Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    FreeBSD apps to load behind pfSense?

    Scheduled Pinned Locked Moved Off-Topic & Non-Support Discussion
    7 Posts 4 Posters 127 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      coffeecup25
      last edited by

      I have a spare 2.5 Gb multi port pc that I plan to configure to pfSense. It's partly for fun and partly to have a backup for my current pfSense router.

      My existing pfSense router has a 2nd isolated subnet for IoT on a spare port. I also have Adguard Home working on it thanks to an article I found on the internet. The spare will also be configured this way.

      My question is: What other background applications other than Adguard Home would be a good idea to run in the background without compromising the security of pfSense? FreeBSD appears to have a lot that can be loaded behind pfSense. DLNA and samba are possibilities but low priority as I use other devices that do both better.

      What's out there that would be interesting and mostly safe?

      KOMK 1 Reply Last reply Reply Quote 0
      • KOMK
        KOM @coffeecup25
        last edited by

        @coffeecup25 I would never add extra stuff to the firewall like that. That just increases the attack surface. Instead, I would make that box a Proxmox host, then install virtualized pfSense, containerized Pi-hole, and whatever else you want.

        C 1 Reply Last reply Reply Quote 3
        • C
          coffeecup25 @KOM
          last edited by coffeecup25

          @KOM Thank you. I substantially agree.

          But Adguard Home loading behind pfSense raised the question in my head. I can't see how it could cause harm unless the entire Adguard company was compromised, which seems unlikely. OPNsense offers an option to do the same thing with a little hand holding from within the router program. The risk seems minimal there.

          I even have Adguard Home servers working on my Windows file servers as native Windows programs, although they mostly just sit there because pfSense has it loaded within now. Moving it to pfSense seemed safe while removing a layer of complexity. Everything is now self-contained within the router / pc

          But it raised the possibility about something else with the same risk level being available and useful in the context of a router. The apps I am thinking about would be common ordinary FreeBSD apps

          Thanks, again.

          L 1 Reply Last reply Reply Quote 0
          • L
            LukasInCloud @coffeecup25
            last edited by

            I agree with @KOM since adding extra applications can increase security risks; it's wise to be cautious. And I understand your point about Adguard Home seeming safe, especially since it's working well on your pfSense. It might be worth looking into other FreeBSD apps. What apps are you considering for now?

            C 1 Reply Last reply Reply Quote 0
            • C
              coffeecup25 @LukasInCloud
              last edited by coffeecup25

              @LukasInCloud Nothing in particular. I looked at the FreeBSD apps list online and nothing jumped out, but there appear to be thousands and many do things I never thought of. I only skimmed it briefly.

              I also understand the inadvisability of using a router as an app server. But I also line up on the side of never putting the router in a hypervisor, and lots of people do that without a second thought. So rules are meant to be broken sometimes.

              I found an article on the internet from a person in India that walked me through the Adguard Home install. The only difficulty for me was assigning dns ports correctly so pfSense could coordinate with it. I created my own problems there by selecting dns servers differently than suggested.

              I'm open to suggestions. What seems like a natural fit? Or an interesting one?

              GertjanG 1 Reply Last reply Reply Quote 0
              • GertjanG
                Gertjan @coffeecup25
                last edited by Gertjan

                @coffeecup25

                Think about this one :
                Why did Netgate chose to use FreeBSD as the base OS ?
                I'll take any answer ^^
                Now, let's add one more step : why did Netgate use FreeBSD, and changed some of the core essentials ? Like not using /etc/xxx as the main place for all its own configuration settings and all the added FreeBSD packages ? And more : why are some default library folder moved to other 'non standard' places ?
                The thing is : when you install any avaible FreeBSD native package, this package will presume that it is installed on a native FreeBSD, and that you used the ISO that you took from here : https://www.freebsd.org/where/

                It all boils down to : pfSense uses FreeBSD. pfSense is not FreeBSD.

                Enough for the bad news.
                Now some good news.
                All this is open source. So not they (FreeBSD, pfSense, etc) decide what happens with your system. You decide. After all, an ancient law applies : you do your things. You assume your stuff.
                So, make it happen ^^

                Still, if you could pull this one off : install X-11 on pfSense ( 😊 )

                Plan Z ... wait, sorry, not Z, that one is already taken, Plan W (!) : why do you need pfSense ?
                Install FreeBSD from the source mentioned above, add, if it's not already included, the 'pf' package (the firewall) and add unbound, and some more, and make your own 'FreeBSD firewall'. True, you have to make your own GUI, but why should you ?? Do what has been done for the last x decades : edit the needed configurations files and you could have a very comparable firewall router with no nasty "no more FreebSD package restrictions" ^^

                @coffeecup25 said in FreeBSD apps to load behind pfSense?:

                I'm open to suggestions. What seems like a natural fit?

                Another point of view : pfSense ... a couple of hundreds of thousands of users (installed firewalls), so as many firewall admins, and some of them are experts in this domain.
                If that one and only obvious FreeBSD package was missing, and everybody would gain with its by using on its ... wouldn't it already be there ?

                No "help me" PM's please. Use the forum, the community will thank you.
                Edit : and where are the logs ??

                C 1 Reply Last reply Reply Quote 0
                • C
                  coffeecup25 @Gertjan
                  last edited by coffeecup25

                  @Gertjan I think your point was that pfSense is not a complete freeBSD implementation so not all FreeBSD apps will work in it. If so, it's a good one. After that I got a little confused with your explanation.

                  I'm nowhere near skilled enough to build a fork of pfSense. Figuring out the dns interactions between pfSense and Adguard Home was my limit.

                  Adguard Home works fine in freeBSD because they offer a freeBSD implementation and I possibly lucked out when it worked in pfSense. Although the internet said it would work because others were successful in loading it.

                  Adguard Home doesn't need a gui. It uses html like pihole uses when pihole is installed in ubuntu server, my old ad blocker.

                  Windows made Hyper-V / ubuntu server - pihole unstable when Microsoft was still pushing upgrades to Windows 11. Unattended restarts on my home servers would halt for an ad before Hyper-V loaded and having no dns brought down my whole network. I went back to pfBlockerNG after that but found the interface too difficult to work with when I'm on the hunt to block or unblock a new site. Adguard Home on OPNsense works good but I disliked learning a new router. They put everything in different places. Hence my efforts with pfSense and Adguard Home.

                  I was thinking along the lines of apps that also did not need a gui. Sorry to be unclear about that.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.