Just to report back in...100% Success! I now have a guest network limited to 3Mb down and 300Kb up.
Short story of what happened: 1.) VM -In Proxmox, created a new virtual bridge and slaved eth1 to it -created a new VM in Proxmox then , after it was created added a second NIC attached to vmbr1 -installed pfSense (full install from live CD, found here<http://www.pfsense.org/index.php@option=com_content&task=view&id=43&Itemid=44.html> ) 2.) Wireless AP -Got D-Link dir-615(version E3) from NewEgg (only $19.99!) -Installed dd-wrt through the D-Link web Interface (pretty easy!) -Instructions (from dd-wrt<http://www.dd-wrt.com/wiki/index.php/D-Link_DIR-615_rev_E3>) included editing the end of the ddwrt .bin file to match the vendor "Magic Hardware code". Turns out the .bin I downloaded already had the correct code there. Bonus! -Turned off DHCP and set static ip on the AP to 10.10.10.2 3.) pfSense VM -This took the most time. The order of operations was a bit more important that I thought... The Web interface to control the pfSense box gets assigned to the LAN interface. I was trying to configure everything from the network that the WAN NIC was connected to. Once I recognized this the following steps were successful. By the way, having direct access to the "desktop" of the pfSense VM made this process much quicker. -Installed pfSense. I configured the WAN interface to the 192.168.x.x network that currently exists. -Then added LAN interface. pfSense automatically assigns this interface to 192.168.1.1. I changed that to 10.10.10.1/16. At this point I can reach the pfSense "Desktop" through the proxmox web console, but the pfSense is only reachable at 10.10.10.1 in a browser. -So I fired up another laptop and attached it to the 10.10.X.X network and assigned it a static ip of 10.10.10.10 and pointed the browser to 10.10.10.1 -Then turned on the DHCP server for the 10.10.X.X network. This plus the wireless SSID and WPA2 setup took about 4 hours on Thursday. Like I said, most of the fiddling around was finding my around the pfSense configuration after install. 4.) Limiting the Bandwidth -got instructions here: youTube<https://www.youtube.com/watch?v=Usi195rK35I> -Followed them almost exactly. I just applied the limiting rule to the entire 10.10.x.x/16 network instead of a single IP -this took 10 minutes tops (just woke up!) Special thanks to Matthias for suggesting pfSense! Later, Al On Wed, Jul 17, 2013 at 6:33 PM, Chris Knadle <[email protected]>wrote: > On Wednesday, July 17, 2013 17:00:16 Alan Jachimiak wrote: > ... > > But as I take a look around (googling "pfsense vs untangled" and "pfsense > > vs clearos") It seems that there are a couple things people agree on: > > > > - untangled is bloated > > - untangled requires more Hardware resources > > In Untangle the main administration program (that you have to use) is a big > slow quirky Java GUI. There is an occasional Java GUI that performs well, > but > this isn't one of them. > > > - ClearOS has too much eye candy > > - A bunch of ClearOS users jumped ship to pfsense (and are now > > satisfied) after a recent release. > > > > I'm okay sacrificing a *some* resources for good looks, but pfsense only > * > > suggests* <512MB RAM for some isolated use cases. That sounds pretty > > efficient to me. So, I'm going to bite the bullet and give pfSense a > try. > > (pfsense.org) My current FreeNas based on FreeBSD has been OK to deal > > with so, I think I've got a fighting chance. > > I have a friend that decided to run pfSense on an Alix 2d3 (essentially the > same exact hardware that I'm running for my firewalls) and he seems to be > happy. I loaded pfSense briefly on my Alix 2c3 to see what it has in > comparison to Debian -- the main benefit is a web administration panel > AFAIK. > _For me_ Debian worked out better, but I tend to do a lot of administration > via command line over ssh rather than web GUIs. > > On Wednesday, July 17, 2013 17:48:02 Allen wrote: > > I'm okay sacrificing a /some/ resources for good looks, but pfsense only > > /suggests/ <512MB RAM for some isolated use cases. That sounds pretty > > efficient to me. So, I'm going to bite the bullet and give pfSense a > try. > > (pfsense.org[1]) My current FreeNas based on FreeBSD has been OK to > > deal with so, I think I've got a fighting chance. > > The Alix 2d3 box my friend runs pfSense on has 256 MB of RAM onboard. > Should > work fine. > > > I'm dissatisfied with the firewall in my Westell 6100 DSL modem/router > and > > have thought about alternatives including pfsense. > > > > ISTM that a valuable Linux skill to possess is to be able to specify > custom > > firewall rules in the native firewall language (as opposed to using a > > firewall GUI front-end). For Linux, this language is iptables. IMO, > > iptables has a steep learning curve. Nevertheless, IMO the learning > > investment in iptables is worthwhile. pfsense uses its own firewall > > language. So this would just add to an already *huge* Linux learning > burden > > (iptables plus *tons* of other stuff). > > > > I'd be interested if anyone has any counterarguments to this. > > Basically (IMHO) you want to understand iptables "natively" if you can help > it. Some of the GUIs around iptables rules can be nice, but they tend to > go > out of support after a while, or iptables gets new functionality that the > GUI > doesn't know how to handle. I started off using a GUI for making iptables > firewall rules, but now I'm doing iptables rules "by hand". > > -- Chris > > -- > Chris Knadle > [email protected] > _______________________________________________ > Mid-Hudson Valley Linux Users Group http://mhvlug.org > http://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug > > Upcoming Meetings (6pm - 8pm) Vassar College > Aug 7 - Scripting Your World with Python > Sep 4 - NoSQL and MongoDB > Oct 2 - OpenFlow: Open Standard for Networking Hardware >
_______________________________________________ Mid-Hudson Valley Linux Users Group http://mhvlug.org http://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug Upcoming Meetings (6pm - 8pm) Vassar College Aug 7 - Scripting Your World with Python Sep 4 - NoSQL and MongoDB Oct 2 - OpenFlow: Open Standard for Networking Hardware
