or it leaves a hole. > >Thanks , >jlc You do not need to configure rules specific to outbound traffic on WAN (actually it is impossible via web-interface). If you use restrictive policy on every local interface - prohibit all but allow only needed traffic - you are good. Regarding vlan vs physical - it does not make any difference from rules' perspective. Evgeny. Sent on the TELUS Mobility network with BlackBerry - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] interface shorthand
>If you only have LAN and WAN interfaces then you should just be able to define >the rule on the LAN interface. >If you have more interfaces than that then someone smarter than me will have >to answer it. :) Hah. yeah I have 5 physical and several vlan based. jlc - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] Routing Multiple Static IPs
> From: li...@mgreg.com > Date: Sat, 16 Oct 2010 20:47:51 -0400 > To: support@pfsense.com > Subject: Re: [pfSense Support] Routing Multiple Static IPs > > > On Oct 16, 2010, at 9:16 AM, Lyle Giese wrote: > > > li...@mgreg.com wrote: > >> Hi All, > >> > >> Having a bit of a problem wrapping my head around a particular network > >> setup. Basically the scenario is as follows: > >> > >> -- 1 ISP (Cable Internet Provider) > >> -- 5 Available static IPs > >> -- 1 Cable Modem > >> -- 1 Generic PC with 2 NICs (running pfSense) > >> -- 1 Gigabit Switch with 20+ PCs connected > >> > >> > >> The current physical setup is as follows: > >> > >> ISP (5 STATIC IPs) --> CABLE MODEM --> pfSense Box (2 NICs) --> 32-port Gb > >> Switch --> 20+ PCs > >> > >> > >> I need to be able to do each of the following: > >> > >> 1) Connect a router downstream from the pfSense box to use 1 of the 5 > >> available IPs -- so as to segregate networks > >> 2) Route all traffic from 2 of the 5 available static IPs to a single PC > >> whilst maintaining their "internal" (10.0.0.x) status. > >> > >> I'm not really sure what I need to be looking into for this -- VLANs, BGP, > >> General Multihoming, NAT? Do I need more hardware? Be as descriptive as > >> you deem necessary. > >> > >> Currently the entire network is just running off a single static IP > >> address (i.e. a run-of-the-mill cable internet setup with pfSense box as > >> the router) > >> > >> > >> > >> Best, > >> > >> Michael > >> > >> > > Not sure what you are going to use the second box for or why, but I > > would consider putting a switch between the cable modem and pfsense and > > just use on of the static ip addresses directly and not put that traffic > > through the existing pfsense box. > > > > We do that for one of our larger clients and provide views in dns so > > that the internal pc's get different ip address for mail or the company > > website so that traffic never hits the routable ip addresses. The > > webserver and mail servers are dual homed with external and internal ip > > addresses. > > > > Lyle > > > Thanks Lyle, > > Basically we want a central point to monitor all incoming/outgoing traffic > regardless of the network. We just figure since we already have the pfSense > box in place we'll passthrough for whatever else we need. Also, we want all > but one of the boxes that get a STATIC IP to still be accessible internally. > > For instance, our ISP gives us a pool of addresses from 85.100.100.46 - 50 > (not real, but play along). The main pfSense box will have 85.100.100.46 > and will also control all traffic. Then we'll have one box that actually > *is* 85.100.100.47 that isn't visible on the local network, then another box > to which we simply pass all traffic that would otherwise route to > 85.100.100.48 - 50, but is still accessible via 10.0.0.x on the local network. > > Obviously port forwarding is preferable in many cases, but in this particular > case there are several services running on these machines that would require > a great deal of port forwarding. So, instead of doing that, we simply allow > them to have their own "external" IP. > > If there is no "good" way to do this (even via VLANs) from pfSense then I'll > request an additional switch. But I don't want to suggest the spending of > more money unless 100% necessary. > > Thanks again for any help. > > Best, > > Michael I think what you're looking for is a combination of Virtual IPs and possibly 1:1 NAT. I haven't actually tried that setup myself so someone with more experience might need to correct me, but you should be able to setup the public IPs as Virtual IPs on the WAN interface and then setup 1:1 NAT to then map the external IP to an internal IP. My understanding of 1:1 NAT at least is that it is pretty much what you are looking for...it causes all traffic to an IP to be forwarded to the appropriate internal IP. I'm pretty sure you still have to add rules to open up the firewall for those IPs too, so (if necessary, since it's not optimal from a security standpoint) you could just add a rule to pass any traffic with a destination set to the external Virtual IP.
RE: [pfSense Support] interface shorthand
> From: jcas...@activenetwerx.com > To: support@pfsense.com > Date: Sun, 17 Oct 2010 01:13:06 + > Subject: [pfSense Support] interface shorthand > > Is there a way to craft a rule that is specific to anything outbound on the > WAN > interface only? I would imagine an alias of all internal networks, then a > 'Not' > rule, but is my only option, I just don't like the fact that list has to be > manually > updated or it leaves a hole. > > Thanks, > jlc > If you only have LAN and WAN interfaces then you should just be able to define the rule on the LAN interface. If you have more interfaces than that then someone smarter than me will have to answer it. :)
[pfSense Support] interface shorthand
Is there a way to craft a rule that is specific to anything outbound on the WAN interface only? I would imagine an alias of all internal networks, then a 'Not' rule, but is my only option, I just don't like the fact that list has to be manually updated or it leaves a hole. Thanks, jlc - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Routing Multiple Static IPs
On Oct 16, 2010, at 9:16 AM, Lyle Giese wrote: > li...@mgreg.com wrote: >> Hi All, >> >> Having a bit of a problem wrapping my head around a particular network >> setup. Basically the scenario is as follows: >> >> -- 1 ISP (Cable Internet Provider) >> -- 5 Available static IPs >> -- 1 Cable Modem >> -- 1 Generic PC with 2 NICs (running pfSense) >> -- 1 Gigabit Switch with 20+ PCs connected >> >> >> The current physical setup is as follows: >> >> ISP (5 STATIC IPs) --> CABLE MODEM --> pfSense Box (2 NICs) --> 32-port Gb >> Switch --> 20+ PCs >> >> >> I need to be able to do each of the following: >> >> 1) Connect a router downstream from the pfSense box to use 1 of the 5 >> available IPs -- so as to segregate networks >> 2) Route all traffic from 2 of the 5 available static IPs to a single PC >> whilst maintaining their "internal" (10.0.0.x) status. >> >> I'm not really sure what I need to be looking into for this -- VLANs, BGP, >> General Multihoming, NAT? Do I need more hardware? Be as descriptive as >> you deem necessary. >> >> Currently the entire network is just running off a single static IP address >> (i.e. a run-of-the-mill cable internet setup with pfSense box as the router) >> >> >> >> Best, >> >> Michael >> >> > Not sure what you are going to use the second box for or why, but I > would consider putting a switch between the cable modem and pfsense and > just use on of the static ip addresses directly and not put that traffic > through the existing pfsense box. > > We do that for one of our larger clients and provide views in dns so > that the internal pc's get different ip address for mail or the company > website so that traffic never hits the routable ip addresses. The > webserver and mail servers are dual homed with external and internal ip > addresses. > > Lyle Thanks Lyle, Basically we want a central point to monitor all incoming/outgoing traffic regardless of the network. We just figure since we already have the pfSense box in place we'll passthrough for whatever else we need. Also, we want all but one of the boxes that get a STATIC IP to still be accessible internally. For instance, our ISP gives us a pool of addresses from 85.100.100.46 - 50 (not real, but play along). The main pfSense box will have 85.100.100.46 and will also control all traffic. Then we'll have one box that actually *is* 85.100.100.47 that isn't visible on the local network, then another box to which we simply pass all traffic that would otherwise route to 85.100.100.48 - 50, but is still accessible via 10.0.0.x on the local network. Obviously port forwarding is preferable in many cases, but in this particular case there are several services running on these machines that would require a great deal of port forwarding. So, instead of doing that, we simply allow them to have their own "external" IP. If there is no "good" way to do this (even via VLANs) from pfSense then I'll request an additional switch. But I don't want to suggest the spending of more money unless 100% necessary. Thanks again for any help. Best, Michael - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Enclosure recommendations for a Mini ITX Motherboard
On 10/16/10 12:54 PM, Jeppe Øland wrote: On Sat, Oct 16, 2010 at 11:19 AM, Mehma Sarja wrote. [snip] * mother board - Supermicro MBD-X7SPA-HF-O, You probably only want the X7SPA-H since you won't need the Matrox GFX Ok, so a savings of 44 on the mb There are lots and lots and lots of Atom based motherboards, but most of them only have 1 NIC. Adding an extra PCI NIC is still cheaper than 2 nics on the board - simpler but not cheaper. D510MO is usually around $80, so you have quite a bit of savings there. Since you are a home user, the WAN side NIC doesn't have to be blazing fast since you are bound by your connection way before anything else. I'll take a slow server class board with 2 nics and a memory capacity of at-least 2 GB. The SSD really adds a lot to your price. You could run off a USB stick for a while and see how far that takes you. (Mine's been running ~6 months on a USB stick now ... and not the embedded install either). Jeppe, do you run Snort? Nah, I don't like it - the USB storage sounds 'temporary.' I am willing to go down on the mb horsepower, but I want 2 NICs and SSD. So, we came 44 down from 460 to 416. Not bad. What I am hoping for is a consolidator like netgate.com to come in and build a "popular" bundle and offer it at 350 all inclusive. Or for someone to source a lower-cost vendor. Mehma - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Enclosure recommendations for a Mini ITX Motherboard
On Sat, Oct 16, 2010 at 12:54 PM, Jeppe Øland wrote: > There are lots and lots and lots of Atom based motherboards Lots of choices listed here: http://www.linuxtech.net/features/intel_atom_pineview_motherboards_overview.html Regards, -Jeppe - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Enclosure recommendations for a Mini ITX Motherboard
On Sat, Oct 16, 2010 at 11:19 AM, Mehma Sarja wrote: > US Vendors for fanless/ssd: $208 mb + $79 case + $90 ssd intel 40 GB + > $83 4 GB mem = $460 > > * mother board - Supermicro MBD-X7SPA-HF-O, You probably only want the X7SPA-H since you won't need the Matrox GFX card (the base model has a built-in Intel GPU) http://www.newegg.com/Product/Product.aspx?Item=N82E16813182233 There are lots and lots and lots of Atom based motherboards, but most of them only have 1 NIC. Adding an extra PCI NIC is still cheaper than buying a more full-featured board - especially if you have an old one laying around somewhere. D510MO is usually around $80, so you have quite a bit of savings there. Since you are a home user, the WAN side NIC doesn't have to be blazing fast since you are bound by your connection way before anything else. The SSD really adds a lot to your price. You could run off a USB stick for a while and see how far that takes you. (Mine's been running ~6 months on a USB stick now ... and not the embedded install either). Regards, -Jeppe - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Enclosure recommendations for a Mini ITX Motherboard
US Vendors for fanless/ssd: $208 mb + $79 case + $90 ssd intel 40 GB + $83 4 GB mem = $460 * mother board - Supermicro MBD-X7SPA-HF-O, http://www.newegg.com/Product/Product.aspx?Item=N82E16813182234 * case - M350 SILVER Enclosure, WITH PICOPSU-80 and 60W ADAPTER KIT, http://www.mini-box.com/M350S-enclosure-with-picoPSU-80-and-60W-adapter * SSD Drive - X25-V SSDSA2MP040G2R5 40GB SATA 3.0Gb/s 2.5" Internal Solid State Drive (SSD), http://www.microcenter.com/single_product_results.phtml?product_id=0327627 * value (el cheapo) memory - CORSAIR 4GB (2 x 2GB) PC2-5300 DDR2 667MHz SDRAM SODIMM, CL5, Non-ECC, http://www.avadirect.com/product_details_parts.asp?PRID=8953 That's a high price for a glued-together system. I can see paying 300 - 320 for something like this. Mehma === On 10/16/10 10:38 AM, Glenn Kelley wrote: does anyone now a US based vendor for these items? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Enclosure recommendations for a Mini ITX Motherboard
does anyone now a US based vendor for these items? On Oct 16, 2010, at 6:07 AM, Seth Mos wrote: > Hi, > > Op 16 okt 2010, om 03:49 heeft Mehma Sarja het volgende geschreven: >> This is getting interesting, someone on the list mentions that 2.5" drives >> are not reliable for 24x7x365 situations - so are you using a 3.5" drive? My >> setup is at home as well and it is just not fan noise - we see MUCH more >> dust than a traditional server room. That fan is not going to last long. > > There are arguments back and forth about the use of notebook drives 24x7. > They are designed to withstand shocks, most of the time the disk head is > parked instead of flying over the platter. > > The also perform admirably without ventilation, I havn't seen a notebook with > proper ventilation years. > > I think that all things considered the argument is moot. > > Everything fails at some points, even "enterprise" quality gear that costs a > decent sized car. > > Fanless though, those things likely fail, you can buy a expensive consumer > product fan but that will most likely still fail. > > I've used Pabst fans before and never ever seen one fail. Then again they > cost a lot more as well. I believe a single 12cm is about 35 euros. > > I've recently built a Lanner Inc. FW7535 that will most likely outlast me. > It's a dual core atom with 6 gig ports and runs from a 4GB Sandisk extreme 3 > flash. I've loaded the full install on it instead of the nanonbsd version for > my own reasons. > > It's silent, rugged, fast and it works really well. It's about 500 euros ex > VAT though. It is proper industrial quality built. > > Regards, > > Seth > - > To unsubscribe, e-mail: support-unsubscr...@pfsense.com > For additional commands, e-mail: support-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Routing Multiple Static IPs
li...@mgreg.com wrote: > Hi All, > > Having a bit of a problem wrapping my head around a particular network setup. > Basically the scenario is as follows: > > -- 1 ISP (Cable Internet Provider) > -- 5 Available static IPs > -- 1 Cable Modem > -- 1 Generic PC with 2 NICs (running pfSense) > -- 1 Gigabit Switch with 20+ PCs connected > > > The current physical setup is as follows: > > ISP (5 STATIC IPs) --> CABLE MODEM --> pfSense Box (2 NICs) --> 32-port Gb > Switch --> 20+ PCs > > > I need to be able to do each of the following: > > 1) Connect a router downstream from the pfSense box to use 1 of the 5 > available IPs -- so as to segregate networks > 2) Route all traffic from 2 of the 5 available static IPs to a single PC > whilst maintaining their "internal" (10.0.0.x) status. > > I'm not really sure what I need to be looking into for this -- VLANs, BGP, > General Multihoming, NAT? Do I need more hardware? Be as descriptive as you > deem necessary. > > Currently the entire network is just running off a single static IP address > (i.e. a run-of-the-mill cable internet setup with pfSense box as the router) > > > > Best, > > Michael > > Not sure what you are going to use the second box for or why, but I would consider putting a switch between the cable modem and pfsense and just use on of the static ip addresses directly and not put that traffic through the existing pfsense box. We do that for one of our larger clients and provide views in dns so that the internal pc's get different ip address for mail or the company website so that traffic never hits the routable ip addresses. The webserver and mail servers are dual homed with external and internal ip addresses. Lyle - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Enclosure recommendations for a Mini ITX Motherboard
On 10/16/2010 6:07 AM, Seth Mos wrote: > Hi, > > Op 16 okt 2010, om 03:49 heeft Mehma Sarja het volgende geschreven: >> This is getting interesting, someone on the list mentions that 2.5" drives >> are not reliable for 24x7x365 situations - so are you using a 3.5" drive? My >> setup is at home as well and it is just not fan noise - we see MUCH more >> dust than a traditional server room. That fan is not going to last long. > > There are arguments back and forth about the use of notebook drives 24x7. > They are designed to withstand shocks, most of the time the disk head is > parked instead of flying over the platter. Some people questioning the reliability probably hit this quirk[1] and didn't tweak their 2.5" drives in a production box. > The also perform admirably without ventilation, I havn't seen a notebook with > proper ventilation years. I've also seen plenty of laptop hdds overheat and die (or lose data) because they got too hot. > I think that all things considered the argument is moot. Pretty much, with adequate cooling and tweaking. Jim 1. http://forum.pfsense.org/index.php/topic,26626.0.html - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Enclosure recommendations for a Mini ITX Motherboard
On Sat, Oct 16, 2010 at 12:07:04PM +0200, Seth Mos wrote: > There are arguments back and forth about the use of notebook drives 24x7. While running hot. Under vibration load. > They are designed to withstand shocks, most of the time the disk head is > parked instead of flying over the platter. They're not made to withstand vibration, under elevated temperatures while in 24/7/365 operation. Oh, and if they park down all the time, they will exhaust their (limited) number of restarts in no time at all (not specific to notebook drives, see e.g WD 'green' drive failure). > The also perform admirably without ventilation, I havn't seen a notebook with > proper ventilation years. > > I think that all things considered the argument is moot. While the plural of anecdote is not data, I've had two notebook drives (different manufacturers) die at the colo within ~6 months. Judging from your argumentation, I don't think you can 'moot' anything yet. > Everything fails at some points, even "enterprise" quality gear that costs a > decent sized car. Enterprise drives (which start at about 200 EUR) are designed to operate under vibration load for about 2-4x of consumer MTBF, while producing a minimal error rate. > Fanless though, those things likely fail, you can buy a expensive consumer > product fan but that will most likely still fail. Again, I can't follow the leaps of logic in your argumentation. Enterprise fans, especially axial ones, last effectively forever. And they're redudant, have monitoring via IPMI and can be typically hot-plugged. If you buy cheap crap which operates at high rpm, especially sitting in a cold spot, it will fail within a year. > I've used Pabst fans before and never ever seen one fail. Then again they > cost a lot more as well. I believe a single 12cm is about 35 euros. Again, consumer lines (Pabst are no longer the gold standard even in consumer product lines). > I've recently built a Lanner Inc. FW7535 that will most likely outlast me. > It's a dual core atom with 6 gig ports and runs from a 4GB Sandisk extreme 3 > flash. I've loaded the full install on it instead of the nanonbsd version for > my own reasons. > > It's silent, rugged, fast and it works really well. It's about 500 euros ex > VAT though. It is proper industrial quality built. It looks like a nice unit, for the price, and comes with Intel NICs. However, passively cooled systems are a no-go if confined in a rack, as they provide no airflow by themselves. Sometimes, even relatively poorly ventilated systems like the Supermicro Atoms can counterintuitively provide better cooling if mounted back to back in large numbers, so air convection is enhanced due to funnel effect (assuming the units blow front to back, and the inner channel allows unobstructed venting to the top). > > Regards, -- Eugen* Leitl http://leitl.org";>leitl http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Enclosure recommendations for a Mini ITX Motherboard
Hi, Op 16 okt 2010, om 03:49 heeft Mehma Sarja het volgende geschreven: > This is getting interesting, someone on the list mentions that 2.5" drives > are not reliable for 24x7x365 situations - so are you using a 3.5" drive? My > setup is at home as well and it is just not fan noise - we see MUCH more dust > than a traditional server room. That fan is not going to last long. There are arguments back and forth about the use of notebook drives 24x7. They are designed to withstand shocks, most of the time the disk head is parked instead of flying over the platter. The also perform admirably without ventilation, I havn't seen a notebook with proper ventilation years. I think that all things considered the argument is moot. Everything fails at some points, even "enterprise" quality gear that costs a decent sized car. Fanless though, those things likely fail, you can buy a expensive consumer product fan but that will most likely still fail. I've used Pabst fans before and never ever seen one fail. Then again they cost a lot more as well. I believe a single 12cm is about 35 euros. I've recently built a Lanner Inc. FW7535 that will most likely outlast me. It's a dual core atom with 6 gig ports and runs from a 4GB Sandisk extreme 3 flash. I've loaded the full install on it instead of the nanonbsd version for my own reasons. It's silent, rugged, fast and it works really well. It's about 500 euros ex VAT though. It is proper industrial quality built. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Enclosure recommendations for a Mini ITX Motherboard
On Fri, Oct 15, 2010 at 06:49:55PM -0700, Mehma Sarja wrote: > This is getting interesting, someone on the list mentions that 2.5" > drives are not reliable for 24x7x365 situations - so are you using a This is not about the form factor, but how the drive is rated. In fact, most enterprise drives are 2.5" these days, with up to 15 krpm. Of course these are all SAS, and I'm not a big friend of VelociRaptors. Of course a solid state drive is completely immune to vibration, and I *suspect* it would tolerate higher (or lower) operation temperature better than than drive containing moving, lubricated parts which necessarily narrow operational range. > 3.5" drive? My setup is at home as well and it is just not fan noise - > we see MUCH more dust than a traditional server room. That fan is not > going to last long. > > Although a regular PC fan does fine for years - that PC does not perform > 24x7x365 duty. So, you got me leaning towards the fanless case again > with maybe a 3.5" drive. I can try for a single platter drive. -- Eugen* Leitl http://leitl.org";>leitl http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Routing Multiple Static IPs
On 10/15/10 8:12 PM, li...@mgreg.com wrote: > Hi All, > > Having a bit of a problem wrapping my head around a particular network setup. > Basically the scenario is as follows: > > -- 1 ISP (Cable Internet Provider) > -- 5 Available static IPs > -- 1 Cable Modem > -- 1 Generic PC with 2 NICs (running pfSense) > -- 1 Gigabit Switch with 20+ PCs connected > > > The current physical setup is as follows: > > ISP (5 STATIC IPs) --> CABLE MODEM --> pfSense Box (2 NICs) --> 32-port Gb > Switch --> 20+ PCs > > > I need to be able to do each of the following: > > 1) Connect a router downstream from the pfSense box to use 1 of the 5 > available IPs -- so as to segregate networks > 2) Route all traffic from 2 of the 5 available static IPs to a single PC > whilst maintaining their "internal" (10.0.0.x) status. > > I'm not really sure what I need to be looking into for this -- VLANs, BGP, > General Multihoming, NAT? Do I need more hardware? Be as descriptive as you > deem necessary. > > Currently the entire network is just running off a single static IP address > (i.e. a run-of-the-mill cable internet setup with pfSense box as the router) Comcast business account? :-) You will want to look into virtual IP's and NAT or port forwarding, perhaps VLANs as well for the internal networking to create some sort of DMZ. It depends on what you are trying to set up or if you are trying to preserve an existing configuration. I'm using a mix of advanced outbound NAT, port forwarding and virtual IP's, works a treat. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Enclosure recommendations for a Mini ITX Motherboard
On Fri, Oct 15, 2010 at 02:27:18PM -0700, Jeppe Øland wrote: > Don't take SSDs for granted. > When they fail, they *really* fail. Yes, I've had my share of total failures with Intel. This is why I have two firewalls (though not configured at a cluster due to lack of time, in fact at the moment the firewalls are being bypassed, which doesn't matter too much since I'm not fully in production). > I have an OCZ Vertex in my desktop PC, and 2 months ago it failed > spectacularly. > Just over 1 year old and the PC BSOD'd ... on reboot, POST wouldn't > even see the drive. Been there, done that. > There is a jumper on it to go into a secondary bootloader, and I was > able to reflash it back to working condition ... but all data was > lost. > 2 months later it failed again the same way. The Intels were completely bricked. > > Someone suggested running off a USB stick. Wouldn't that limit some packages > > which want storage or speedy storage? > > You can install the full version on a USB stick of CF card ... but you > get into the usual long-term reliability with flash based devices. > > HDDs work in the fanless cases as well ... you just have to make sure > the case is not covered and in a reasonably well ventilated area. I have actually installed a spare notebook 2.5" drive each additionally to the SSDs, so in principle (unless the notebook drives also die) I can limp along. For extra belt and suspenders one could also add USB sticks, further down the boot sequence, of course. > > Yea, the fanless option still appeals to me because fans get on my nerves. > > Mine is in my home, so noise really is key. The Supermicro 1U systems I have are very quiet. I'm not sure about the axial one Thomas Krenn sells http://www.thomas-krenn.com/de/server-systeme/1HE-rack-server/1HE-intel-single-cpu/intel-dual-atom-d510-single-cpu-cse513-server.html at least they claim <30 dBA. -- Eugen* Leitl http://leitl.org";>leitl http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org