Should I invest into a PFSense setup and How?

ethanspleefan

I recently bought an old OptiPlex machine to run proxmox for my first homelab, right now I have a ZTE router and am port forwarding through the router with a very, very basic firewall is it worth setting up a PFSense firewall system and could I do it by using my homelab and a proxmox server + a new 2.5gb+ NIC to a switch or would I need more hardware and would this in turn be worth the trouble/money?

What do you use PFSense for and how do you have it setup?

Bob.Dig

@ethanspleefan said in Should I invest into a PFSense setup and How?:

What do you use PFSense for and how do you have it setup?

Routing and firewall and so I have set it up.

TylerJenkins

Replying for the update.

Gertjan

@ethanspleefan said in Should I invest into a PFSense setup and How?:

would this in turn be worth the trouble/money?

You forgot the most important one. Your time.
Since when the ISP device (modem, router) doesn't cover your needs anymore ?
The ISP device is a nearly set-it-and-forget it device, and most users (95 % of all Internet connection on planet earth ?) treat it like that.
No troubles (well ...) . No financial issues (ISP will replace it if needed). No time lost.
It has even, most often, a AP build in, does "phone" and gives you access to some TV.
What do you want more

@ethanspleefan said in Should I invest into a PFSense setup and How?:

old OptiPlex machine to run proxmox

More hardware, about, what, 100 Watt/hour (so 876 Kwh a year, with 1 Kwh about 20 cents = 175 $ or € a year just to "feed" it - but half a year the heating is appreciated).
And more hardware means : more changes something 'breaks'. And when it breaks, check the calendar : it will be December, 25 or a day like that.

Why does anybody want to use pfSense ?
Because there is a reason they had to do it. And your reason will be the good one !

@ethanspleefan said in Should I invest into a PFSense setup and How?:

I need more hardware

Yeah, a 2,5 Gbit.sec switch
An UPS - you can share the usage with your NAS, main switch, ISP device and other mission critical devices. An UPS will save you from troubles for sure, you only don't know when (yet).

@ethanspleefan said in Should I invest into a PFSense setup and How?:

for and how do you have it setup?

The default setup is already very good.
pfSense has loads of 'other' options, but these are not really needed. Except : if you find a reason ^^

ethanspleefan

You forgot the most important one. Your time.
Since when the ISP device (modem, router) doesn't cover your needs anymore ?
The ISP device is a nearly set-it-and-forget it device, and most users (95 % of all Internet connection on planet earth ?) treat it like that.
No troubles (well ...) . No financial issues (ISP will replace it if needed). No time lost.
It has even, most often, a AP build in, does "phone" and gives you access to some TV.
What do you want more

As for the time I enjoy messing around with my gear so not really a problem.

The router I have is from an old ISP and my new one is an eero router with only 2 ports so I cant replace it with the old one due to the way my network is setup as I have the switch in the same box in the garage as the internet and then run thru to office to router, then wifi + LAN for printer and homelab and other devices then back to switch and around house.

More hardware, about, what, 100 Watt/hour (so 876 Kwh a year, with 1 Kwh about 20 cents = 175 $ or € a year just to "feed" it - but half a year the heating is appreciated).
And more hardware means : more changes something 'breaks'. And when it breaks, check the calendar : it will be December, 25 or a day like that.

As for the power I have panels on the roof that have paid themselves back already so that covers the cost, as for hardware I am not running super intensive workloads/vms on the machine but that is something that I hadn't considered yet.

Yeah, a 2,5 Gbit.sec switch
An UPS - you can share the usage with your NAS, main switch, ISP device and other mission critical devices. An UPS will save you from troubles for sure, you only don't know when (yet).

My switch in the garage as mentioned before is 1gb max so until I upgrade that I am stuck with 1gb/s however my ISP speed is only 1000/50 so not limited there for now but if i want to setup some NAS/LanCache I will need to upgrade the switch however the onboard NIC of my homelab is 2.5

Thanks for all of your input I shall have a think about it.

Gertjan

@ethanspleefan said in Should I invest into a PFSense setup and How?:

As for the time I enjoy messing around with my gear so not really a problem.

That was the reason why I switched to pfSense. That is, itw as called m0n0wall, and then the upgrade path became known as pfSense.
That is, I was needing something that is called a "captive portal", I didn't know that it was called like that back then.

power ...

I was just mentioning 'hidden' costs.

@ethanspleefan said in Should I invest into a PFSense setup and How?:

ISP speed is only 1000/50

As pfSense only transports traffic from and to the net, your "2.5 Gbit" isn't really needed.
if you have several devices that are "2.5 Gbit" ready, and these devices are in the same, or other internal pfSense LANs, then "2.5 Gbit" NICs becomes useful.

stephenw10

If you're asking can you run pfSense as a VM in proxmox then the answer is yes. But there are some caveats! It's a more complex setup to be sure the traffic is all passing through the VM. If you have to reboot proxmox you lose your router/firewall. There are lots of users doing exactly that though.