Hardware thoughts when changing from Smoothwall to pfSense
-
I have been using Smoothwall now for over 12 years but AFTER I ordered the parts for my new router device, I am thinking of changing to pfSense. The motherboard I ordered was the Jetway NF9HG-2930 with initially 4GB of 1600MHz DDR3L PC3-12800 1.35V RAM. I know at least on the Smoothwall, hard drive volume does not need to be very big, as other than the operating system most of the rest is for logging purposes. This is why I only went with a 30GB mSATA module (mSATA module is capable of being faster than the motherboard interface, I don't think that will make much difference.)
When I ordered this, my plan was to install the 32-bit version of Smoothwall, as most of the modifications were written specifically for the 32-bit version. Because of that, I chose 4GB of RAM, knowing that there would be no point in adding more. Now that I am thinking of going to pfSense, it appears the way to go is 64-bit, so I'm wondering if I should go with another stick of 4GB of RAM for a total of 8GB… any advantage to upping RAM to 8GB from 4?
When it comes to my networking situation, my incoming network is a synchronous 100 Mbps connection with currently two static IP addresses. I currently use a mod for Smoothwall that allows me to route one of those IP addresses to my primary LAN while the other IP address goes to a specific server. For pfSense, will I need to install a mod to do this or is it a built-in function?
Another mod I use with Smoothwall is Zerina for OpenVPN. On my laptop, I like to set up a "road warrior" VPN connection, so I can access resources in my house, as well tunnel all traffic through my own firewall, as I frequently connect from a network with a very restrictive firewall (they block some websites, giving "medical information" as the reason it is blocked... when we are a health-care provider!). Will I need to install a mod for VPNing behind my firewall?
-
The pfSense installation (FreeBSD inside it with all the pfSense code bundled together) is very small also. Fits in 1GB. You only need the smallest SSD, unless you are planning to use a proxy cache package and want to cache ginormous amounts of stuff.
Unless you have bucket loads of interfaces, rules, aliases with millions of entries, proxy cache that you want to keep in-memory cache of lots of stuff,… there is no point in adding more RAM.
Use the 64-bit install anyway on 64-bit capable hardware. All the packages work on 32 or 64 bit installs.
You can create VIPs on WAN for extra public IPs, forward those inside to wherever you like. That is in the standard install.
OpenVPN is part of the standard install. You can easily set up a Road Warrior OpenVPN server. Then give it the pass rules that you wish to allow Road Warrior access to whatever inside LANs or hosts/ports you wish.