Things the forum needs to fix.
-
Yes there are many scenarios but i think it would be nice if some users would post there basic home settings
or there would be some recommendations for example on stuff like Squid Memory cache size based on RAM.
I believe for home use the needs between people do not differentiate to much.
I think there are allot of people here who have experience on what works best.Allot of stuff here is years old and as fdisk said if you look around it seems like you need a killer machine.
-
all pfsense is a HOME firewall. Little things.
So no.
Our company has several clients using many of these and even in nested configurations across the country.
Methinks you are posting angry.
Don't post angry.
-
Topics like "New Alix board for 2013" still pinned on top…
And we're in 2015... -
I really think you are over reading. Your hardware is fine if you have two Network ports on the machine. Just do the default install, it installs the rules you need by default.
Add the Snort package. Go to snort.org and get a free Oinkmaster code. Add that to "Global Settings" in Snort. Go to the "Updates" tab and click "Update". Add a LAN interface on "Snort Interfaces". On "Lan Settings" click Enable, Block Offenders, Kill States, in "Lan Categories" tab click "Resolve Flow Bits", "Use IPS Policy" and on "IPS Policy Selection" choose "Conectivity". Hit Save.
Log into your current wireless router and set it up as an access point. Just Google your router brand and "setup as access point" and follow those instructions there.
You now have 100 times the home network security that any commercial "Walmart" router has and a basic "UTM" as you mentioned in you post. Then you can start reading the more in depth posts to add more functionality, or just leave it like it is.
PS. If you need help, PM me I'll walk you through it.
Like looking at hardware req's I was concerned that my old- dell optiplex 745 duo-core 3ghz, 3gigs ram wouldn't be enough.
-
I agree with the OP. Some of the docs are woefully out of date. An example would be the minimum hardware requirements. The hardware listed was becoming obsolete a decade ago. This does a disservice to potential new users who are trying to get good supported hardware. From that page, I could assume that my AMD 5350 with 8G RAM could handle any pfSense usage scenario (I doubt it though).
It would also be nice to see some basic tutorials walking through a non-trivial home setup. An example setup would be a pfsense box with a wireless AP and a switch using the Ethernet ports on the pfsense box. I'd assume this is trivial to setup, but after reading through the forums, I'm no longer sure.
The example setup would be
Ethernet port 1 - WAN
Ethernet port 2 - LAN (switch)
Ethernet port 3 - LAN (WAP)
Ethernet port 4 - Maybe a DMZ -
Everything is "simple' if you have done something a lot.
A master in kung-fu probably thinks it's piece of cake to catch a fly with chopsticks
An experienced welder can merge 2 pieces of steel together while having a chat with a collegue and checking his phone.So while the documentation might not be perfect, its not THAT bad compared to some other docs i've read over the years.
imho if you learn how to crawl before you try to run the 100m in 10secs, then you'll grow into it.the other option is to pay for a gold subscription and receive the "definitve guide' .
-
Some of the docs are woefully out of date. An example would be the minimum hardware requirements. The hardware listed was becoming obsolete a decade ago.
The hardware requirements are definitely due for an update, but what other parts of our documentation are "woefully out of date"? I have spent the last 6 months updating every article on the wiki, if something is still outdated on the doc wiki, I'd like to know so it could be fixed.
-
Here are some items that are out of date or appear out of date because they conflict with other docs.
https://doc.pfsense.org/index.php/What_is_the_best_wireless_card_to_use
The link Madwifi Compatibility list is dead. All the cards seem to stop at 802.11n. This might be a limitation of FreeBSD.https://doc.pfsense.org/index.php/What_is_a_bridged_interface_and_how_would_one_be_used
seems out of sync with
https://doc.pfsense.org/index.php/Use_an_existing_wireless_router_with_pfSense
The first talks about using a bridge to add wifi support, while the other avoids bridges all together.https://doc.pfsense.org/index.php/How_can_I_increase_the_state_table_size
This seems dated because it implies that 1G RAM is huge. It doesn't seem that high for modern hardware. -
I would be extremely happy if the official documentation could include some explanation similar to this (or a more updated version): https://forum.pfsense.org/index.php?topic=24773.msg129341#msg129341
I am personally attempting to simplify the explanation HFSC's exclusive capabilities, so regular users do not need to resort to reading the HFSC white paper(s), but a "good" writeup is months away… :(
(Perhaps a script that calculates m1&d values using standard packet sizes based on a chosen protocol would be easier than explaining HFSC to everyone.)Maybe pfSense should spend time documenting differences from FreeBSD, and otherwise link to FreeBSD/OpenBSD for documentation. No need to reinvent the wheel. Though, I guess pfSense's demographic is different from the full BSD operating systems.
:)
-
https://doc.pfsense.org/index.php/What_is_the_best_wireless_card_to_use
The link Madwifi Compatibility list is dead. All the cards seem to stop at 802.11n. This might be a limitation of FreeBSD.I fixed that page. (Updated the card we all use internally, removed that dead link)
https://doc.pfsense.org/index.php/What_is_a_bridged_interface_and_how_would_one_be_used
seems out of sync with
https://doc.pfsense.org/index.php/Use_an_existing_wireless_router_with_pfSense
The first talks about using a bridge to add wifi support, while the other avoids bridges all together.Those are two COMPLETELY different things. The first is talking about bridging two pfSense interfaces in general, the second is about using an external wireless router not a wireless card, and there isn't even a second interface involved in that second page, so bridging is irrelevant. In that scenario the external wireless router is plugged into the LAN. The two pages are not related in any way.
https://doc.pfsense.org/index.php/How_can_I_increase_the_state_table_size
This seems dated because it implies that 1G RAM is huge. It doesn't seem that high for modern hardware.It's using a simple example there, it doesn't make commentary about how "huge" the RAM is. 1,000,000 states is still huge, regardless of how much RAM is in the box total, and it's a nice round number that makes a good example.
-
https://doc.pfsense.org/index.php/What_is_a_bridged_interface_and_how_would_one_be_used
seems out of sync with
https://doc.pfsense.org/index.php/Use_an_existing_wireless_router_with_pfSense
The first talks about using a bridge to add wifi support, while the other avoids bridges all together.Those are two COMPLETELY different things. The first is talking about bridging two pfSense interfaces in general, the second is about using an external wireless router not a wireless card, and there isn't even a second interface involved in that second page, so bridging is irrelevant. In that scenario the external wireless router is plugged into the LAN. The two pages are not related in any way.
The first page makes much more sense now. I didn't read it as a WIFI card. I interpreted it as an Ethernet port connected to a WIFI router.
