Menu
What's new
By:
Filters Better Search

Using pfSense with a L3 core switch

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

coxhaus said:
DNS forwarding will not work if you are running PfblockerNG. I think it requires unbound.
Click to expand...
It actually works even with forwarding I'm using it that way myself in fact. You need to put rules in place though regardless of having pfblocker enabled or not, to redirect DNS queries. Additionally IPv4/v6 and DNSBL DoT/DoH blocklists in pfBlocker also helps. Not perfect but works pretty well.

Redirecting Client DNS Requests | pfSense Documentation

docs.netgate.com docs.netgate.com
Just follow above example for DoT as well...

And I use this as well..

Blocking External Client DNS Queries | pfSense Documentation

docs.netgate.com docs.netgate.com

I'm sure more experienced ones here can correct any wrong info here...
 
I have not run PfblockerNG so I was just repeating what someone said. Good to know it works with DNS forwarding.
I am not sure what rules you are talking about as I just select DNS forwarding service in Pfsense and it works. DNS resolver needs to be disabled. I am just using port 53 for DNS forwarding.

PS
I do have firewall rules to pass QUAD9 and block port 53 and port 853
 
Last edited:
So, I have turned off hyperthreading in BIOS and I think my pfsense router is running smoother. My CPU usage has gone up a little from 3% to 5%.

Otherwise, I am just waiting for the next Pfsense release which should be out around the end of the month.

I have been thinking about buying an Intel 10g NIC X710-T2L. You need the L on the end for it to work from what I have read. Sounds like it is a low heat card for 10g. I would like to be able to plug into my 10g Cisco switch and plug into a 2.5 nBase-T modem.
 
coxhaus said:
So, I have turned off hyperthreading in BIOS and I think my pfsense router is running smoother. My CPU usage has gone up a little from 3% to 5%.
Click to expand...

That's a good move - the BSD community has never been major fans of Intel's Hyperthreading...
 
coxhaus said:
So, I have turned off hyperthreading in BIOS and I think my pfsense router is running smoother. My CPU usage has gone up a little from 3% to 5%.

Otherwise, I am just waiting for the next Pfsense release which should be out around the end of the month.

I have been thinking about buying an Intel 10g NIC X710-T2L. You need the L on the end for it to work from what I have read. Sounds like it is a low heat card for 10g. I would like to be able to plug into my 10g Cisco switch and plug into a 2.5 nBase-T modem.
Click to expand...

What made you look at that? I am pretty sure HT is also turned on but i never bothered looking into the effects of it, if any. I have an Intel X550-T2 in my pfSense box. That works perfectly fine.
 
Last edited:
ddaenen1 said:
What made you look at that? I am pretty sure HT is also turned on but i never bothered looking into the effects of it, if any. I have an Intel X550-T2 in my pfSense box. That works perfectly fine.
Click to expand...
Does your card link at 2.5g? I think the x710-T2L runs a little cooler and that is my reason for choosing it.
Has anybody run a x710-T2L?

I just remembered one day that I turned off hyperthreading many years ago when I was running Pfsense probably 2.0. It just popped into my head recently.

What I am seeing is it scrolls a big, long page faster. And I am using DNS forwarding right now because of the errors on unbound which will be fixed next release.
 
Last edited:
glens said:
Has /anybody of merit/?
Click to expand...

By disabling Hyperthreading, one can avoid a majority of the speculation vulns out there (Spectre, Meltdown, etc) - and consider the tasking/purpose for the pfSense (and derivatives), there's not much benefit in any case...

one might actually see benefits with regards to latency....

At least the sysctl to enable/disable is present in pfSense, so one can try either mode...
 
I just figured out that my Xeon E3-1220v2 doesn't support HT so i don't have to bother about that one.
 
ddaenen1 said:
I just figured out that my Xeon E3-1220v2 doesn't support HT so i don't have to bother about that one.
Click to expand...
Your processor has 4 hyperthreads and 4 cores. You should check your BIOS it may be turned off already.
Screenshot 2024-03-18.png
 
coxhaus said:
Looks like the new Pfsense 24.03 is now in RC so I would think we will see the new version soon.
Click to expand...
Curious to see if i will be forced to move to CE or can just upgrade my plus-version.
 
ddaenen1 said:
Curious to see if i will be forced to move to CE or can just upgrade my plus-version.
Click to expand...
I thought I read our + license is still going to be good for a year and then we expire. If you install CE you will still have the option to upgrade to + until our license expires. This is providing you don't change the hardware which will invalidate the license. No more free licenses as you have to pay.
 
I just upgraded to Pfsense 24.03. It seems to be working fine. It was a painless upgrade. It did what it was supposed to do and upgraded without issues. I think they did a fine job.
 
Now that I have upgraded and everything seems to be working. I switched today from DNS forwarding to DNS resolver.
 
You must log in or register to reply here.

Similar threads

Phantomski
Questions about VLAN support in 3006
Replies
5
Views
527
Tech9
Tech9
Maverick009
Looking at purchasing a new WiFi7 AP. Deciding on brand to go with.
2
Replies
23
Views
4K
Tech9
Tech9
D
VLAN Config Query using pfSense and Unifi
Replies
18
Views
2K
awediohead
A
Oyster1286
Help with Designing Network (noob)
Replies
17
Views
2K
tgl
T
H
Asus Network design
Replies
13
Views
2K
OzarkEdge
OzarkEdge
Similar threads
Thread starter Title Forum Replies Date
C Using 2 routers (no bridge), DDNS configuration not working Routers 3
B Long shot but worth a shot? WFH using CISCO phone audio delay 5-10 seconds Routers 1
C Pfsense wins awards Routers 34

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 774 (members: 39, guests: 735)
Top