Recently Browsing 0 members
No registered users viewing this page.
By The Dark Knight
So these are the rules I've implemented for my IoT VLAN network in pfSense. I wonder if I should restrict the outbound protocols, or just leave it on "Any", since there are other blocks in place?
By The Dark Knight
I'm having a very weird and annoying problem with my network all of a sudden. This is my network setup:
pfSense running in Hyper-V 2 dedicated NIC's - one for WAN and one for LAN 4 Wireless AP's - all configured with static addresses and have DHCP disabled so that all wireless clients get their addresses from pfSense instead of the AP's
So the problem is, many of my wireless devices particularly phones, start reporting no internet access at least once a day. Other wireless devices like laptops, Fire TV Sticks, and all wired devices work perfectly fine. Phones are connected to WiFi, but are actually using the LTE connection. Checking the IP address confirms this. However if I turn off LTE, the phone again has internet from my home connection, although Android continues to report no internet access! Rebooting the phone doesn't help. Rebooting pfSense makes the problem go away immediately!
Static IP's for all devices configured in pfSense itself, except for the Wireless AP's. Everything was working perfectly fine for a few months, this problem only started about a week back. pfSense is on the latest version with the recent security updates applied via Shell.
By The Dark Knight
So I recently built a home server running Windows 10 Pro and Hyper-V. I initially went with OPNsense, but have now switched to pfSense. Documentation for OPNsense is pretty thin, and so are guides online. Whereas pfSense information is abundant. So anyway, I've got it up and running in Hyper-V, and all my devices are getting internet and LAN access as well as able to push Gig.
Now the thing is, I'm on Carrier Grade NAT. I learned that this is what it is called recently while I have been tearing my hair out to get stuff to work for external access. Turns out, I cannot. Well, not in a straight forward way at least. Some guides do mention using a VPS running a VPN, or SSH tunneling, but my networking knowledge is limited, so don't want to go down those roads. So since I have a double NAT (and I cannot put the ISP hardware in bridge mode like many guides online suggest), my only option is to pay my ISP for a public IP. Which I intend to do in the near future.
So how do I secure my network for this? I want to be able to run OpenVPN, NextCloud, AirSonic and maybe Plex with external access for all. I don't intend to host my website from home as it is too risky. That will remain on professional hosting. I have professional email with GSuite, and want that to continue as well. Can I point my domain to my home server for Plex, NexCloud etc, while still having externally hosted website and email? Ideally I would like to have plex.mydomain.com, nextcloud.mydomain.com, etc.
I also plan to buy a managed switch next year sometime for segregating traffic using VLAN's. But I have some doubts regarding this. I am totally new to this. How do I segregate wireless traffic? Will I need to buy new Access Points? I've seen hardware from Ubiquiti highly recommended online by many people, but they are bloody expensive here! They start at the equivalent of $150, which is way too much for me at least. I would ideally like to have some wireless clients with unrestricted access and some with only internet and not LAN access. For wired, I think I understand how VLAN's work. I have to create a VLAN, assign it to a port on the switch, and then connect whatever device I want on that port, which will get the alternate IP address specified for that VLAN.
By The Dark Knight
So I plan on building a home server in the near future. This is the kind of stuff I want to run on it. Also listed a few parts that I thought would suit this requirement. Will this be enough?
Current: ASUS RT-N56U router, 125 mbps up/down, unmanaged Gigabit switch, 1 additional access point, Raspberry pi 3B+ running Pi-hole.
Here is the hardware currently being used at home. 4 computers, 1 media file server, 2 Kodi boxes, 3 tablets, 6 mobile phones, 2 Amazon Echo's and 2 Raspberry Pi's. I really don't foresee much changing in terms of quantity of devices even in the future. But for future proofing sake, let's say another one dozen internet connected devices.
Crucial - will this hardware be capable of pushing Gigabit internet?
Windows 10 base, Hyper-Virtualisation: pfSense (or OPNsense), WordPress website hosting, Subsonic / Airsonic music server, Pi-hole, some CCTV monitoring, NextCloud, 1 Linux distro for fooling around, and finally Windows 10 (for testing). All these as VM's in Hyper-V. Also, OpenVPN for connecting from outside. A maximum of 4 users at any given point of time. Mostly just me.
Not at all keen on a full Linux setup, as I'm far more comfortable with Windows. Linux based stuff like Pi-hole is fine as it is dead simple to setup.
Thought of using an AMD A8 series processor, coupled with a Gigabyte Mini-ITX motherboard, 450W PSU, 16 GB DDR3 or DDR4 RAM, 1 SSD and 1 HDD.
Finally, I've read that Intel NIC's are the best supported under pfSense/OPNsense. But due to initial budget constraints (will upgrade later), I will be using the on-board LAN (Realtek) and adding in another TP-Link card. Realistically, what kind of hit can I expect by not using Intel, given my requirements and device count?
Look forward to the responses!
So after putting up with crappy WiFi around the house and after months of debating, I finally caved and decided to do something about it.
I went away and bought a couple of Ubiquiti APs plus an old desktop for pfSense.
Now I did a bit of reading up on best ways to set up, common pit falls and watched a few video tutorials. I arrogantly thought this would be a piece of cake, and of course I was wrong
Credit to Ubiquiti, the APs were a doddle to set up, even with my lack of networking knowledge. The pfSense box on the other hand not so easy. After struggling to install it, configure the NIC and get any kind of basic connection, I gave up after 3 hours of tearing my hair out.
There was clearly more to to the set up than I'd anticipated. If anyone has any pointers or things to read up on before I make another attempt at the weekend, please feel free to post. Keep an eye out for an update later this week
Here's what I'm working with.
UniFi AC Lite AP (x2) HP Compaq 8200 Elite SFF (this is being used for the pfSense box)
Intel Core i5 2400 3.1GHz
2GB RAM (DDR3)
Intel Pro 1000 PT
Here's what I'm trying to achieve
and the issues :P
When I had pfSense working, WAN was reporting 1000BaseTx, LAN however was only reporting 100BaseTx. I have 200Mpbs internet so really need Gigabit. After setting up and attaching the switch to the pfSense box, I was not able to access the switch. It was throwing an error with the message "Host IP address and switch IP address must be on the same subnet" I hadn't changed any of the subnet settings, so not sure why this was happening