PfSense and Torrentclient on the same Box



  • Hi all

    Please don't kill me, I know that's not a good idea.
    But the alternatives are far worse.

    I have heat problems in my apartment, so I can't let run more than one Computer 24/7.

    I need:
    Some security for three PC behind a firewall.
    A torrentbox with high uptimes.
    Both of it in the same box.

    The available hardware for the FW:
    Duron@1200MHz, 384MByte RAM, LAN Intel 82559 or 3C905TX

    What I don't have:
    any clue about BSD  :(

    My main interest is hardware, i don't know much about modern programming.
    I've grown up with Z80, Assembler and DOS. Im working mostly with Windows.

    I would be nice if someone could provide me some tips or guidance.

    cu
    Hauke



  • You know this isn't a good idea and yet you ask for help anyhow.  IF nobody here helped the other 398274979278937 people who wanted help shooting themselves in the foot, did you think that it would be different for you?



  • If you ask in a polite manner? Maybe

    My options are:

    • Working without any Firewall (just running the torrent-client on the box)
    • Using Windows as FW/Torrent box (Zonealarm+Azureus)
    • Weakening a good FW (pfSense) with a torrent addon

    I think #3 is by far the less worse option.



  • Nope.  You will not receive help doing this here.



  • We're taking about running a windows box with a VMware pfsense, and letting pfsense filter all the traffic including the traffic generated by the windows OS right?

    Im thinking abut setting up something like this myself since I allready have a 24/7 server with lots of idle CPU anyway, and getting an extra network adapter for it (for a total of 3, one pfsense WAN, one pfsense LAN and one for the windows to connect to the pfsense LAN (via a switch) is cheap and easy.

    I can't quite fathom why exactly this is a bad idea as I have heard referenced so many times here. Ive heard it a but aside from some minor issues about network performance being slow in VMware without using the correct drivers I donæt understand why its such a bad idea, atleast not for a home network anyway.

    If someone could sum up exactly why this is a bad idea, please do so.
    -Stigma



  • We're taking about running a windows box with a VMware pfsense, and letting pfsense filter all the traffic including the traffic generated by the windows OS right?

    My wish was to add a torrentclient to pfSense. So BSD would be the one and only OS on that machine. Keeping the code base slim and the potential for security issus small.

    First:
    I don't know if it's a good idea to use a virtualised Firewall.
    An additional Host OS and a Vitual Machine Monitor increases the amount of potential faulty code without measure.
    Secondly:
    Using Windows as a Host OS for a virtualised Firewall …  :-\ A personal Firewall may be more secure than that.

    …and getting an extra network adapter for it (for a total of 3, one pfsense WAN, one pfsense LAN and one for the windows to connect to the pfsense LAN (via a switch) is cheap and easy.

    That shouldn't be neccesary, VMWare have virtual networks called "Host only network". The computer only need one physical NIC.

    The VM with pfSense would have two virtual NICs.

    • a bridged one which accesses direktly the physical NIC. (Red NIC WAN)
    • a Host only NIC (which appears as a virtual NIC for the Host OS) (Green NIC LAN).
      For the Guest OS in the VM both seems to be normal NICs.

    The Host OS would have a physical and a virtual NIC.

    • the physical one could share it's bandwith the bridged one of the VM
    • the virtual one where Windows can get the filtered traffic.
      The trick is, to tell Windows that it should only talk to the virtual NIC (green) and not with the physical NIC (Red)

    Maybe a linux box with VMware would be better. You could run the Firewall in one VM and windows in an other VM.
    VM #1: Firewall with a bridged and a Host-only network.
    VM #2: Server with only Host-only network (connected to the Host-only in VM #1)

    (I am a newbie with this too)  ::)

    I'm trying to setup VMWare on my machine with Ubuntu as Host OS.
    But I still have problems with the network config.

    cu
    Hauke



  • From my own research I found that the main reason why people are discouraging this kind of setup is purely security related. This is quite obvious really, but if you set it up so that the host OS can only access the net via the pfsense firewall then that is atleast a good step in the right direction. Ideally I suppose the best thing would be to have physically seperate ethernet ports for PFsense and just disable all windows protocols for thos in the host OS so that the host OS simply can't be attacked in any way through the connections that go straight to the WAN. Otherwise tat is quite obviously a big security risk ig the host OS has direct internet access.

    It also realy depend on what kinda security you need…. I culdnt realy care less. Ive simply been behind a NAT router for years withiut problems on my own private network, and adding even a flawed pfsense setup to that cant make it any worse, but if you setting it up as a security measure for a business then I guess it would make more sense to get a seperate box for it. if thats the case you probably have some kind of budget allowing for it anyway...

    -Stigma



  • the overall big picture here is you are worried about heat / power usage etc.   the issue is not about installing torrent junk on pfsense.   so get to the root of the problem

    a 1200mhz duron wasn't designed to be a 24/7 routing chip, its a desktop processor u could cook your eggs on with big noisy fans etc
    yank the power sucking, heat generating firewall pc.   put pfsense on a silent passive cooled embedded device with compact flash. 
    then  get another one and install linux and run it just for file serving/torrents

    theres even 1u rackmount cases and such that will accommodate two separate mini itx motherboards, then you can have your "one pc" powered on 24/7 but have two independent pc's


Log in to reply