-
@FrankZappa Yeah, if you just use OpenVPN for remoting into your home network it won't impact your performance in the way I was talking about.
Regarding packet inspection, we're talking about using snort or suricata on top of the packet filtering done by pf.
Using suricata is great, but the hard part about making it effective is knowing what to do with the data it gives you. I have it on on my home firewall right now and it's just doing its thing and logging the output. Which is fine, but in an un-curated setup like mine, it produces more than 13 million messages in a 24 hour period, the vast majority of which can simply be ignored. So if you want to make good use of it, be prepared to put in the time to really really dial it in.
Regarding the second NIC, you're talking about something like this right?
Anyway, depends on how fancy you want to get. I've seen at least one expresscard to pci-e x1 adapter out there. Heck, my own router is using a mini pci-e to pci-e adapter to connect a quad port NIC to a half-length mini pci-e slot. It only has one lane but it's been fast enough for me so far.
-
Thanks Whosmatt. Yes the NIC is the Startech EC Express single port version (you linked to the dual port version). I'll hook that up to the WAN (Modem) and use the onboard intel nic to connect to my Ubiquiti managed switch.
I wasn't planning on using suricata, but now you have my curiosity peaked (I watched an hour youtube tutorial). If I dont use suricata, is the pf packet filtering good enough? Also, does pf block bad IP addreses automatically? Wasn't sure if it did. My Asus router uses Skynet as an add-on and it blocks known bad IP's. Just curious.
Thanks for the advice.
-
pf blocks EVERYTHING by default :)
There is a package called pfblocker-ng that many (myself included) use for automatically blocking known bad actors with updated block lists and the like. That's probably what you're looking for.
-
Thanks whosmatt.
-
Thanks NollipfSense.
-
@stephenw10 Thanks Stephen. Is the Express Card Slot considered a USB NIC?
-
Nope. Or at least it probably isn't; ignore me!
Express card does provide USB so it can accept modems etc but I would not expect a NIC to use that. This looks like it uses the Realtek RTL8110 which is a PCIe chip.
Steve
-
@FrankZappa it's used like a PCIe slot.
-
@stephenw10 Any idea if I can use this excpress card adapter with pf?
Sonnet Technologies Presto Gigabit Ethernet Pro ExpressCard/34https://www.amazon.com/Sonnet-Technologies-Gigabit-Ethernet-ExpressCard/dp/B00I8MMWTY
It appears to have a Broadcom chip (I think). Not sure if this is compatible. Thoughts?
-
Without knowing what the actual chipset they're using is there's no way to know.
-
@stephenw10 If it's Broadcom, will it work?
-
@FrankZappa I read where it works fine with Linux with it's Broadcom NetXtreme BCM57762 controller. No idea if this is compatible w PF
-
If it is indeed the BCM57762 it should work with the bge driver:
https://www.freebsd.org/cgi/man.cgi?query=bge&sektion=4
-
@whosmatt Thanks whosmatt. Do I need to install the driver or will pf already recognize it ?
-
You shouldn't need to install anything.
-
@FrankZappa I have used Sonnet before on a MacBook Pro I had contemplate using as a pfSense box. Yes, it has Broadcom and it works ... just a little issue running IDS/IPS because it's in emulator mode with Netmap instead of the full interaction with Netmap. BTW - your Intel -82579LM Gigabit is supports the new Intel driver, so no problem.
-
EC1000S is 10EC:8168. It's supported by FreeBSD according to the list of supported device IDs. Also we have a lot of successful probes of this chip in the BSD hardware database.
-
@NollipfSense Thanks. So if I use this card on the WAN side (use internal 82579LM for LAN) shouldn't it work fine if I enable IDS/IPS? I would think using this card on the WAN just passes and receives all traffic, while the 82579LM does all the IDS/IPS, firewall, and OpenVpn traffic...or do I have that backwards?
Thanks -
@aponomarenko Thanks. So I went with another card: Sonnet Technologies Presto Gigabit Ethernet Pro ExpressCard/34 which has a Broadcom chip (BCM57762). I haven't used it yet, but hoping it will work.
-
@FrankZappa said in PfSense on a Dell Latitude E6420:
use internal 82579LM for LAN) shouldn't it work fine if I enable IDS/IPS?
Yes
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.