Help with desiging home network firewall



  • Hi,

    I'm interested in setting up pfSense to protect my home network and was wondering what would be the best setup/hardware.

    My current networks consists of the following.
    Comcast CableModem, DIR-655 Wireless Router, 1 TS-409Pro NAS, 1 HTPC, and up to 4 wireless workstations.

    What I’m thinking about starting out with is a perimeter firewall. 
    [CableModem]–>[pfSense FireWall]–>[DIR-655 in AP mode].
    The HTPC and NAS would be plugged into the DIR-655 Gigibit Ethernet ports
    I have the following requirements.
    -HTPC and NAS must work at Gigabit speed. 
    -Need to be able to VPN into work network using laptop with wireless.
    -Ability to block outgoing access to specific websites by ip and/or url.
    -Ability to block incoming requests by ip/url/ and port.
    -Bit torrent should work from my NAS.
    -Unreal Tournament should work from wireless connected computer.
    -Requests from WAN port 8080 should make it to the web server on my NAS on port 8080.
    -Whatever hardware I purchase must pass girlfriend approval.  Her requirements are simple.  She doesn't want to see or hear it.  This means it needs to be as small as possible since it will be living under my TV in the living room.

    I guess i would be ok with hardware that has 2 10/100 Lan ports.  My concern is I may want to put the NAS on a separate Gigabit port… so I would need the cable modem plugged into a 10/100 then the DIR-655 and NAS in a gigabit port.

    Any suggestions on feasibility and hardware are greatly appreciated.

    Chris



  • @chrish:

    What I’m thinking about starting out with is a perimeter firewall. 
    [CableModem]–>[pfSense FireWall]–>[DIR-655 in AP mode].
    The HTPC and NAS would be plugged into the DIR-655 Gigibit Ethernet ports
    I have the following requirements.
    -HTPC and NAS must work at Gigabit speed.

    That's down to the DIR-655

    @chrish:

    -Need to be able to VPN into work network using laptop with wireless.

    That's just down to firewall rules (though there's a limit of one PPTP tunnel).

    @chrish:

    -Ability to block outgoing access to specific websites by ip and/or url.

    Install Squid and SquidGuard

    @chrish:

    -Ability to block incoming requests by ip/url/ and port.
    -Bit torrent should work from my NAS.
    -Unreal Tournament should work from wireless connected computer.

    Basic firewall rules ;)

    @chrish:

    -Requests from WAN port 8080 should make it to the web server on my NAS on port 8080.

    Port forwarding - easy ;)

    @chrish:

    -Whatever hardware I purchase must pass girlfriend approval.  Her requirements are simple.  She doesn't want to see or hear it.   This means it needs to be as small as possible since it will be living under my TV in the living room.

    Take a look at the FX56xx series (see here - they're passively cooled, have multiple Gbit ports and can run off of 2.5" hard disk (low noise), Microdrives (very low noise) or CF (no noise).  If you wanted to you could drop in a WiFi card and replace the wireless router ;)

    You can also go down the built it yourself approach with the mini-ITX platform.  You can build a very low noise box to your own specification in a case that won't look out of place under the TV - but it'll probably cost you more than off the shelf kit of the same spec.

    @chrish:

    I guess i would be ok with hardware that has 2 10/100 Lan ports.  My concern is I may want to put the NAS on a separate Gigabit port… so I would need the cable modem plugged into a 10/100 then the DIR-655 and NAS in a gigabit port.

    Any suggestions on feasibility and hardware are greatly appreciated.

    Do search the forum - there are few dozens threads on the subject of hardware.


Locked