Hardware of convenience



  • Hello, first post! ;D

    I've wanted to jump into the opensource firewall/router arena for a while and the purchase of a handy little NAS has freed up my old gentoo file server for some experimenting. Looked into Untangle and the hardware requirements seem unreal. That landed me here. The hardware requirements at pfsense.org suggest my athlon xp 2200+/512mb ram box should be more than plenty.

    I want the box to operate as a network gateway/firewall/router for my family. Basically the most strenuous home networking environment you can imagine: several computers, some downloading torrents while others play video games (so QoS is important), a couple of gaming consoles (for some reason the kids couldn't agree on one…), and everyone has a wifi phone nowadays, and when possible I like to have friends over for some good old fashioned lan party fun. I'd also like to be able to host a not quite so old fashioned VLAN party by having friends vpn to me, or even connect to pfsense boxes of their own so we can play network games.

    Other than that, I'm interested in protecting the family by blocking naughty bits of the internet, possible blocking of ads, possible logging of IM messages, and virus scanning.

    Can pfsense meet my needs? How well will it work for me on the athlon xp 2200+? I apologize if I've said anything which doesn't make much sense. I'm a computer engineer, but never really messed with network hardware/software (except typical linksys stuff) before and there are GOBS of acronyms/terminologies I'm not familiar with. Should also note that I'm on a typical home cable internet service provider.

    Thanks in advance,
    tr3



  • Well then sir (or Ma'am) your inthe right place, your box sounds like it could work, however could you provide more info about its specs?

    things like:

    RAM: (amount) _CPU speed: (GH/z or MH/z)
    NIC: type of network interface card (onboard, PCI card, etc)
    NIC chip set: (realtek, intel, amd, etc)
    and the card speed: (10, 100Mb/s, 1000MB/s [gigabit], etc)
    HDD (hard drive) type: standard disk drive (with spindle(s)) or SSD (solid state drive (or device), DOM, etc) [to help determine which version of PFsense you would want to use)

    that should help us networking guys better in determining if your box will be good or if you might need to consider differently_



  • To accomplish everything you mentioned (easily…) I recommend the one-two punch of pfSense and Untangle.  It'll require two boxes though.



  • from how I understood the OP (first post) he looked at that untangle and said that "it seemed too intensive" and was looking to see if PF sence could do what he needed (which it can) with out any thing else

    he wants it to act as a router and firewall (which is done natively) and also have a way to block unwanted sites (adult, ad ware, ads, etc) which can be done if the "DNS blacklist package is added in (can be done under the package menu then the proper update applied to the package to add the extra functionality if desired) which I have on mine and all together it handels the functions just fine with no issue and with extra power to boot if needed…

    @OP: if I am misunderstanding your question can you clarify more for me so I can get a better idea for what you wanting then?



  • @jaime:

    from how I understood the OP (first post) he looked at that untangle and said that "it seemed too intensive" and was looking to see if PF sence could do what he needed (which it can) with out any thing else

    Yah, I saw that.  But I still recommend both.  Untangle does virus scan, intrusion detection, ads, IM and Internet "naughtys".  That's more UTM territory.



  • ah ok I see now what your were going after….yea true point, but doesn't PFsense have the ability to UTM functions already? mine I have set up does the same things the OP seems to want similar if not the same things that I seem to be doing already with mine...sorry if I got confused...my bad.



  • Well then sir (or Ma'am) your inthe right place, your box sounds like it could work, however could you provide more info about its specs?

    sir
    512mb ram
    athlon xp 2200+ @ 1.8 GHz
    NICS: 2x  Intel PWLA8391GT (http://www.newegg.com/Product/Product.aspx?Item=N82E16833106121)
    HDD whatever old hard drive is in there. Probably some 250gb or so WD 7200rpm. I haven't looked in a while.

    To accomplish everything you mentioned (easily…) I recommend the one-two punch of pfSense and Untangle.  It'll require two boxes though.

    while I do like your one-two punch setup, the goal is to use my existing hardware. Reading about untangle, I would not be comfortable running it on anything less than an e5300 with 2gb rams. A system which would cost me around $370 to build and benchmarks around 4.62 times faster than my current xp2200+. The one two punch would still require this purchase. It's what I'm trying to avoid.

    @OP: if I am misunderstanding your question can you clarify more for me so I can get a better idea for what you wanting then?

    You've got it right. I know that untangle can do what I want, I just don't want to buy/build a new system to use it. I'm trying to find out if pfsense can do what I want on my existing hardware, and how well it will work. Also be nice to know what it can do that untangle can't and vice versa. I'm not exactly sure what each product's area of expertise is.

    That's more UTM territory.

    UTM?

    Thanks,
    tr3



  • UTM is short for "Unified Threat Management" system (IE firewall appliances, or other similar programs/devices meant to monitor your network for any thing unwanted and take action against such "threats" to either prevent them from causeing harm to your network or stop them from breaking into your network.



  • pfSense alone cannot do all the things you asked.  That is the short version.



  • Which of my desires will pfsense be unable to satisfy?
    Looks like the whole firewall/gateway/router and vpn/vlan setup will be just fine, fantastic even. QoS, check! Jaime says blocking nasties/ads can be done with a dns blacklist addon package (hopefully free). Snort supplies intrusion detection. Imspector takes care of protecting IMs.

    All that remains is virus scanning… If it means not having to buy new hardware, I can get by without it. I've got client anti-virus setup everywhere anyhow.

    In the future perhaps I'll go with valnar's one-two punch to add virus scanning. Actually valnar, can you explain the one-two punch benefit for my scenario? As far as I can tell the only feature adding an untangle box adds for me is virus scanning... Also, excepting virus scanning, why not just have one or the other?  Untangle has firewall/routing etc, why put pfsense in front of it? In one-two punch which tasks are delegated to which machine?

    my understanding so far:
    pfsense will do everything I want except virus scanning
    pfsense will fulfill my needs on my xp2200+ machine without slowing down -> still uncertain
    untangle does everything I want but requires new hardware
    there must be something pfsense does that untangle doesn't but I don't know what it is

    thanks for inputs so far,
    tr3


  • Rebel Alliance Developer Netgate

    You can also do web access protection by using squid+squidGuard packages on pfSense, and there are some blacklists out there for that, but they are not free for commercial use (though they are for home, iirc) And if you have squid installed you can also use the HAVP antivirus package.



  • well IIRC you can put a virus scanner on the PFSense box…not sure how well it will work but I remember seeing something that looked to be a virus type scanner...unless thats the squid guard thing I am thinking of...



  • It sounds to me like pfsense and untangle do pretty much the same things. Why have two machines when you can just have one do it all?

    tr3



  • @tr3buchet:

    It sounds to me like pfsense and untangle do pretty much the same things. Why have two machines when you can just have one do it all?

    tr3

    They don't really.  Just keeping reading on both forums or try them both.  pfSense is the better firewall.  Untangle is a UTM but basic firewall.  If you can just install one, pfSense is certainly it, but some functions either don't work as well as Untangle, or don't at all.

    I can see you are trying to get everyone to agree with you or talk you into pfSense as the God product of all time, but that's not going to happen.  They each have their strengths.



  • I can see you are trying to get everyone to agree with you or talk you into pfSense as the God product of all time, but that's not going to happen.  They each have their strengths.

    That's really not it at all. I've been trying to determine those strengths you mentioned! You pretty well summed it up there, just perfectly:
    pfsense -> firewall
    untangle -> UTM

    It sounds like both dabble around in each others respective territories a bit, but both are better in their own area.

    Now I know that I can get a little more into the pfsense stuff. Untangle probably seems to me to be more hardware intensive because UTM is naturally more hardware intensive than firewall. Makes perfect sense. So now I'm curious what exactly falls into the realm of firewall and what falls into the realm of UTM.

    My original post intentions sum up to:
    router/gateway
    QoS
    vpn
    blocking nasties (content filtering)
    blocking ads (also content filtering?)
    IM logging
    virus scanning/intrusion prevention

    Which of these things should I be doing with pfsense, which with untangle?

    tr3


Log in to reply