Greetings, I'm migrating away from an Astaro Security Linux firewall for our network. The Astaro firewall has worked well, but we are having hardware failures and the lean format of the PfSense product intrigued me.
I've used Monowall before, so I'm not unfamiliar with the basic operation of PfSense. My question is this: I've got the firewall configured with 3 interfaces plus the LAN, so 4 in all. The WAN is where all traffic comes in on, but we also have 2 subnets on a different IP block, one used for VOIP and the other for a proprietary accounting system. We connected and tested the firewall and everything worked. All of my rules from the Astaro box had been manually input and everything was working. The only problem I had was that the ssh to the proprietary accounting box returned the login immediately, followed by the password, and then it sat for 2 minutes or more before it returned screens. I noticed on the Astaro box, that there was a DNS proxy in place for this machine, I assume because it had the same issue. I do have identd being rejected to that server, but have tried dropping it and also allowing it through with no change. I believe the issue is DNS related, as when I finally am able to get ssh'ed into the proprietary accounting box, I'm not able to nslookup the ip of the firewall (I can do this and return the reverse when the old firewall is in place). My configuration as far as DNS goes has the following: General System has dns servers entered, but also the check mark to allow DNS server lis to be overridden by DHCP/PPP on WAN. (I'm planning on unchecking this before our next deployment) DNS forwarder is enabled, but with no special settings otherwise. Any ideas before I deploy again would be appreciated. Thanks, -- Steven G. Spencer, Network Administrator KSC Corporate - The Kelly Supply Family of Companies Office 308-382-8764 Ext. 231 Mobile 308-380-7957 --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
