Skip to main content

pfSense 1.2.2 Success

I have been looking at open source firewall/router solutions for a while, and my list of requirements has been pretty steep.  In particular, any solution I give a recommendation to would need to support WAN load balancing and SIP (for VOIP phones).  I also recently added dynamic DNS to that list.

Today I am pleased to say that I have a working solution using pfSense 1.2.2 (  I had done a comparison between pfsense and vyatta a while back, and found issues with both that prevented it from being a solution I can recommend.<more/>pfSense requires a PC (any pentium 4 older desktop will do, maybe even a Pentium 3), a few network cards (add as many as you have network zones), and either a hard drive or a flash drive (i am using a USB flash drive).

Download the live CD, go through the wizard and configure each of your ethernet cards, and then install it to your drive.  Reboot and now you have a web-based config utility to do most of what you need.

Everything went very smoothly, save the configuration for SIP.  Per documentation on pfSense's site, I installed siproxd (a proxy package designed to overcome an issue where only one VOIP device can live behind the firewall due to how packets are written).  This is a relatively new package (in terms of stability and exposure), and so there were some hickups.

First of all, pfSense configures NAT (network address translation) automatically, and part of that for some reason handles port 5060 (SIP) different than other ports.  I found a post where a user manually added a NAT rule for SIP which involved manually logging in and editing the configuration file for the router.  Not for the weak-of-heart at all, but an easy change.  Reference:,12830.0.html

When the router was rebooted, everything came online and all our SIP phones work great behind the firewall.

Overall I am pleased with the relative short timeframe required to get pfSense up and running.  It performs great, supports what I need, and is open source making it hard to beat.

Popular posts from this blog

Installing python 3.4.x on OSX El Capitan

I love "brew" package manager, but sometimes being too progressive breaks things.  I have several python apps that I maintain that get deployed to AWS using Elastic Beanstalk.  AWS eb can deploy with python 2.7 or 3.4.  Any recent 'brew install python3" will get 3.5.1. #annoying

Making Macbook Air with 128GB SSD usable with Bootcamp

I recently got a new Macbook Air 11" (the 2012 version) and loaded it with goodies like 8GB ram and 2GHz Core i7.  What I DIDN'T upgrade was the internal SSD.  My config came with 128GB SSD and I refused to pay $300+ to upgrade it to 256GB.  Yeah I know, some call me cheap, but SSds cost $75-$150 for 240GB, so adding another 128GB for $300 seemed way too steep for me.  I figured "ok, I'm going to make 128G work!"

Here is the story of how that went...

Election day plus 1: Social Media Nightmare

It is election day plus 1, and a very emotional day with no way to win for many.

Social media was a force to be reckoned with this election year.  No matter what position you take, the world is ready to pounce on you and tell you why YOU are evil, intolerant or a deplorable -- and the reason for all their woes.  This isn't a new problem, though...  All of the liberal vs conservative issues are causing rifts between otherwise civil people, and it seems to be the worst on Facebook and twitter.

If I say I am for Hillary:
i am part of the "corrupt system."

If I say I am against Hillary:
I am stupid and uneducated

If I say I am for Trump:
I am against women,
I am religiously intolerant,
I am a bigot

If I say I am against Trump:
I am against the 2nd amendment,
I don't have any idea how government works,
I am part of the problem with American society,
I am against the police

Stay with me now, this isn't meant to make people angry, but it is mean to shine some light on a social …