Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    New home pfsense build questions

    Scheduled Pinned Locked Moved Hardware
    2 Posts 2 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Z
      Zamunda
      last edited by

      Hello, new to the forum, and new to Pfsense!

      About 5 years ago I ran Smoothwall on an old P3 machine after having two dsl routers die on me.
      Run palo-alto PA3060 firewalls at work and also cisco ASA. Love the PA's.

      Recently setup a mid-range machine for my kids to play minecraft on, etc.

      Want to setup a spare machine of mine to act as a firewall.  Looking into pFsense.
      Features desired:

      -web content filtering
      filter out facebook, adult sites, etc
      Is it possible to force "safe search" on google searches and also content filter youtube?  I don't mind to allow kid friendly video's but filter out PG-13+.

      • layer 7 filtering.  How robust is this?

      • VPN - I have an IP camera that would be nice to access from the outside through VPN.  (only one or two max vpn sessions at a time)

      • dynamic dns - have an dyndns account, would like to use this to access the VPN

      • Run wifi access point , probably with captive portal. Is it better to use wifi-card attached to the firewall or use ethernet to a linksys router/AP.

      Hardware I have:
      AMD socket 939 opteron 148 (single core @ 2.5ghz)
      2GB RAM
      128GB SSD
      currently only onboard NIC but plan to add Intel PCI-E dual nic.

      AT&T u-verse 24megabit downstream internet connection.

      Will this hardware support the above features? Any comments are appreciated.

      1 Reply Last reply Reply Quote 0
      • ?
        Guest
        last edited by

        -web content filtering

        Squid & SquidGuard can do  this well.

        filter out facebook, adult sites, etc
        Is it possible to force "safe search" on google searches and also content filter youtube?  I don't mind to allow kid friendly video's but filter out PG-13+.

        Better to open an OpenDNS family Account for this.

        • layer 7 filtering.  How robust is this?

        Works good but it is "eating" much pwer and narrow down the performance from the
        entire pfSense box! A really power hungry service!!!
        An Intel dual core or quad core i3 or i5 would be sufficient to do that job right and
        delivers also much throughout to your network.

        • VPN - I have an IP camera that would be nice to access from the outside through VPN.  (only one or two max vpn sessions at a time)

        IPSec or OpenVPN would be no problem. A CPU with AES-NI support is pushing those action much.

        • dynamic dns - have an dyndns account, would like to use this to access the VPN

        Ok

        • Run wifi access point , probably with captive portal. Is it better to use wifi-card attached to the firewall or use ethernet to a linksys router/AP.

        If you have fancy new devices or you will need ac support you should better go with an external WiFi AP
        that can be then using the Captive Portal from pfSense also.

        Hardware I have:
        AMD socket 939 opteron 148 (single core @ 2.5ghz)
        2GB RAM
        128GB SSD
        currently only onboard NIC but plan to add Intel PCI-E dual nic.

        Pending on the named services and wishes I would be really looking to an Intel Core i3 or i5 CPU
        with quad cores or an Intel Atom C2x58 SoC.

        Since pfSense 2.2.x and above it is a better multi core support that makes it better for us all
        to profit from that feature. So why not going with a multi core CPU?

        Older hardware can be really running pfSense as a firewall with SPI/NAT and perhaps VPN jobs
        but then on top with Squid & SquidGuard & DPI & Snort there will be also mire need of power
        to get a good throughput out of the box.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.