I do use a different IP network on my LAN though, so there’s no possibility of conflict in that regard. Also, I just now verified that even though the BGW gateway uses an RFC1918 management address you don’t have to clear the pfsense interface option to block incoming Private Address traffic because when you access the BGW all the traffic coming back is return traffic so pfsense recognizes it as part of an existing connection and forwards it appropriately. My pfsense WAN gets a public address, and I can still access the BGW320-500 gateway via its 192.168.1.254 address - no static routing needed, since the default route pfsense gets as part of the WAN DHCP process takes care of that. I have this exact same setup and what you’ve done is pretty much what I’ve done, but I didn’t manually assign a specific MAC address as part of the process since I was migrating from my old Cisco ASA 5506 firewall to a new pfsense box. Unless you have a large network (enterprise, not home) this only really applies to traffic leaving your network. You can manage QoS from pfSense too but just keep in mind that it isnt going to give you more bandwidth, it’s just going to prioritize what drops first when the pipe is full which is less of a problem the more bandwidth you have. In regard to QoS, sometimes it’s really easy to hit a couple of buttons to optimize your connection (you will mostly want to prioritize real time voice and video traffic) but if not dont worry about it. While you are in your ISP device it would be a good idea to make sure uPnP is turned off, remote administration is turned off, and NTP is turned on, then take a long look at QoS. That should be all you need to do but these things vary a lot and sometimes you need to add a static route in pfSense to access the ISP device from your pfSense network. This puts pfSense outside of the firewall but leaves the firewall on to protect the ISP device (very important!). You simply make sure pfSense is plugged into the LAN of the ISP device then go into the ISP device settings and enable the DMZ and add pfSense to the DMZ (usually by means of a something like a dropdown list of clients). You will usually find this somewhere near the firewall or advanced firewall settings inthe ISP device. Lots of other third-party software is available, as well.Many of these ISP devices have the capability of creating a DMZ. Many folks using AirPort Base Stations and other similar technology are sophisticated enough to do many basic troubleshooting steps themselves, and Mac OS X comes with built-in diagnostic tools like Network Utility which can help users establish where the most likely problems are coming from when their Internet access goes down. How much of a problem is that? It depends on your own self-sufficiency. If you’re using NAT and your Internet connection goes down, you’ll likely need to disconnect it and hook your Mac up straight to the cable modem before AT&T Broadband’s tech support crew will be willing to help you troubleshoot. Johnson said that AT&T Broadband isn’t actively restricting NAT access on its networks, but all the same, don’t expect the company’s tech support staff to assist you. Johnson said that sharing cable modem access between domiciles is the same as sharing cable television access between domiciles - not only is it against the company’s terms of service, but it’s a violation of federal law. “We consider this cable theft,” said AT&T Broadband spokesman Andrew Johnson during an interview with MacCentral. Specifically, with the advent of wireless networking, it’s become possible for one broadband Internet access customer to share his connection with neighbors, especially in apartment buildings and condominium dwellings where the 802.11b wireless networking standard’s limited range is not an issue.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |