Which CPU to use and suggestions for getting started.

redfox

I have several older computers and retired servers to choose from.

HP Elite 8300 with i7 3770

Lenovo Thinkserver with Xeon E3-1220 v3; Xeon E3-1225 v3; or i3 4130

and anywhere from 8 - 32 gb ram.

I have a Intel i350-T4 on the way, and I've a few consumer grade SSD's laying about I can use, or if required, I can pick up a used Intel 80GB 320.

My internet is 940 Mbps down, 35 Mbps up. We are mostly internet gamers, so ping and latency are very important. I do work from home and I need constant internet access for it. Wifi is provided by Ubiquiti AC-LR, and my current router is an Edgerouter-X. Problem I'm running into is that when I turn on QoS for the edgerouter, it smooths out the lag spikes and bufferbloat, but caps at about 200 Mbps. I've been extremely happy with the edgerouter, but I would like to give this PFsense thing a whirl before I just drop a few hundred bucks on a new router.

I'm familiar with hardware and computers but fairly new to this type of networking. So other than QoS I'm not sure what I want. I'd like a DNS sinkhole like pihole. I'd like to create separate lans for the PCs and the IoT devices. I'll set up and run whatever ya'll suggest that makes sense. I also want a set and forget type of deal, I get it will need tweaking to run right, but I really don't want to have to monkey with anything routinely.

Thanks for the help and looking forward to learning about this!

DaddyGo

@redfox

Hi,

You’re in a good place, but don’t think it’ll be easy.
"To learn, to learn to learn, said Lenin" (really he said, and I'm not Russian :-))
https://en.wikipedia.org/wiki/Vladimir_Lenin

beginner curriculum:
https://docs.netgate.com/manuals/pfsense/en/latest/the-pfsense-book.pdf
https://www.youtube.com/channel/UC3Cq2kjCWM8odzoIzftS04A/videos

so, here’s which I would not recommend, because pfSense does it better:

@redfox "I'd like a DNS sinkhole like pihole."
instead = Unbound + pfBlockerNG-devel (these are part of pfSense)

"I get it will need tweaking to run right, but I really don't want to have to monkey with anything routinely."
It could be yours too, except the monkey, because is mine.

So if you have already developed your more specific ideas, please let us know and we will help.

BTW:
Everything you have described will work and be feasible, but not immediately and tomorrow - you know Lenin

redfox

Thanks for the feedback. See I didn't know that Unbound + pfBlockerNG-devel even existed. Anything else I should know?

What about my hardware choices?

mircolino

@redfox

i7 3770, Xeon E3-1225 v3...

Any of the above would probably be an overkill for pfSense alone and with a TDP of ~80W a waste of energy.

With one of those processor, 32GB of RAM, 80GB SSD and an Intel i350-T4 you could run a bare metal hypervisor (I'm using Windows Server Hyper-V) and virtualize pfSense, pihole and the controller for your Ubiquiti access point, with minimal latency and no loss of speed.

My internet is 940 Mbps down, 35 Mbps up.

If you have Comcast gigabit service and you happen to have a Motorola MB8600 modem you can get >1.2Gbps by aggregating (LACP) port 1 and 2 of the modem.
In pfSense then you'd apply CoDel limiters to the WAN interface to get a clean A+ quality/bufferbloat 1Gbps connection.

aGeekhere

Setup pfsense as your DNS server https://docs.netgate.com/pfsense/en/latest/dns/redirecting-all-dns-requests-to-pfsense.html

Setup to use cloudflare DNS over TLS with pfSense https://www.netgate.com/blog/dns-over-tls-with-pfsense.html

Proxy and web filtering https://forum.netgate.com/topic/100342/guide-to-filtering-web-content-http-and-https-with-pfsense-2-3/189

Enable UPnP & NAT-PMP

That should get you started

DaddyGo

@redfox

Hardware is a bit powerful for pfSense, but many use it in this form (old PC, MOBO, VM base, etc.)

The suggestions of the other posters are also good.

which I would highlight.... @aGeekhere "Enable UPnP & NAT-PMP"

doing so carefully, is one of the "enemies" of a firewalls - the UPnP & NAT-PMP

always separate the game machines to a "GAME VLAN" or similar separated interface

and only enable UPnP & NAT-PMP on this interface

redfox

@DaddyGo

could you elaborate on this part please:

@DaddyGo said in Which CPU to use and suggestions for getting started.:

@redfox
doing so carefully, is one of the "enemies" of a firewalls - the UPnP & NAT-PMP

always separate the game machines to a "GAME VLAN" or similar separated interface

and only enable UPnP & NAT-PMP on this interface

All of my home computers are also used for playing games. We all share access to a Synology NAS for files and stuff. How would your suggestion work in my situation?

DaddyGo

@redfox

let's go step by step
read this thread, here I describe exactly how to create the environment for game play:

https://forum.netgate.com/topic/153514/nat-issues-when-playing-games-on-two-computers

once you have interpreted and have a problem, write and I will help

++++edit:
@redfox "How would your suggestion work in my situation?"

playing can be dangerous behind a firewall as ports need to be opened
but with a good setup this shouldn't be a problem