Results 1 to 6 of 6

Thread: pfSense - Free Router/Firewall/IDS that you can install on your old junky computer

  1. #1
    The very model of a modern Moderator Xiahou's Avatar
    Join Date
    Aug 2002
    Location
    in the cloud.
    Posts
    9,007

    Default pfSense - Free Router/Firewall/IDS that you can install on your old junky computer

    I had read about pfSense a while ago, but only recently did I decide to test it out on an old Thinkpad I had.

    I found it to be awesome, and it has now replaced my Buffalo WZR-HP-G300NH as my home router/firewall. So why is it great? It's loaded with features, fully customizable, and simple to use.

    I've added the Unbound DNS and the Snort Intrusion Detection packages to it for added awesome. Plus it has charts!

    Click image for larger version. 

Name:	traffic.PNG 
Views:	346 
Size:	35.5 KB 
ID:	13769
    24hr traffic graph

    Click image for larger version. 

Name:	livetraffic.PNG 
Views:	262 
Size:	16.3 KB 
ID:	13770
    Live traffic (while streaming Netflix)

    Click image for larger version. 

Name:	pfSense.PNG 
Views:	348 
Size:	92.8 KB 
ID:	13771
    Status Dashboard (heavily redacted)


    Anyhow, I thought I'd share this in case anyone else out there was hungry for something more in a home firewall. Cheers!
    Last edited by Xiahou; 07-30-2014 at 23:48.
    "Don't believe everything you read online."
    -Abraham Lincoln

  2. #2
    Iron Fist Senior Member Husar's Avatar
    Join Date
    Jan 2003
    Location
    Germany
    Posts
    15,617

    Default Re: pfSense - Free Router/Firewall/IDS that you can install on your old junky compute

    What is this? An alternative router firmware? Do you need to set up a separate firewall computer/server for this?
    It certainly doesn't look like a windows executable that could replace avira or so.


    "Topic is tired and needs a nap." - Tosa Inu

  3. #3
    The very model of a modern Moderator Xiahou's Avatar
    Join Date
    Aug 2002
    Location
    in the cloud.
    Posts
    9,007

    Default Re: pfSense - Free Router/Firewall/IDS that you can install on your old junky compute

    Quote Originally Posted by Husar View Post
    What is this? An alternative router firmware? Do you need to set up a separate firewall computer/server for this?
    It certainly doesn't look like a windows executable that could replace avira or so.
    pfSense is an operating system based on freeBSD. So you'd install it on a computer and that computer would take the place of your router/firewall appliance(Linksys, Netgear, DLink, whatever). It offers features, customization and security options that exceed just about anything short of enterprise-level firewalls... and it's free.

    Typically, you'd want to run it on a PC that has 2 network cards in it. One for your outside connection to your ISP and one for your internal LAN. That was my original plan, but the desktop I was going to use draws about 75Watts of electricity when idling. I tried an old thinkpad instead, and found it only uses about 24W. The problem was, it only had one ethernet port built in. I got around that by buying a cheap managed switch that supports 802.1q VLANs. I'd been wanting one anyhow, so this provided the justification I needed to finally get it. So, I configured the network interface on the laptop with 3 VLANs, Inside (LAN), Outside (ISP), and a guest network, and then I setup the switch with the same corresponding VLANs. I'm using a dedicated access point for wireless right now, but I also tested out using the laptop's wireless as an access point and it seemed to work well too.

    It may sound complicated, but I actually found it to be pretty intuitive. The most time I've spent trying to get something working has been for its DNS server to correctly resolve LAN hosts (which seems to be working great now), but that's something that's entirely optional. I think anyone with a reasonable amount of networking experience could use and benefit from this.
    Last edited by Xiahou; 08-01-2014 at 13:43.
    "Don't believe everything you read online."
    -Abraham Lincoln

    Member thankful for this post:

    Lemur 


  4. #4
    The very model of a modern Moderator Xiahou's Avatar
    Join Date
    Aug 2002
    Location
    in the cloud.
    Posts
    9,007

    Default Re: pfSense - Free Router/Firewall/IDS that you can install on your old junky compute

    Just an another example of the kind of visibility and control you can get into your networks when you're using something like this....

    My wireless access point is an Aruba RAP3, that I got to keep after a training I took a while back. Very feature rich for a 2.4Ghz AP- I've been pretty happy with it. But, yesterday(thanks to pfSense), I noticed that it's making encrypted connections back to Aruba HQ and sending who knows what data to them. It's probably not that big a deal, but there's no reason for an AP to be connected directly to anything on the Internet. So... I made a new firewall rule on the LAN interface and *BAM*, no more Internet access for the RAP3.

    Similarly, I learned that, by default, Roku boxes perform frequent trace routes to monitor your Internet connection. A quick Google search later, and I've disabled that function on my home Roku's. Again, definitely not a big deal- but it doesn't need to be doing it, so I stopped it.
    "Don't believe everything you read online."
    -Abraham Lincoln

  5. #5
    Iron Fist Senior Member Husar's Avatar
    Join Date
    Jan 2003
    Location
    Germany
    Posts
    15,617

    Default Re: pfSense - Free Router/Firewall/IDS that you can install on your old junky compute

    Stopping their glorious marketing efforts is certainly not going to help the economy.

    It does sound interesting but I don't think I want to run an extra machine just for that, especially since my router also includes the modem and splitter and everything anyway.


    "Topic is tired and needs a nap." - Tosa Inu

    Member thankful for this post:

    Xiahou 


  6. #6
    The very model of a modern Moderator Xiahou's Avatar
    Join Date
    Aug 2002
    Location
    in the cloud.
    Posts
    9,007

    Default Re: pfSense - Free Router/Firewall/IDS that you can install on your old junky compute

    Quote Originally Posted by Husar View Post
    Stopping their glorious marketing efforts is certainly not going to help the economy.

    It does sound interesting but I don't think I want to run an extra machine just for that, especially since my router also includes the modem and splitter and everything anyway.
    Thought I'd mention, it also has a LiveCD so you can try it out by booting to CD without actually having to install it anywhere.
    "Don't believe everything you read online."
    -Abraham Lincoln

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Single Sign On provided by vBSSO