The connection limit you're seeing is based on the number of states the device can track and perform NAT against. You could try bonding multiple 1gbps interfaces, assuming you have a suitable switch. To get more than 1gbps throughput you will need 2 physical WAN interfaces, and a 2.5gbps or faster LAN interface. The firewall itself is quite low powered has a small SSD and not much RAM, perfectly adequate for a firewall but i'd not run a plex server or torrent seed on it. You can continue using your NUC alongside a separate firewall btw - no need to replace it, for instance i have a couple of NUC-like devices and a separate dedicated firewall.
Having 10gbps interfaces is a significant price increase so while it's obviously preferable to have, the cost might not be worth it. If you want more than 1gbps on a single firewall you can either bond multiple ports or use 2.5gbps ethernet for the inside interface. If you want 10gbps, practically you'll need a device with PCIe slots. With a pfsense firewall on relatively modern equipment you shouldn't have much trouble.
Torrenting also creates a lot of simultaneous connections, this causes a lot of strain on a NAT gateway and will overload some lower end routers. Lots of users have CGNAT IPv4 and full routed IPv6 so proper p2p will only function over IPv6 for such users. It's beneficial to use IPv6 as there are MANY users out there who are only able to receive inbound connections via IPv6. NAT causes problems with p2p protocols like bittorrent - not just for you (eg your client must be aware of the external address to announce it to the tracker, and you have to forward a port back), but also for your remote peers (the other peers might not have the capability to forward ports etc). Outbound connections won't work if the remote peer is unable to receive inbound connections (many users like this due to widespread NAT/CGNAT). To get around that you can actually run 2 seeding instances with on on each line, connected to a shared backend pool of data.įor outbound connections, the firewall might load balance the two connections *BUT* the peers might reject the connection if they come from a different address than what the tracker has. Torrent seeding won't really make use of the two connections because it will only announce one address to the tracker for inbound connections.
Click to expand.You can load balance two different connections, you can weight it so more traffic goes down the faster one.
0 kommentar(er)
