pfSense low-power firewall - my build

ChrisK

En-Route
Joined
Sep 9, 2011
Messages
4,511
Location
Medina, OH
Display Name

Display name:
Toph
If anyone has any questions, wants help building something like this, or just wants to offer me advice, please don't hesitate to reply or PM me!

I have had a Smoothwall Express based firewall running on a 1GB RAM Pentium 4 that I got for free many years ago. It got to the point where I was having trouble upgrading the software, so I decided to replace it with a new system.

Background - There are 7 people living in my house, including two adult children (they're both working and going to school), so controlling and shaping my bandwidth is pretty important. I pay about $110/month JUST FOR INTERNET :)eek:), which I kinda offset / justify by the fact that I'm a long-time IT consultant.. Don't burst my bubble. I've always been interested in SOHO hardware for home use!

What I hope to gain
I have a few problems I'm trying to solve. First, I have some kids in the house who are pretty technical and don't always understand the ramifications of what they do, so being able to monitor and block things like bittorrent or capture virus-laden or suspicious web sites before they show up in the browser is pretty important to me. Secondly, having a good intrusion detection system is nice. Thirdly, when things DO go wrong on the network, I want to figure out why, and shape / block traffic so that we are all good neighbors. Finally, some of the out-of-the-box features (like VPN and traffic monitoring) are really nice to have.

Build / Buy Options
  1. Chuck the firewall idea and just use a router
  2. Buy a firewall / network protection box
  3. Buy a new box and install software
  4. Buy a bunch of pieces and build my own
Since I like tinkering, I went with option 4.

My shopping list
Note - these are affiliate links only because I was having a little fun. If y'all buy anything using them, I'll give the gift card back to POA management if they'll take it ;)

For software, I went with pfSense. Keep in mind that they sell almost exactly the box I built at a slightly increased cost of $300, but my build has 30x the storage and 4x the ram, and I thought that made it worth building it. Besides, if I really needed help, I can buy support from pfSense even for my own box, though at the prices they charge, probably not. They do have a nice community, and all of the code is open source and available.

The build took me about 20 minutes, and I'm convinced if I had to do it again, I could do it in under 10. I've added some photos here:

Image gallery


I know they're horrible, but I had the thing installed before it occurred to me to take pictures. Incidentally I accidentally bumped the power button while taking these pictures, annoying my wife in the process =)

Probably one of the nicest packages that I installed on the pfSense firewall is something called ntop:

ntop.png


It tells me at a glance what is going on with my network, and allows me to drill down on individual hosts by protocol or remote site. The real win here is that if someone's PC gets owned by Russian hackers who make it part of a botnet, I'll get an email.
 
Back
Top