92 replies to this topic

[geek-accountant]

A while back I stopped using half of the "super router" setup. When our internet connection was upgraded from a 25/5 plan to a 60/5 plan, I started running into performance issues with the virtual NIC's in Xenserver. I could have tried ESXi or something else, but the easiest thing to do was just shut down Untangle and deal with it later. As I got busy with other things, time went by, lots of it. Untangle has been shut down for a year or so.

Well our plan has been upgraded again, this time to a 100/5 plan, when are they going to do something about the 5 part of that? I started running into performance issues again, but really was not that upset that were topping off at 70-75Mb/s. So i started thinking again about un-doing the virtual setup and going back to two physical boxes (pfSense in one and Untangle in the other). But then the power went out one day for hours while I was a work and the battery backups will only last so long. When the wife called to ask how to get the internet back up, I just told her to wait until I get home.

When I got home I turned on the Xenserver box and hoped I had set pfSense to auto boot, and didn't set all the other VM's to autoboot. Well, I didn't set any of them to autoboot. On top of that, I had never installed the management software on my new PC. But I have a monitor, mouse, keyboard setup in the server room with a switch to all the equipment and eventually got it running again. But this made me realize I need to speed up the move.

Tonight, Jim Collison had asked me to broadcast his show while he was in a remote location. No problem, I have a pretty sweet setup for broadcasting. As normal, I rebooted the broadcast server, my studio PC and this time decided to reboot the router. Not something I normally do, but I wanted as clean a setup as possible. So I waited for everything to boot and to my surprise, the PC's rebooted before the router. Several minutes later when the router had still not rebooted, I went to check on it. Guess what? The "free" Xenserver license had expired and once a VM is shut down, it will not reboot. HOLY CRAP!! Now what do I do?

Well, I have a few spare parts laying around and I quickly got a motherboard, a NIC card (MB has one already), a power supply and a harddrive (all 80 gigs of it). Plugged in my USB DVD drive and installed pfSense 1.2.2 (my 1.2.3 CD was damaged). After a couple of other issues to overcome, the system was up and running and ready for the podcast. Notice I didn't mention a case. Yep, all the computer guts are just laying out on the table (on a static bag). This will be fixed over the weekend.

So how is this hog-pog of equipment doing with no tweeks and just a simple install of an outdated version of pfSense? Have a look:



BTW, outside of the fact I keyed the MAC address of my modem wrong, getting pfSense up and providing internet to he house, including finding the parts to put together, was about 45 minutes.

BTW, I just ran the speed test again while the network was slow and it 102Mb/s down. Up was still only 5.14Mb/s.

[pcdoc]

I am jealous of your internet performance. I have speed envy.

[pcdoc]

Because of you, I just got off the phone with Time Warner and upgraded my internet connection. Can't get the 100/5 so I have to settle for 50/5 but at least I don't feel as bad.

[jmwills]

You two need to get out more often!

[geek-accountant]

Nice to hear I caused you to spend money this time around pcdoc, because up to now it's been the other way around. The 100 down is really a good bit more than I need. What I wish they would do is raise the 5 to 20 or even 10. I need more upload speed!

jmwills, I do get out. Every day I have to drive into work and then drive home.

[jmwills]

You sound like me. I've had 100 down before and honestly it is a waste but the 60 up was wonderful.

As soon as we get moved into the new house, a think a setup like yours is on order, or at least an ISA TMG.

[ikon]

The 100 down is really a good bit more than I need. What I wish they would do is raise the 5 to 20 or even 10. I need more upload speed!

Hah! The best I can get from my ISP is 1 Up - I only wish I could get 5.

[jmwills]

I just wish they would quit blocking Port 25. I promise I will not spam anyone.

[ikon]

I just wish they would quit blocking Port 25. I promise I will not spam anyone.

I'm just using the alternate (port 565??) on my email server.

[jmwills]

Yea, you're using some alternate to Exchange, right?

[ikon]

Yea, you're using some alternate to Exchange, right?

yes. I use Ability Mail from CodeCrafters.

[pcdoc]

Nice to hear I caused you to spend money this time around pcdoc, because up to now it's been the other way around. The 100 down is really a good bit more than I need. What I wish they would do is raise the 5 to 20 or even 10. I need more upload speed!

jmwills, I do get out. Every day I have to drive into work and then drive home.

I actually am happy that I got it. Took a bit to get running as Time Warner forces you into using there modem/router combo and had to figure out how to kill the wireless and turn the router into bridge mode. All is well.

You two need to get out more often!


We all do since we are on this forum all the time..

[KrisseZ]

geek-accountant have you played around with pfSense 2.0.1 and it's traffic shaping? I tried it for a bit yesterday, but it's function logic was a bit obscure for my tastes. I was wondering if you'd have some experience and be able to give some quick tips or perhaps a proper guide? With a good connection a good QoS makes the life a whole lot easier and there might be quite a few on the forums who might be interested in how to setup QoS with pfSense properly.

[geek-accountant]

I have not used 2.0.1 yet. I am still running 1.2.3 (well 1.2.2 right now). In 1.2.3, I created Alaises groups and put every computer in a group. I then used those groups when setting up the QoS. I went through the wizard and let it create the QoS groups. The key I found was to only use QoS groups created through the Wizard function. So i created some that I knew I didn't need and then just edited them afterwards to be how I wanted. Does that makes sense? For example, I might create a QoS group for file sharing and then later edited it to be for the Alaises I created for my kids computers.

The reason for only using groups set up through the wizard is that some of the reporting does not work right with groups you set up yourself.

How good did this work? Well, I was able to saturate the connection (back when we only had 25/down) and play Call of Duty on the Xbox360 without any noticeable lag. I could look at the Queues reporting and see packets being dropped in the lower queues, which is what you want.

I may be loading 2.x later today as I rebuild the Super Router.

[KrisseZ]

Hmm. 2.0.1 uses something called queues and I also ran the setup but that was pretty weird. It created floating firewall rules and in someway linked them to the queues in question, might have been a case sensitive name matching which would suck quite big time. Oh and FYI in case you happen to need them 2.0.1 has its VPN things a bit broken. For example PPTP for newer windowses than XP won't work. Also IPsec "road warrior" configs are very buggy atm.

I might consider creating a post about the 2.0.1 traffic shaping / QoS if I manage to shed some light on it.

[krom]

@PCdoc is that "Wideband" from TWC that you moved to? I've been hemming and hawing over that for tha past few months that it's been available to me. But the cost is nearly double of what I pay now. $99 vs. $55. If it is then maybe you can post what you had to do to get their junk to bridge mode.

[geek-accountant]

Yes, traffic shaping creates rules to move the traffic into the queues. The queues then determine who gets dropped when the bandwidth is saturated. That's how it worked in v1.2.3 also. The queues is whats doing the QoS.

[pcdoc]

@PCdoc is that "Wideband" from TWC that you moved to? I've been hemming and hawing over that for tha past few months that it's been available to me. But the cost is nearly double of what I pay now. $99 vs. $55. If it is then maybe you can post what you had to do to get their junk to bridge mode.

Yes it is considered wideband. It is $99 but so far it is worth it. To kill the wiresless and put the modem into bridge mode is very easy. Just plug into in a stand alone system or laptop, go into the config, go into the settings, find "RG Passthrough" Set that to Enabled. Done. You probably know this but they will not tell you this. They want you to leave it alone. BTW, the device (as a modem) is not bad. I got a Motorola SBG 6580 which was the router version of the one I had purchased a couple of years ago. They will not upgrade customer hardware even if you have a DOCSIS 3 already.

[yodafett]

Guess I will continue with my 60/35 fios connection. On the plus side my 5505 asa is rocking along.

[jmwills]

Continue on!