Building pfsense box
-
I was reading about how 83% of the routers contain severe security issues found here below
http://www.theamericanconsumer.org/wp-content/uploads/2018/09/FINAL-Wi-Fi-Router-Vulnerabilities.pdf
Someone mentioned, "build a pfsense box" and this made me very interested.
I am about to get FIOS DL-1GBs/UP-31.25MBs.
I have as my pc that I use daily and that's all I have, no secondary pc.What my PC has is the following.
I7-3770K@4.5Ghz which has the AES-NI instruction.
8 gigs ram
1000MB/s realtek built in the motherboard pcie adapter
Intel Pro/1000GT Desktop AdapterCan I accomplish this pfsense box with this setup?
I have no clue what I am doing but I do follow pretty well if there is a in-depth-handson-how-to with screenshots etc.
Where should I start if this is accomplishable on a single pc?
Edit:
I also have a linksys 5 port gigabit ethernet switch SE2500.Edit2
I also have a linksys wireless g card
Smart phone too need to hook to it.
-
pfSense is a complete OS, if you installed it on that machine in the normal way it would replace whatever you have running on there currently.
The only way you could do it without some additional hardware would be to run pfSense as a virtual machine is your choice of hypervisor but that's far from ideal. You would need, at a minimum, an additional network card to bring out a connection to your switch.
I highly recommend you get an additional device to install pfSense on.
Steve
-
Ah ic now, ok. Thank you.
So with my two network cards i have now i'll need a third?
-
You could for sure run pfsense as a VM on your box.. As what that box has for wifi is moot, and wireless G? Yeah that is just trash anyway ;)
No you do not need another nic if you have 2 or could do vlans..
This VM running on your box could put your PC behind pfsense as a firewall, and provide firewall for the rest of your network, if you have another wifi router you could use as just an AP and you have switch as well for other wired devices.. Which maybe you have and just not PCs?
But for easy of setup and understanding if you are not well versed in how VM and VM networking works as stephen stated it would be much simpler to just get another box to use as your router..
Do you have budget for such a purchase? While the sg1000 would not handle your gig connection the MBT systems should from the benchmarks I have seen about a year ago.
https://store.netgate.com/pfSense/systems.aspxThe MBT-2220 and -4220 are under $300
Or you could do the SG-3100 which for sure can handle gig and has some switch ports.. But its a bit more - I do believe there are some other systems rumored as well that are going to be great price point for features.
-
@johnpoz said in Building pfsense box:
You could for sure run pfsense as a VM on your box.. As what that box has for wifi is moot, and wireless G? Yeah that is just trash anyway ;)
No you do not need another nic if you have 2 or could do vlans..
This VM running on your box could put your PC behind pfsense as a firewall, and provide firewall for the rest of your network, if you have another wifi router you could use as just an AP and you have switch as well for other wired devices.. Which maybe you have and just not PCs?
But for easy of setup and understanding if you are not well versed in how VM and VM networking works as stephen stated it would be much simpler to just get another box to use as your router..
Do you have budget for such a purchase? While the sg1000 would not handle your gig connection the MBT systems should from the benchmarks I have seen about a year ago.
https://store.netgate.com/pfSense/systems.aspxThe MBT-2220 and -4220 are under $300
Or you could do the SG-3100 which for sure can handle gig and has some switch ports.. But its a bit more - I do believe there are some other systems rumored as well that are going to be great price point for features.
Yea, my budget is bad. As for other systems, what other systems at good price point?
-
There were some rumors that netgate was going to be releasing some new hardware... Thought it was going to be soon - but maybe that was the mbt stuff... Not sure exactly.
what is your budget.. Your not going to be able to even get a china box that can do gig for say under couple of hundred..
-
@johnpoz said in Building pfsense box:
There were some rumors that netgate was going to be releasing some new hardware... Thought it was going to be soon - but maybe that was the mbt stuff... Not sure exactly.
what is your budget.. Your not going to be able to even get a china box that can do gig for say under couple of hundred..
I have a mountain bike on layaway, be paid off in November, then i can afford $60 a week to save.
-
@johnpoz said in Building pfsense box:
There were some rumors that netgate was going to be releasing some new hardware... Thought it was going to be soon - but maybe that was the mbt stuff... Not sure exactly.
We have another small box coming soon to take the place of the SG-1000. Details will be out very soon.
-
Good. I've been wanting to support the project by buying hardware for years now, but my personal budget can't afford $450+ CDN dollars for the 3100 (plus customs & shipping since you don't have any retail partners in Canada.)
-
@jimp said in Building pfsense box:
We have another small box coming soon to take the place of the SG-1000. Details will be out very soon.
Yeah a sub $200 box that could handle gig could be a game changer for sure.. More than 2 interfaces would be some yummy icing on that cake to boot ;)
The only hardware that I know of that can do gig in say the $100 range would be the unifi stuff.. But its performance drops into the dirt as well if you turn on any feature that disables the hardware offload they are doing.. And their feature set and ease of management compared to pfsense is light years behind.. I have a USG sitting on my shelf because its was painful compared to pfsense.. But it was a stop gab for me while the sg4860 I wanted was back ordered after I had updated my isp from 100/10 to 500/50 and my current VM instance couldn't handle that speed.
-
@johnpoz you're basically describing an APU2 if you're not running PPPoE. BSD is a bit slower than linux, but the isr deferred stuff might improve that. So I wouldn't call it a "game changer".
-
@vamike said in Building pfsense box:
APU2
What is the price point? The older netgate units that are APU2 were over 300 and couldn't do gig I don't think, etc.
What I mean from game changer point of view is the ability for netgate to sell a more home friendly priced box to compete with these diy and china boxes, etc. The sg1000 is ok, but it can not handle decent speeds and many power users that would want to run pfsense in the ifrst place prob have a higher end inet connection. But the next level box is in the 350$ which is high end of budget for many home users.
-
So i made down payment of $170 for Metronet fios, will be installed this coming tuesday. Once my bike is paid off, i will save for pfsense device, by then, new tech andnhope cheaper prices will be available.
-
@johnpoz netgate rebadged the pcengines apu1 and called it either APU2 or APU4 depending on the RAM size. It's been confusing people ever since the pcengines apu2 was released. (Completely different CPU, NIC, etc.) The pcengines apu2 runs about $150 (they're actually cheaper than the apu1, lower component costs).
-
Okay guys this one really slipped me I am not getting one gigabyte per second with fiber optics I just double-checked it is 1 gigabit equaling 125 megabytes per second. So this changes the game.
-
Not really. We all assumed 1Gbps because 1GBps would be 8Gbps which is very unlikely. Impossible on FiOS I would say.
Everything above is still true.
Steve
-
@stephenw10 said in Building pfsense box:
Not really. We all assumed 1Gbps because 1GBps would be 8Gbps which is very unlikely. Impossible on FiOS I would say.
Everything above is still true.
Steve
I have a question why is internal Network most new routers are 1000 megabyte per second equaling 1 GB per second? Right I think that's right. I thought fiber optics could deliver much more than one gigabyte per second and I thought one gigabyte per second was standard for residential.
-
Well here in the UK I'm stuck at 80Mbps so....
But, no, some ISPs seem to be starting to offer >1Gbps but most are not. There are a few threads here about 1.5Gbps connections. But for residential internet 1Gbps is about all you can expect right now.
The fibre itself may be able to carry more but that doesn't mean the isp infratructure can.
And most SOHO routers are Gigabit internally, that's 1Gbps.
Steve
-
@johnnyk nobody is delivering residential gigabyte service. Confusion is rampant. I avoid this by trying to use Gbit and Gbyte rather than "Gb" or "GB" and hoping people know what those mean.
To get gigabyte per second performance you'd need 10 gigabit per second networking. Most new routers do not do that.
Networking speeds are generally measured in bits (because they're descended from telecoms where a bit is a thing), other computer speeds like disks and memory are measured in bytes (because most basic computer operations don't involve less than a byte).
-
@stephenw10 said in Building pfsense box:
Well here in the UK I'm stuck at 80Mbps so....
But, no, some ISPs seem to be starting to offer >1Gbps but most are not. There are a few threads here about 1.5Gbps connections. But for residential internet 1Gbps is about all you can expect right now.
The fibre itself may be able to carry more but that doesn't mean the isp infratructure can.
And most SOHO routers are Gigabit internally, that's 1Gbps.
Steve
Yup, I just checked with HWINFO app, and it does indeed say 1000Mbps adapter, now I see. All this time I had it wrong.
-
So yea, I am maxing my network adapter with this FIOS@125MB/s.
Yea, I understand Kb/KB/Mb/MB/Gb/GB, I adapted to using MB vs Mbps.
-
Yes, it's a very common mistake. So common in fact that I just assumed you meant bits. I apologise.
Anyway be happy you have access to 1Gbps while I wait for another download to complete!
Steve
-
@vamike said in Building pfsense box:
The pcengines apu2 runs about $150
And it can push gig internet?
-
@johnpoz it can push gigabit all day long under linux+iptables. last I looked it was a little slower with pf (800 something Mbps) but as I said above it may be better with the isr deferred config. it cannot do gigabit pppoe, and openvpn speeds are somewhere around 50-100Mbps.
