Post your custom router/firewall setups

anything I don't mind · 26 Jun 2014 at 13:12

Recently upgraded my home pfsense box and wondering what everyone else uses for a home firewall/router and/or networking set up.

Current pfsense 2.1.4 spec.

Gigabyte GA-EX38-DS5
Core 2 duo 2.66ghz
4gb corsair dominator at 1066
60gb ocz ssd
D-Link DWA-556 Xtreme N wifi card.
Corsair 550w psu
Coolermaster 360 case

It is my old desktop pc, it is a bit ott for a firewall but rather use the old hardware than sell it for next to nothing.

Does anyone have a higher spec firewall?

TheKnat · 26 Jun 2014 at 13:38

I also use PFSense, but run it as a VM inside Hyper-V 2012. VM has 2 interfaces, one of which is connected to the Openreach infinity modem with the other interface being connected to the Hyper-V LAN.

Does the job nicely and will give me the ability to create a DMZ easily at some point in the future when I start playing with stuff again.

lamboman · 26 Jun 2014 at 16:24

m0n0wall running in a Fusion VM on the Mac mini below. 128MB RAM and 40MB storage for the VM. Only firewall, QoS, routing and NAT duties. The rest (DHCP, DNS, VPN) is done by OS X Server.

Mac mini has a second interface via a Thunderbolt Gigabit Ethernet adaptor.

Could be seen as pointless as I have an N66U, however the QoS with m0n0wall is far better than the Asus firmware, and running Tomato on the Asus results in terrible Wi-Fi. Also, moving to Plusnet 70/20 or whatever and want something that is stable when pushed hard.

Tried pfSense initially but had major problems with the QoS and after the first reboot the web UI would become unusably slow. It also offered far more than I'd ever need, and is more resource-intensive as a result.

anything I don't mind · 26 Jun 2014 at 19:41

I've been thinking of maybe trying to down clock the cpu and remove the fan on the hsf. I don't know if anyone has ever done that? The only noise generating part in the pc at the moment is the fan on the hsf. Apart from the psu but that rarely spins much. If i can down clock the cpu to way below its spec maybe i can get away with just having a heat sink, another option would be to downclock and turn the fan speed down to real low. At the moment its still overclocked to 3.2ghz and i am using the i5 intel stock cooler i got with my new cpu as my noctua i used in my previous desktop setup doesn't fit in the coolermaster case and is a bit ott. It currently runs at 60 degrees Celsius.

Rainmaker · 26 Jun 2014 at 23:47

pfSense 2.2 alpha. The latest alpha was needed to run a PCI-e card as a WAP, as the card isn't supported on earlier versions of BSD. Running on an old Dell Inspiron dekstop.

Intel Core2Duo E7200 @ 2.53GHz
2GB DDR2 RAM
200GB HDD
2x Intel Pro 1000PT NICs (WAN and LAN)
1x TP-Link TL-WDN4800 450Mbpc PCI-e card (WAP)

Running SNORT and IP as well as CPU frequency scaling. That's about it. I have VM's 150Mbps and run AirVPN over the network. I get full throughput without issue and now love pfSense.

anything I don't mind · 28 Jun 2014 at 13:01

I only just got the wifi card yesterday to be honest. I bought it from ebay/hong kong for £13 its used. pfsense 2.1.4 seems to detect the card ok and i can setup a wireless access point and i can connect to it. but it then fails to work. I remember reading something about the pci-e support when i was researching which wifi card to buy. I also read that there is no n support for freebsd which i thought was a shame as well. most pfsense guys said that you would be better off using a standalone wap rather than a card but i wanted to manage the wifi from pfsense and have it all in one.

edit: Actually i just got it working, i didn't open udp. Maybe they added support in 2.1.4?

edit2: i had it working then restarted and it came up with no carrier error on the interface. So i have put 2.2 alpha on there and so far its working great.

Oh Ed not again. · 23 Jul 2014 at 21:30

Setup as of next week will be:

Lenovo ThinkCentre
CPU downgraded to G1610
4gb
30gb SSD
Dual port Intel NIC

That'll be running pFSense, then I'll be flashing OpenWRT onto a Meraki MR12 for wifi duties.

Bound together with a 24 port gigabit switch.

Will be running Snort for IDS and OpenVPN for remote access.

Zarf · 23 Jul 2014 at 22:46

Pfsense on a Microserver ESXi VM.
Got Dual WAN going (2Mb/834Kb uncapped ADSL (PPPoE to a DG834GT in bridge mode), 16/2 Mb Fixed Wireless with a 20GB cap) at the moment it's setup so that anything in my DHCP pool prefers the wireless, and my static devices prefer the DSL. My server is set to use DSL only.
OpenVPN and IPv6 setup (HE.net tunnel over the DSL) I love OpenVPN, it was easy to setup and I use it every day from work with my android phone.
I did have squid running, with SSD backed cache, but it wasn't really worth it (Squid just uses your default gateway, doesn't take into account rules for putting traffic from certain devices through a specific one) plus on a home network there just aren't enough devices for a decent hit rate.

The 20GB Cap is doing my head in, accidentally opened Origin and it had grabbed 14GB of BF4 patches and DLC before I noticed, and there's still three weeks left until it resets.

Currently trying to work out a deal with my WISP for an uncapped or off peak service, then I'll ditch the landline. Maybe even pay them to get an extra FTTC line put in with a consumer ISP and route me through to that - a VLAN to the VDSL modem would be great so I could have the PFSense box handle PPPoE.

Ev0 · 24 Jul 2014 at 20:32

Don't have anything special on my normal home network, but have a little test environment running PFSense and a few IPS/IDS solutions for testing.

markhaines · 25 Jul 2014 at 07:15

Have been running pfSense on a HP Thin Client (1ghz VIA / upgraded 2GB RAM & 32GB DOM) for 3years or so - v.low power, silent and no moving parts - it's been rock solid. It has a single 1gb NIC so I use tagged VLANs on the inferface for WAN, LAN, & Guest network (I found out recently that the guest Wlan feature on Airport Expresses are just a VLAN tagged with 1003 - set it up,with DHCP in pfSense and worked, beautifully).

Currently on ADSL2 but moving to infinity 80/20 soon so not sure if it will have enough beans to cope with that under load... An upgrade maybe on the cards.

Sin_Chase · 25 Jul 2014 at 15:08

I run pFsense in the crappiest old business IBM desktop going

Plenty of power for a 7Mbit line though.

I've used it with 2 NICs and 1 NIC with VLAN tagging, although the latter was an absolute ballache to configure!

I have had to edit the MPD Dialler files though. My ISP performed "upgrades" and totally broke pFsense. The ISP no longer issues a WAN gateway IP and pFsense HATES this. As a result I have had to hard-code a WAN IP gateway just to get the WAN interface up. ISp says "We never used to issue a WAN Gateway IP" but this is TOTAL BS. They always used to. Windows, Consumer Routers etc do not mind having a Null/0.0.0.0 WAN Gateway set. It's not really needed as all traffic on the WAN interface goes out the WAN interface to a single point. However, as stated - pfSense WILL NOT bring up an interface with a NULL Gateway.

Does not help there is added complexity by dialling a PPPoE connection into a Vigor 120 PPPoA to PPPoE bridging modem.