New home pfsense build questions



  • Hello, new to the forum, and new to Pfsense!

    About 5 years ago I ran Smoothwall on an old P3 machine after having two dsl routers die on me.
    Run palo-alto PA3060 firewalls at work and also cisco ASA. Love the PA's.

    Recently setup a mid-range machine for my kids to play minecraft on, etc.

    Want to setup a spare machine of mine to act as a firewall.  Looking into pFsense.
    Features desired:

    -web content filtering
    filter out facebook, adult sites, etc
    Is it possible to force "safe search" on google searches and also content filter youtube?  I don't mind to allow kid friendly video's but filter out PG-13+.

    • layer 7 filtering.  How robust is this?

    • VPN - I have an IP camera that would be nice to access from the outside through VPN.  (only one or two max vpn sessions at a time)

    • dynamic dns - have an dyndns account, would like to use this to access the VPN

    • Run wifi access point , probably with captive portal. Is it better to use wifi-card attached to the firewall or use ethernet to a linksys router/AP.

    Hardware I have:
    AMD socket 939 opteron 148 (single core @ 2.5ghz)
    2GB RAM
    128GB SSD
    currently only onboard NIC but plan to add Intel PCI-E dual nic.

    AT&T u-verse 24megabit downstream internet connection.

    Will this hardware support the above features? Any comments are appreciated.



  • -web content filtering

    Squid & SquidGuard can do  this well.

    filter out facebook, adult sites, etc
    Is it possible to force "safe search" on google searches and also content filter youtube?  I don't mind to allow kid friendly video's but filter out PG-13+.

    Better to open an OpenDNS family Account for this.

    • layer 7 filtering.  How robust is this?

    Works good but it is "eating" much pwer and narrow down the performance from the
    entire pfSense box! A really power hungry service!!!
    An Intel dual core or quad core i3 or i5 would be sufficient to do that job right and
    delivers also much throughout to your network.

    • VPN - I have an IP camera that would be nice to access from the outside through VPN.  (only one or two max vpn sessions at a time)

    IPSec or OpenVPN would be no problem. A CPU with AES-NI support is pushing those action much.

    • dynamic dns - have an dyndns account, would like to use this to access the VPN

    Ok

    • Run wifi access point , probably with captive portal. Is it better to use wifi-card attached to the firewall or use ethernet to a linksys router/AP.

    If you have fancy new devices or you will need ac support you should better go with an external WiFi AP
    that can be then using the Captive Portal from pfSense also.

    Hardware I have:
    AMD socket 939 opteron 148 (single core @ 2.5ghz)
    2GB RAM
    128GB SSD
    currently only onboard NIC but plan to add Intel PCI-E dual nic.

    Pending on the named services and wishes I would be really looking to an Intel Core i3 or i5 CPU
    with quad cores or an Intel Atom C2x58 SoC.

    Since pfSense 2.2.x and above it is a better multi core support that makes it better for us all
    to profit from that feature. So why not going with a multi core CPU?

    Older hardware can be really running pfSense as a firewall with SPI/NAT and perhaps VPN jobs
    but then on top with Squid & SquidGuard & DPI & Snort there will be also mire need of power
    to get a good throughput out of the box.