Anyone ever used pfSense

Discussion in 'Linux & BSD' started by Dark Atheist, Feb 27, 2008.

  1. Dark Atheist

    Dark Atheist Moderator Political User Folding Team

    Messages:
    6,376
    Location:
    In The Void
    http://blog.pfsense.org - it sounds good but is pf on its own good enough and is this just a gui for that? i have read the site but im not too clear on the subject (like most things to do with bsd)
     
  2. LordOfLA

    LordOfLA Godlike!

    Messages:
    7,027
    Location:
    Maidenhead, Berkshire, UK
    using it at home :) it's carrier grade :)
     
  3. canadian_divx

    canadian_divx Canadian_divx

    what is the performance on your system with it running if i may ask.

    i was trying one called untangle. nice reporting but heavy to run. and it took about 200K from my torrent speeds.
     
  4. X-Istence

    X-Istence * Political User

    Messages:
    6,498
    Location:
    USA
    What do you mean "took about 200K from my torrent speeds"

    That is ambiguous. Torrents are not a good measurement in any way shape or form. How do you know it is the firewall you are running and not because there are less peers on the torrents now?

    That being said, pfSense is a very cool project, I personally run just standard FreeBSD 6.2 right now as my gateway/firewall, with a very simple script, I will definitely be checking out pfSense in the near future.

    It provides a web interface to do a lot of the configuration, with the proven reliability and speed of FreeBSD 6.x and OpenBSD's pf.
     
  5. Dark Atheist

    Dark Atheist Moderator Political User Folding Team

    Messages:
    6,376
    Location:
    In The Void
    guess it means i should give it a look over then :)
     
  6. canadian_divx

    canadian_divx Canadian_divx

    the Untangle software had issues with a large number of connections. when downloading a stedy torrent. with the firewall up i would max out at 500, with it bypassed i would get a little over 700. but it has crashed now LOL. so when i get home i will be reloading it with something. might as well try pfsence.
     
  7. LordOfLA

    LordOfLA Godlike!

    Messages:
    7,027
    Location:
    Maidenhead, Berkshire, UK
    pfsense is basically FreeBSD 6.2 using the PF packet filter and a lightweight php frontend. It's not very far off carrier grade routing :) All it lacks is long-distance fibre transceivers :)
     
  8. X-Istence

    X-Istence * Political User

    Messages:
    6,498
    Location:
    USA
    Experimental support for FreeBSD 7.0 is on the way! They already support some of the 10 Gbps second cards that are available.

    canadian_divx: I run FreeBSD 6.2 with PF and currently have about 640 active states. This is a home network with 7 people using it 24/7. There have been times when we have had over 3000 active states.

    A state in this regard is what the firewall sees as an open connection that has not been closed with a RST packet.
     
  9. LordOfLA

    LordOfLA Godlike!

    Messages:
    7,027
    Location:
    Maidenhead, Berkshire, UK
    We use 3000km fibre transceivers in our Juniper M20/M40's
     
  10. LordOfLA

    LordOfLA Godlike!

    Messages:
    7,027
    Location:
    Maidenhead, Berkshire, UK
    Just an update to this.

    Now that my servers are no longer colocated I converted one into a safer (ie in a case) and quieter router based on smoothwall. I'm now getting the full speed of my cable broadband. Seems pfSense was slowing things down somewhere.
     
  11. X-Istence

    X-Istence * Political User

    Messages:
    6,498
    Location:
    USA
    Hmm, that is weird. I know people that run it on GigBit connections and are able to fully saturate it between two endpoints. Is the hardware the same for both of them? How about the settings? Was one doing traffic shaping while the other was not?
     
  12. LordOfLA

    LordOfLA Godlike!

    Messages:
    7,027
    Location:
    Maidenhead, Berkshire, UK
    Pfsense was running on a p3 1000,512mb ram, dual intel nics. No shaping
    Smoothwall is running on first gen pentium 4 celeron 1.7, the 512mb ram from the p3, intel and 3com nic.

    Stuff is definately flowing through smoothwall faster than pfsense, which really suprises me.

    I would do some testing if it wasn't too much hassle to see where the issue really is (such as did I configure pfsense wrong, etc) but smoothie is working faster for me so I'll leave it at that until I'm sorted out in scotland.
     
  13. X-Istence

    X-Istence * Political User

    Messages:
    6,498
    Location:
    USA
    I'd be interested in seeing where the performance issue is.