pfsense vs ????

AnIgnorantPerson

Limp Gawd
Joined
Jan 10, 2019
Messages
207
there was a high-quality router that was like PFsense that you could buy. I am having a brainfart on what the router was called.

Blue? or something? It beat the Netgear and it was super high end. If you were not building a pf sense this was what you wanted to buy.
 
Untangle
Monowall
Smoothwall
Sophos
IPCop
pfSense
iptables

There was Blue Coat, but Symantec acquired them.

The list can go on pretty long because Linux is everywhere and people have been open sourcing this stuff for a very long time.
 
Ebay, Cisco 4948E there under $200 now. I run one bought it few years ago at $1000. Not a single issue. Tho don't expect it to be quiet.
If you need quiet MikroTik CRS305-1G-4S+IN is where it's at.

As for router, I run a Cisco ASA 5515-X (I like anyconnect & have two internet connections, 1000/1000 + 400/25) I wouldn't suggest that to someone without good networking/Cisco background tho.
 
You might have had a bad luck with the mikrotik unit. You may consider it to be the same make, maybe another model?
 
Last edited:
You after a router or a firewall? Different gizmos although routers can usually do some firewall tasks and firewalls often include some routing ability.
 
You after a router or a firewall? Different gizmos although routers can usually do some firewall tasks and firewalls often include some routing ability.
just need a switch.

I had the CRS226-24G-2S+IN but I am having these weird connections issues. Like everything connected to the switch gets these random messed up IPs. If i do a shutdown and restart and renew all IPs it works but then it messes up again. I have it as only a switch and my R7000 assigns IP.

I did a firmware update but that didnt help. It is really weird. It shouldn't do anything with IPs but the mikrotik and everything connected to it gets these weird IPs that make no sense.

I went back to my Netgear prosafe or whatever switch and everything is fine.

TThat 4 port looks decent but I need something so the server can feed out 1GbE to like 4-8 1GbE systems and also have main system to server at 10GbE, which is why the CRS226 was ideal but the weird IP issues I have no idea why or how it happens. It was working grand for like 1 year then just started doing that weird IP thing.


This?
https://www.ebay.com/itm/Cisco-Cata...AOSwo4VcTza5:sc:FedExHomeDelivery!60134!US!-1
 
As an eBay Associate, HardForum may earn from qualifying purchases.
I had the CRS226-24G-2S+IN but I am having these weird connections issues. Like everything connected to the switch gets these random messed up IPs. If i do a shutdown and restart and renew all IPs it works but then it messes up again. I have it as only a switch and my R7000 assigns IP.
Sounds like DHCP Server is going down or deciding to no longer supply IPs. If devices ask for DHCP server and there isnt one or they cant get to it on the network then they give themselves an automatic private IP in the range of 169.254.x.x,, which is an automatic private subnet indicated there is a network issue.
 

You should get one with a power supply, actually they have dual power supplies, so it should have two (tho I think it only needs one).
This seller seems to have a bunch under $200:
https://www.ebay.com/itm/Cisco-Cata...gabit-Switch-4-x-10G-SFP-Dual-AC/263285654166

Also I ran across this:
https://www.ebay.com/itm/Cisco-N3K-...-4-10G-Switch-REVS-Airflow-2x-AC/292931766986
These are newer & louder, and more difficult to configure (these won't work with a blank config, where the 4948e will) but their design makes them faster. Geek in me would rather buy the nexus, but for someone just getting into Cisco, 4948e is very simple to use. I use a Nexus 3064-X at work, had to call Cisco to help me get it working right (MTU issues right out of the box on a standard 1500 subnet!) so umm ya.

-edit-
Re-checked that link you posted, it was an item that ended and ebay sent me to a "similar" item, which was the correct silver color switch with missing PSU. I clicked the link to view orig item, and its the green one. The green ones are much older and don't have 10gbit SFP+ (fiber / twinax) ports.

Here's a pic of mine in operation, pic is dated 3/31/15 almost 4 years now, no issues.
3b.jpg
 
Last edited:
As an eBay Associate, HardForum may earn from qualifying purchases.
Sounds like DHCP Server is going down or deciding to no longer supply IPs. If devices ask for DHCP server and there isnt one or they cant get to it on the network then they give themselves an automatic private IP in the range of 169.254.x.x,, which is an automatic private subnet indicated there is a network issue.
what do you mean? Do you think it's my R7000? Since switching back to the old Netgear Pro 1GbE switch I have had zero issues. The mikrotik was giving itself a weird IP and bricking everything that was connected to it.

If you want I can go back and replug it in and get better details. It was like a month or 2 ago that it started to happen so i dont recall the specifics.

I just recall it giving itself a weird IP and the IP form its LCD screen wasn't accurate. IIRC like the LCD had what i wanted it to be but my PC and server saw it as a weird funky IP. I also tried a firmware update and several reboots and it would glitch out in like 2 mins when it used to work for like 15 before glitching. I also tried connecting with to it outside of my normal network for trouble shooting. I was using my laptop and it separately and it was still being weird.


If you got some ideas I am all ears and willing to try somethings.


This is way off topic. I can make a new thread but...I kinda just view making another thread as making clutter :D

You should get one with a power supply, actually they have dual power supplies, so it should have two (tho I think it only needs one).
This seller seems to have a bunch under $200:
https://www.ebay.com/itm/Cisco-Cata...gabit-Switch-4-x-10G-SFP-Dual-AC/263285654166

Also I ran across this:
https://www.ebay.com/itm/Cisco-N3K-...-4-10G-Switch-REVS-Airflow-2x-AC/292931766986
These are newer & louder, and more difficult to configure (these won't work with a blank config, where the 4948e will) but their design makes them faster. Geek in me would rather buy the nexus, but for someone just getting into Cisco, 4948e is very simple to use. I use a Nexus 3064-X at work, had to call Cisco to help me get it working right (MTU issues right out of the box on a standard 1500 subnet!) so umm ya.

-edit-
Re-checked that link you posted, it was an item that ended and ebay sent me to a "similar" item, which was the correct silver color switch with missing PSU. I clicked the link to view orig item, and its the green one. The green ones are much older and don't have 10gbit SFP+ (fiber / twinax) ports.

Here's a pic of mine in operation, pic is dated 3/31/15 almost 4 years now, no issues.
View attachment 139927

nice and I see a norco there too. I have 1 of those now.
 
As an eBay Associate, HardForum may earn from qualifying purchases.
To your current issue with DHCP, It could be an ARP issue. If that switch that has the issue has a console where you can show ARP list, I bet every IP is heading to a single MAC which in reality isn't a DHCP issue but a IP conflict issue (I've seen this before with a bad NAT config on Cisco, but never on soho gear).

Sold the Norco later that year... Now using a Dell T630, 18 bays for all my storage. I wanted iDrac out of band notifications. Much more reliable.
 
To your current issue with DHCP, It could be an ARP issue. If that switch that has the issue has a console where you can show ARP list, I bet every IP is heading to a single MAC which in reality isn't a DHCP issue but a IP conflict issue (I've seen this before with a bad NAT config on Cisco, but never on soho gear).
so is it fixable? Why would that happen with the mikrotik but not the netgear?
 
Them good questions, but without consoling into the device (if it has one) its hard to figure out the issue... maybe wireshark, but I don't know how to read that shit. ArpX is neat software too, tho dunno if that will help. I'm a Cisco guy and just sayin what I saw on Cisco once. In that specific case it was an ASA with NAT (any,any) command causing it, and it had a nice delayed to it as well (which was actually due to a network scanner).
Could be a bug (or exploit), example: https://cxsecurity.com/issue/WLB-2017030029
 
Them good questions, but without consoling into the device (if it has one) its hard to figure out the issue... maybe wireshark, but I don't know how to read that shit. ArpX is neat software too, tho dunno if that will help. I'm a Cisco guy and just sayin what I saw on Cisco once. In that specific case it was an ASA with NAT (any,any) command causing it, and it had a nice delayed to it as well (which was actually due to a network scanner).
Could be a bug (or exploit), example: https://cxsecurity.com/issue/WLB-2017030029
I guess when I get some time i'll rehook it up and make a post. If that fails i'll snag one of the routers above you mentioned
 
UniFi is home networking and is gigabit speed. The XG16 is a high end enterprise router with 16 cores and all 10gb network ports.

No the XG16 unifi version is full 10gbit as well and is not for home, although you can use it at home.
the XG16 in both Edge and Unifi models do not have 16 cores processors. They have mips processors which are not 16 cores, probably 2 at most, maybe even 1. It doesn't take a lot of cpu power to run a layer 2 device even at 10gig .

They both have 16 ports, 8 of which are SFP+ and 4 of which are Ethernet. All ports are 10Gbit capable.

My question is why is the Edge so much more than the Unifi.

Both are made for the enterprise. But there is nothing that says you can't use them at home.

I am thinking that Ubnt is charging extra for the Edge because it has built in CLI and doesn't rely on the unifi central management suite.

Enigma, something tells me you may have been crossing ideas with the USG-16XG which is an 8 port Firewall that has a Mips 16 core Processor @ 1.8ghz per core and that is a true router, layer3 device.

The Ubiquiti switches are layer 2 only that I am aware of.

All good.. Unifi uses too close of a naming convention across their eco system.
 
Ya I got it confused with the router model. Didnt realize Ubiquiti released switch models already. The routers are also XG's in the name.
 
Ya I got it confused with the router model. Didnt realize Ubiquiti released switch models already. The routers are also XG's in the name.

Yeah I posted all that, not to refute what you were saying or argue or show disrespect. I did it more or less incase some one else was reading and may have gotten confused and made an error purchase. That is one nice firewall I agree. But at the cost of 2000+ dollars wowsers not worth it for almost any home user unless they have some serious cash to blow. If it were say $1000 I would buy it because of the value of getting a fast firewall with a really fast switch but they are charging way too much imo.

I could build a DREAM pFsense Overkill router that would devour anything that XG16 can do, still have a Unifi 16 port 10gig switch and still have money left over.
 
Yeah I posted all that, not to refute what you were saying or argue or show disrespect. I did it more or less incase some one else was reading and may have gotten confused and made an error purchase. That is one nice firewall I agree. But at the cost of 2000+ dollars wowsers not worth it for almost any home user unless they have some serious cash to blow. If it were say $1000 I would buy it because of the value of getting a fast firewall with a really fast switch but they are charging way too much imo.

I could build a DREAM pFsense Overkill router that would devour anything that XG16 can do, still have a Unifi 16 port 10gig switch and still have money left over.
is there a retard guide and if there was....how long would it take for someone who is new and slow at this to repurpose an old rig for this?
 
It's hard sometimes to remember there are newbs out there and adjust responses, I've been doing firewalls since iptables days.

I'd google terms like "home network security for beginners" (or dummies if that doesn't offend). There are lot's of resources out there to get you to the basics, then look at reviews of equipment. A good resource is "Network World", it's still on-line, it's oriented more to network pros, but it has informative articles. It used to be one of those free weekly magazines who sold your name to mailing lists, it's was a pretty good source of information, haven't looked at it for a while, going to have to start looking at it again to see how it is now that it's online.
 
It's hard sometimes to remember there are newbs out there and adjust responses, I've been doing firewalls since iptables days.

I'd google terms like "home network security for beginners" (or dummies if that doesn't offend). There are lot's of resources out there to get you to the basics, then look at reviews of equipment. A good resource is "Network World", it's still on-line, it's oriented more to network pros, but it has informative articles. It used to be one of those free weekly magazines who sold your name to mailing lists, it's was a pretty good source of information, haven't looked at it for a while, going to have to start looking at it again to see how it is now that it's online.
no one has done a decent pfsense guide?
 
I don't know, I use an edgerouter myself (and before that a cisco firewall) at home, you might try their (ubnt) forums for a setup guide from their techs.
 
is there a retard guide and if there was....how long would it take for someone who is new and slow at this to repurpose an old rig for this?

There is a ton of documentation out there and if you start a new thread and ask how to build and setup a pfsense you'll get alot of replies.

A core I3 as long as a newer model with AES-ni and 8gb of ram will absolutely blaze as a firewall CPU.

You need 2 network cards. 1 for wan 1 for lan. Imo pfsense routing on a stick is horrible.

I recommend a 128GB ssd if you want to squid cache large files (super optional).

Download and install PFsense
Install a plugin called PFBlocker for spam/IPS filtering.

Have fun with an incredible piece of software that should cost $500 minimum but is free.

Remember even a router with dedicated ASICs etc... for encryption etc... is in many cases is not as powerful as a dual or quad core modern desktop CPU with all of its hardware extension already in the CPU.

I even ran my pfsense in a freenas bhyve VM on a 7 year old Xeon SandyBridge quad core and it absolutely hauled ass.

Ecc is not needed because any data committed to ram gets uncommitted just as fast due to the nature of packet data moving to and fro.
 
Last edited:
Back
Top