Virtualize PfSense or old Laptop for Basic Home
-
Thanks for the answer.
Could you please explain the security issues I may have if I share my Nas ressources to the Pfsense VM?
I thought of sharing one CPU core along with 3 GB ram and 64Gb. My Nas is often transcoding videos and photos. Thus, it hits 100% CPU usage and only 20% of ram maximum. However, if I allocate one CPU Core, then the NAS won't use it, right? I am not sure.
We, in addition, use a lot of Plex and access the Nas 24/24/7 for file storing, transfering, copying, and so on.I, obviously, want to have reliability and the best speed possible along with security. I nevertheless don't want to pay a lot of money. Will my laptop with his single Ethernet port with Vlans and a USB nic with vlans for failover be enough for reliability?
Overall, what is the best for me as a home user?
PS: The two WAN connections come from two 4g Huawei routers with built in firewall (even though they can be considered meaningless).
Thanks,
-
The best option for a home user is to use appliances that are physically small, silent, use just a little power, are built for purpose and are maintained by pressing a single "update" button every now and then.
As far as security goes, this is not a platform one would like to run a security device on:
https://www.cvedetails.com/vulnerability-list/vendor_id-11138/Synology.htmlOnce the device is pwned, your screwed. All users that can access the device are potential threats. How long and how quickly is Synology dedicated to maintain and patch that device? A NAS is purpose built for ... surprise, easy storage. Not for security.
-
Thanks,
I see. I think I will stick with the laptop with its single ethernet coupled with Vlans and add two usb NICs for failover. I will, moreover, restart my laptop every 3 days.
The tdp of the laptop is about 15watts which isn't a lot.If you have any recommendations on how to add functionality on pfsense, use my hardware better, add stability, add speed, add security, or anything else, please suggest and advice me. Thanks again.
-
If you like to both have a hobby and add some seriousness to this: Install proxmox on the laptop and virtualize pfsense on top of that. Why? You can then easily backup the firewall on a USB-stick and in the case when (not if) the laptop will fail, or any other issues, you can easily install proxmox on any other laptop (or similar hardware) and just continue with your latest (daily) backup of your firewall.
Also a lifesaver when the occasional update decides to fail.
-
@tsmalmbe I actually have the same laptop with the same hardware in spare (with the display broken). I made a sector-by-sector backup of my ssd and, in case of any failure, can just install the old SSD or new SSD with 1:1. Isn't it great? It will work, right ?
Do you have any other great suggestions?
Thanks,
-
It will work. Just remember to do that often enough (enough = the amount of days of configuration changes you are willing to loose - and whenever you update).
-
@tsmalmbe Great thanks. Just let me know if you have any other security tips or any other advice. I love to learn.
Thanks,
-
Enable auto config backup and you will always have access to a recent config. As long as you have noted the key somewhere!
Keep a USB stick with the install image on it handy and you can restore pretty quickly if you ever needs to. In 2.4.4p1 you can even put a recent config file into the install stick to restore it directly making it even quicker.
Steve
-
@skalyx said in Virtualize PfSense or old Laptop for Basic Home:
and add two usb NICs for failover.
Those will likely be the first things that fail under load. Unless the on-board NIC is Realtek, then all of them will fail sooner or later. Just don't come crying when this crappy setup causes problems.
-
https://store.netgate.com/MBT-2220-system.aspx
this will do everything you need. i have one and want to order another one just to have a spare OR install linux on it for a remote box
-
@stephenw10 thanks for your suggestions. I will activate that. I have a second laptop with the exact same hardware. I will in case of any problem easily switch.
-
@grimson Hi,
Please do not be aggressive. Stability is not a major issue and we do not have massive traffic like a production network. I, in case of any problem, can easily failover to my second exact same laptop hardware. Moreover, the USB nic is only there for Failover and not load balancing. If the single ethernet fails, It will switch and I will easily notice it. Thus, it just gives me option without spending a buck.It just is temporary. I will in the next house (soon) buy a real router.
Thanks,
-
Really what you have to consider here is what are the consequences of a failure? How quickly can you get back up and running?
This is a home setup so it's not like you would be losing thousands of dollars an hour if it goes down. More likely you will just get grief from your family which is probably manageable.
If you have a second laptop as a cold spare and install media and config available you will always be able to recover it's just the downtime that varies.
In all probability you won't have any trouble but if you do I'd put money on it being with those USB NICs.
Steve
-
@stephenw10
Happy new year!Yes, the risks are negligeable. I won't lose a penny if the network fails and I can easily make it up and running. I don't expect it to fail often nor fail for a long time thanks to the USB failover, back up, hardware failover (cold backup with exact same laptop and same configuration), etc.
In any case, I just easily can shut down my PFsense router or DHCP server and switch the VLANs to switch the DHCP server to the WAN1 or WAN2. It isn't difficult.
Furthermore, my family all has 4G and can use it as hotspot... Android smartphones, moreover, switch to 4g automatically when the connection isn't stable. Thus that is not at all big deal.Thanks,
