PFSense Machine

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › PFSense Machine

1 | 2 | 3

676 posts

Ultimate Geek

#501701 4-Aug-2011 00:01

As I mentioned earlier, I have a dual port Intel NIC, which I will use if I go the PFsense route: PRO/1000 MT server adaptor.

muppet

2571 posts

Uber Geek

Trusted

#501721 4-Aug-2011 07:02

I'm still curious what you actually plan to use it for. Otherwise we're all still just guessing at what we personally think is good.

Audiophiles are such twits! They buy such pointless stuff: Gold plated cables, $2000 power cords. Idiots.

OOOHHHH HYPERFIBRE!

PANiCnz

990 posts

Ultimate Geek

#502036 4-Aug-2011 17:24

I'm running pfSense on an HP Thin Client with the PCI expansion module, upgraded memory and a compact flash card to replace the DOM.

This thing uses hardly any power and runs like a champ.

I can't see the point in using a fullsize PC for a router, especially a multicore monster, the power usage would be huge for minimal gain.

For a SOHO environment you really don't need too much.

Oubadah

676 posts

Ultimate Geek

#502097 4-Aug-2011 19:00

muppet: I'm still curious what you actually plan to use it for.

Hosting large multiplayer (dedicated) servers without affecting anyone's browsing/streaming/usual internet tasks, and also heavy torrent usage.

And I want more access control features.

PANiCnz: I'm running pfSense on an HP Thin Client with the PCI expansion module, upgraded memory and a compact flash card to replace the DOM.

what model is this?

PANiCnz

990 posts

Ultimate Geek

#502113 4-Aug-2011 19:27

Similar to the t5300 but I can't remember the specific model number. Its one of the older ones with the crappy Transmeta CPU's. Got it from work for free.

The hard part is finding the PCI expansion module, had to get it from OZ they're pretty rare.

sbiddle

30853 posts

Uber Geek

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#502122 4-Aug-2011 19:40

IMHO if you're going to the hassle of buying a PC you may as well just buy a Mikrotik 750 for ~$70. There is a learning curve but you'll learn a lot about networking on the way.

mastapenguin

71 posts

Master Geek

#502130 4-Aug-2011 19:52

I have an Alix 2D3 running pfsense like a champ (http://pcengines.ch/alix2d3.htm). Got it shipped here for ~NZ200 and about 5 working days. Can't really ask for more and it hardly uses any power.

Another alternative I considered was getting an Asus RT-N16 and flashing Tomato firmware onto it. This is one of the more powerful consumer routers and you get the benefit of N-wireless.

I see you already have some server hardware you plan on running pfsense with. This will end up costing you a lot in your power bill though. A 100Watt PC running 24/7 could cost you an additional $10/mo+ in power or $120 annually.

I ended up going with the Alix board because:
+ Geode 800mhz processor is a lot more powerful than the N16's processor
+ Could install linux and use it for home server should I acquire a better router/modem
+ 3 Network interfaces + mini pci gives lots of connectivity options

Couple of shortcomings:
- Wireless costs extra. You have to buy a mini pci card. pfSense doesn't support wireless N yet. I just reused my old router as a wireless access point.
- Need a gigabit switch to get you the ethernet ports that would come standard with the N16 (I already had one)

Quic Broadband

Move to New Zealand's best fibre broadband service (affiliate link). Free setup code: R587125ERQ6VE. Note that to use Quic Broadband you must be comfortable with configuring your own router.

ArcticSilver

729 posts

Ultimate Geek

#502197 4-Aug-2011 23:16

All other options aside....

I have used (and still do use) PFSense at home for the last 3 or so years.

At the office where i work.

To fix a unreliable internet connection issue for a small-medimum sized business.

To connect to the PFSense box i use a Dynalink RTA1320 in half bridged mode. You can pick one of these up off trademe for bugger all ($5~).

For the PFSense box I have used multiple computers ranging from 500mhz upwards with 256mb's of RAM or more (however you can easily run it on less).

This combination has proven to be great for the telecom cabinets (as the modem is a broadcom chipset) and at the same time amazing for stability as the modem only acts as a modem and authentication (because of the half bridging) rather than a fully fledged router.

I am yet to have any issues with PFSense and uptime. My internet connection is reliable and consistant, even with heavy usage.

I would highly recommend it over most other products because it uses proper networking terminology and is coded extremely well. It is a extremely powerful product.

In my mind it doesnt even compare to the likes of Smoothwall Monowall etc.

Just as a side note, if you do use it make sure you enable the traffic shaper, otherwise you will have issues with your torrenting taking over etc.

Privoxy

132 posts

Master Geek

#503903 9-Aug-2011 14:55

I have a duel core 2.8Ghz with 4Gb of ram running PFsense...

The main reason its so grunty is I had no other need for the system... And its nice to be able to over load it with lots of useless packages you never really need or use ;)

I have a lot of stuff on there I do and don't use.

Snort
Squid
SquidGuard
LightSquid
OpenVPN

Are all very useful things depending on your needs but can take a bit more power than a small light box can produce.

I am actually having a few problems getting my PFsense box happy in a dual wan environment, so if anyone knows a bit about it, please flick me a message so I can pick your brain a bit.

ObidiahSlope

260 posts

Ultimate Geek

#503913 9-Aug-2011 15:03

This thread from the Christchurch Linux Users Group mail archive may be useful;

http://lists.canterbury.ac.nz/pipermail/linux-users/2011-July/001057.html

Obsequious hypocrite

Oubadah

676 posts

Ultimate Geek

#506818 15-Aug-2011 14:36

I am still undecided.

Will Tomato/DD-WRT allow me to create a filter that blocks internet traffic to all MAC addresses except those I specify?

PS. the key word there is 'internet', they should still be able to access the LAN even if I haven't specified their MAC.

Privoxy

132 posts

Master Geek

#506849 15-Aug-2011 15:21

This is a two second rule of PFsense - It is extremely easy to set rules for each IP address, MAC address, subnet, or adapter.

Have never used DD-WRT so cannot comment on that front.

Oubadah

676 posts

Ultimate Geek

#506918 15-Aug-2011 17:05

Privoxy: IP address, MAC address, subnet, or adapter.

Pardon my ignorance, but by adapter do you mean it can differentiate clients by their actual NIC hardware (making it impossible to bypass like one could by spoofing a MAC)?

1080p

1332 posts

Uber Geek
Inactive user

#506933 15-Aug-2011 17:45

@Privoxy, you have a PM regarding multiple WAN.

@Oubadah, I believe that by adapter is meant the pfSense machine's local NIC hardware. Just a guess, however.

Ragnor

8223 posts

Uber Geek

Trusted

#507072 16-Aug-2011 01:47

Oubadah:

Will Tomato/DD-WRT allow me to create a filter that blocks internet traffic to all MAC addresses except those I specify?

PS. the key word there is 'internet', they should still be able to access the LAN even if I haven't specified their MAC.

Yes TomatoUSB and DD-WRT have access restriction rules that will allow you to do this.

1 | 2 | 3