Low power pfsense router for a noobie
-
You can simply catchall to WAN2 and pipe HTTP/ gaming traffic only to WAN1 using firewall rules. Note that this can cause certain issues particularly with Netflix since your authentication might take place on a separate IP than what is used to stream.
Also, running squid will help lower actual web usage if a lot of the HTTP traffic is commonly accessed. -
Off-topic…but I suspect you will run into this.
Look at this post: http://forum.pfsense.org/index.php/topic,26947
pfSense (BSD) uses symmetric-NAT and not cone-NAT. Symmetric is more secure, but it has its share of problems too. Just FYI.
-
Thanks for the info, I guess I need to get reading on what all of those features actually DO before I can determine what exactly I will need.
Snort = Intrusion detection
Squid = Caching
VPN = Remote AccessIf you are on a metered pipe you may actually want Squid which will likely disqualify the Alix.
-
Snort = Intrusion detection
Squid = Caching
VPN = Remote AccessIf you are on a metered pipe you may actually want Squid which will likely disqualify the Alix.
Thanks for the info, I was reading around and while there seem to be lots of "how to set up squid" I couldn't find much about what it actually DOES :P
The connection is capped at 200GB, so if I move all the heavy stuff(P2P, FTP, Netflix) to the uncapped connection I don't think we should have much problem with keeping under it. VPN is fairly meaningless for me, any files I need constant access to are kept in sync already with rsync to my various devices.
Are there any other compelling reasons to step up to a more powerful machine? Even the possible noted 50MB/s is more throughput than my internet connections can handle(even if I had 3 of each), internet in Canada is sort of a joke for speed. I've seen some notes of stuff like logging, is it possible to log to another location(ie: not onto the compactflash or an internal hdd? though the hdd IS an option)?
-
Thanks for the info, I was reading around and while there seem to be lots of "how to set up squid" I couldn't find much about what it actually DOES :P
The connection is capped at 200GB, so if I move all the heavy stuff(P2P, FTP, Netflix) to the uncapped connection I don't think we should have much problem with keeping under it. VPN is fairly meaningless for me, any files I need constant access to are kept in sync already with rsync to my various devices.
Are there any other compelling reasons to step up to a more powerful machine? Even the possible noted 50MB/s is more throughput than my internet connections can handle(even if I had 3 of each), internet in Canada is sort of a joke for speed. I've seen some notes of stuff like logging, is it possible to log to another location(ie: not onto the compactflash or an internal hdd? though the hdd IS an option)?
VPN just allows you to tunnel back home while you're out and connect to your local network as if you were connected to the LAN. This is useful for stuff like RDP or perhaps to grab a file you need from home. Most home users don't need it but you may or may not like to have it since you have a storage server/ vm going. Another use would be to RDP back and queue up downloads on the server(s).
As to the logging, you can setup a Syslog server on your VM and redirect the logs there.
-
VPN just allows you to tunnel back home while you're out and connect to your local network as if you were connected to the LAN. This is useful for stuff like RDP or perhaps to grab a file you need from home. Most home users don't need it but you may or may not like to have it since you have a storage server/ vm going. Another use would be to RDP back and queue up downloads on the server(s).
As to the logging, you can setup a Syslog server on your VM and redirect the logs there.
Awesome, thanks for the information! All downloads are "hands-off" from the time it's initiated until it finally gets deposited in the correct folder(regexp utopia), so judging from all this I think the ALIX board should cover my needs and then some, and at a lower cost of entry than adding the requisite additions to my current hardware as well!
-
The Alix sounds like it will be fine. I use one at home with my 35/35 connection and have no issues maxing it out. I added a VPN1411 accelerator card so that I don't get any slowdown when connecting to my home network remotely (without one, you'll only get 10-12Mbit/s of VPN performance out of the Alix).
-
Awesome, now just to find a legit site that looks like I can trust it ;D
-
Awesome, now just to find a legit site that looks like I can trust it ;D
You can find it under recommended vendors on the main page. Specifically, here:
http://www.pfsense.org/index.php?option=com_content&task=view&id=44&Itemid=50 -
Awesome, now just to find a legit site that looks like I can trust it ;D
I've bought the couple Alix boxes I have from NetGate.
-
Now, I'm seriously new to this, since it has no video output how do I go about performing initial setup? I did notice that it has a serial port(I'm fearing this is how I perform the setup), but I lack any machine that actually HAS a serial port. All my computers are running enthusiast hardware, old standards die quickly for gamer hardware.
How does one go about this? Can I install on another machine to my HDD/CF card and then migrate the install or would that cause issues?
-
Now, I'm seriously new to this, since it has no video output how do I go about performing initial setup? I did notice that it has a serial port(I'm fearing this is how I perform the setup), but I lack any machine that actually HAS a serial port. All my computers are running enthusiast hardware, old standards die quickly for gamer hardware.
How does one go about this? Can I install on another machine to my HDD/CF card and then migrate the install or would that cause issues?
There are 2 choices:
1) HDD full install. You need a 2.5" PATA drive for this. Do a full install on another machine but select the 'Embedded Kernel' when prompted.
2) Embedded install on a CF card. You need a serial port on another computer (I recommend getting a cheap USB to serial adapter).
Use physdiskwrite to write the image to the cf card and plug it in.
Then hook up the serial ports on both sets via a Null modem cable.
Fire up putty on the pc you're using to configure the box. Settings are: (COM1 typically) 9600/8/N/1.
Once you've done the basic configuration (set the interfaces & IPs), you can proceed to do the rest of the work via the WebGUI.
