A Dumb Question



  • Hello,

    I have been looking into using pfsense and i have a few questions. This is strictly from a home user point of view  :)

    You have to use a modem. You'd want to use a good one. If you had a good modem/router why would you need a pc for dhcp and routing ?
    If you wanted to use it as a firewall there are plenty of hardware firewalls that are cheaper than or as cheap as pc's. You could also install pfsense on a vm on your own computer.

    I know i'm missing something here. Can somebody explain ?


  • Banned

    • Please, show me a good "modem" (Assuming you are talking about some xDSL router or such.) All those CPEs are dumb, unmaintained, buggy and dangerous shit with idiotic gapping holes unpatched (model EOLed, get a new one) or straight intentionally included backdoors.
    • Some ISPs don't let you even configure the thing at all.


  • @doktornotor:

    • Please, show me a good "modem" (Assuming you are talking about some xDSL router or such.) All those CPEs are dumb, unmaintained, buggy and dangerous shit with idiotic gapping holes unpatched (model EOLed, get a new one) or straight intentionally included backdoors.
    • Some ISPs don't let you even configure the thing at all.

    So you are saying the firmware is the issue and not the hardware ? I thought consumer dsl modems were crappy because they didnt have good hardware in them. Or is it both ?


  • Banned

    @mrt_sgr:

    So you are saying the firmware is the issue and not the hardware ?

    Absolutely. Even leaving the security and lack of features aside, the FW is often so buggy that it renders the HW absolutely unusable. Disable DHCP server - you can no longer configure anything. No matter you can have exactly one DHCP server on your network, but need multiple wireless APs to get the area covered. Designed by idiots.



  • @mrt_sgr:

    So you are saying the firmware is the issue and not the hardware ? I thought consumer dsl modems were crappy because they didnt have good hardware in them. Or is it both ?

    I think you may have hit the nail on the head with the word 'consumer'. Standard home DSL routers are designed to be usable by consumers, which in IT parlance equals 'users', which - in some circles - is synonymous with the word 'luddites'. Just like Windows machines, home DSL routers are meant for people who don't know/don't care about the security or reliability of their home network. All they want is for it to work when they plug it in and if it doesn't work they'll just trash it for something new and equally cheap and simple. To paraphrase a famous quote, "With Great Simplicity comes Great Sh*tness."



  • If you have something like ADSL, where the ISP is just using your telephone cable to provide the service, then you have to have some ADSL box that has a telephone-line connector and gives you ethernet RJ45. Same for other physical ways that you are provided with your internet, if the ISP is not giving you the dangling end of an RJ45 ethernet cable.
    For those things, the device that plugs to your phone line, rooftop antenna, incoming fiber… often can be a device that already has 4 "LAN" Ethernet RJ45, WiFi antenna, does NAT and DHCP... It is a home-user router. Because you are not going to (or very difficult to) find some hardware that runs pfSense and also has that special front-end physical connection, then you have to keep the front-end device anyhow, and put pfSense behind it.
    If you have no other needs than clients to get out to the internet with no restriction, and you think the front-end device is not back-doored or got huge security holes that let attacks from the outside get inside, then it just adds complexity to put pfSense also.

    If your ISP-provided interface is an ethernet cable end coming in your house, then you have to put something on that. And the something can be just a pfSense box. In that case you do not need 2 boxes in a chain - so it is easier to see that pfSense drops straight in.



  • I have been looking into using pfsense and i have a few questions. This is strictly from a home user point of view  :)
    This is the hardest group of customers in my eyes! They often don`t know what they want and really need, play with all
    given features, options and functions and all not going fast enough as they expect it.

    You have to use a modem. You'd want to use a good one.
    Fore sure with any lazy home plastic crappy home router you hav to do so too, or?
    But it is integrated.

    If you had a good modem/router why would you need a pc for dhcp and routing ?
    Who is telling you that a PC is needed? A small embedded board will do the job mostly
    better then the best atomic home routers. So please don`t compares apples and pears!!!
    The pfSense is like a real UTM device, and a home router is really thin and dump to configure
    from everybody without a pain! pfSense would be able to pimp up and tune for so many things
    that it is really dump to compare it to a home router. They have different fields of work where they
    will be placed inside.

    If you wanted to use it as a firewall there are plenty of hardware firewalls that are cheaper than or as cheap as pc's.
    For sure they are cheaper and offering each only a smaller or greater bunch of options, features or functions.
    But once more again pfSense & SquidGuard & Squid & HAVP & openDPI & Snort & FreeSwitch can be a;
    TrafficShaper, UTM device and HTTP proxy with AV Scan and AntiSpam, and this is not offered by a
    firewall from the rod.

    You could also install pfsense on a vm on your own computer.
    This is in my eyes one option more then another firewall will be able to serve you.

    I know i'm missing something here. Can somebody explain ?
    When the school holidays are ending?

    Mostly and urgent it is likes this;
    The router must fitting your needs and must matching reaching your goals!
    This is the most important thing in my eyes.

    • If you need a plain router with only SPI & NAT and some action above
      you go often with RouterOS, OpenWRT or DD-WRT. FreeWRT is EoL.
    • If you need more you could search for an easy to use firewall likes the
      following, IPCop, IPFire, ZeroShell, fli4l or pfSense. mOnOwall is EoL
    • If you need a real UTM device related to AVScan, AntiSpam and HTTP Proxy
      you will perhaps trying out, Untangle, IPFire, ZeroShell, or pfSense.
    • If you need a really big router and BGP is in the game you often go by
      using OpenBSD & OpenBGPD, Quagga or Vyatta. Zebra is EoL.
    • If you need redundancy and really balancing the whole load
      over more then one WAN interface on more then one Box you
      will be perhaps happy by using OpenBSD and ARP balance over
      CARP and if only thin redundancy is needed try pfSense.

    So as you can see from the lowest bottom to the highest top, pfSense
    is able to run for you, it is only depending on the Hardware you are
    able to buy and run.

    You are able to grab the oldest hardware from the electric dump court
    or the latest Xeon D-1540 platform from Supermicro and pfSense runs on it.


Log in to reply