Jump to content

Welcome to ExtremeHW

Welcome to ExtremeHW, like most online communities you must register to view or post in our community, but don't worry this is a simple free process that requires minimal information for you to signup. Be a part of ExtremeHW by signing in or creating an account.

  • Start new topics and reply to others
  • Subscribe to topics and forums to get email updates
  • Get your own profile page and make new friends
  • Send personal messages to other members.
  • Take advantage of site exclusive features.
IGNORED

the pfense club


cscoder4ever
 Share

Recommended Posts

opnsense users are okay to post here too lmao.

 

It would be grand if you could post:

  • Specs of the computer running pfsense/opnsense
  • What you use it for mainly (gaming, home office, etc)
  • Number of hosts in your LAN
  • Any observations or other stuff you think is awesome

I'll kick us off

 

Specs of my firewall:

CPU: A10-5800K

mobo: MSI A88XM-E45

RAM: G.Skill 8GB ripjaws DDR3 2133

OS drive: SP 120GB Sata SSD

PSU: Corsair CX 430M

NIC: HP NC360T dual Intel gigabit PCI card

Case: Fractal Design Core 1100

 

I use it like I would a normal router, but I also incorporate it for use in homelab-specific activities.

 

Currently there are about 7 machines connected, but this will go down in good time.

 

pfsense is great, pretty much the best way to get and use a firewall without having

to go down the proprietary path!

  • Thanks 1
Link to comment
Share on other sites

Just as a headsup you can use google docs to record your club members and embed here, just another option.

 

I personally have looked into pfense but wondered how complicated it was to setup and maintain ? Unfortunately my time these days is at a premium and while I love the idea of pfense, it would not be something I could dedicate too much time to unfortunately. Does it have a wizard like interface ? Is it relatively easy to navigate ?

 

Thanks,

E

Link to comment
Share on other sites

Ah had to type my reply twice. Quoted Enterprise and it deleted what I had already typed X_X

  • Specs: Old tiny dell optiplex BTX lga 775 rig. Upgraded the pentium to a core 2 duo and bumped it up to 6gb DDR3 1333. Runs well enough for a one man operation. I like the rig because it's so tiny.
  • Use : Router and firewall, pfblocker is the best, it's like a grandiose scale pi-hole and takes minutes to set up
  • Hosts : 3-5 usually, adding a nas to the mix soon.. might have to bump up to newer hardware when that happens
  • Comments: Stupid easy to set up. Seriously, of all the "enterprisey" (edit: how coincidental that I said this then quoted Enterprise...) things I've done for a homelab, pfsense is by far the easiest to get running on a basic level.

Just as a headsup you can use google docs to record your club members and embed here, just another option.

 

I personally have looked into pfense but wondered how complicated it was to setup and maintain ? Unfortunately my time these days is at a premium and while I love the idea of pfense, it would not be something I could dedicate too much time to unfortunately. Does it have a wizard like interface ? Is it relatively easy to navigate ?

 

Thanks,

E

 

It's SUPER easy to set up and maintenance is practically nil. I think the only possible variable is if you have a NIC that doesn't get along with pfsense, but even the broadcom crap built into my old dell works fine. Most people will suggest buying Intel NICs for best compatibility. You literally just plug your WAN in into one jack, LAN out into another, install pfsense (can mostly blind spam enter), tell it which port is for what (LAN or WAN), and you're done.. It will do everything else automatically. If you don't want multiple LANs and IP ranges, it's not something you even have to worry about. It's as complex as you need it to be IMO. The only change I made for mine was a default range in the 192.168.2.xxx range since another part of the house is on 192.168.1.xxx through another router.

 

Navigation is as easy as the router you're already used to, just go into a browser on any of the pcs connected to it and put in the IP. All I did after getting mine running was install the pfblocker plugin (using said web interface), then google searched for up to date lists of known IPs to block, pasted them in and that was that.. the rig just sits in the corner of the room doing its thing with no monitor or keyboard hooked up.

 

In short, few hours at best of tinkering and then you can forget it for a long period of time. It's been months since I've touched mine.

 

tip: don't forget to ipconfig /release and ipconfig /renew your windows desktops :p

Edited by 486
  • Thanks 1
Link to comment
Share on other sites

Ah had to type my reply twice. Quoted Enterprise and it deleted what I had already typed X_X

  • Specs: Old tiny dell optiplex BTX lga 775 rig. Upgraded the pentium to a core 2 duo and bumped it up to 6gb DDR3 1333. Runs well enough for a one man operation. I like the rig because it's so tiny.
  • Use : Router and firewall, pfblocker is the best, it's like a grandiose scale pi-hole and takes minutes to set up
  • Hosts : 3-5 usually, adding a nas to the mix soon.. might have to bump up to newer hardware when that happens
  • Comments: Stupid easy to set up. Seriously, of all the "enterprisey" (edit: how coincidental that I said this then quoted Enterprise...) things I've done for a homelab, pfsense is by far the easiest to get running on a basic level.

 

 

It's SUPER easy to set up and maintenance is practically nil. I think the only possible variable is if you have a NIC that doesn't get along with pfsense, but even the broadcom crap built into my old dell works fine. Most people will suggest buying Intel NICs for best compatibility. You literally just plug your WAN in into one jack, LAN out into another, install pfsense (can mostly blind spam enter), tell it which port is for what (LAN or WAN), and you're done.. It will do everything else automatically. If you don't want multiple LANs and IP ranges, it's not something you even have to worry about. It's as complex as you need it to be IMO. The only change I made for mine was a default range in the 192.168.2.xxx range since another part of the house is on 192.168.1.xxx through another router.

 

Navigation is as easy as the router you're already used to, just go into a browser on any of the pcs connected to it and put in the IP. All I did after getting mine running was install the pfblocker plugin (using said web interface), then google searched for up to date lists of known IPs to block, pasted them in and that was that.. the rig just sits in the corner of the room doing its thing with no monitor or keyboard hooked up.

 

In short, few hours at best of tinkering and then you can forget it for a long period of time. It's been months since I've touched mine.

 

tip: don't forget to ipconfig /release and ipconfig /renew your windows desktops :p

 

Thanks for the insights bud. As you say, sounds like its as complicated as you make it. If I was going to go that route I would likely get myself a few NICs just for the sake of flexibility etc. I've noted Intel nics for best compatibility :)

Link to comment
Share on other sites

VM's are useful for failover and backups. Dedicated box is certainly one way to go but VM's do have their benefits, especially for server applications.

Link to comment
Share on other sites

Oh sick I have this lol

 

CPU: Intel Xeon E3-1240 V5

CPU Cooler: Silverstone Argon AR09-115XS

Motherboard: Supermicro MBD-X11SSM-F-O

Memory: Kingston ValueRAM 8 GB (1 x 8 GB) DDR4-2400

Storage: Samsung 850 EVO-Series 250 GB

Power Supply: Corsair SF 450 W 80+ Gold

Case: Jeffinslaw Project mATX

Wired Network Adapter: Intel EXPI9301CT x1 NIC

Wired Network Adapter: Intel EXPI9402PT x2 NIC

Cooling: Noiseblocker ITR-B12-P - NB-eLoop x2

 

Running baremetal pfSense.

OpenVPN Server

Router-on-a-stick multi-VLAN config

Link to comment
Share on other sites

 

No watercooling here. The cooler is a 60mm server cooler lol

 

I think the name of those noiseblocker fans are easily confused ... "loop"...

 

I also need to re-read what a router on a stick is. Either I'm over thinking it or it's just multiple vlans hooked into a single switch, switch back into the router

 

silly networking peoplez :p

Link to comment
Share on other sites

 

I think the name of those noiseblocker fans are easily confused ... "loop"...

 

I also need to re-read what a router on a stick is. Either I'm over thinking it or it's just multiple vlans hooked into a single switch, switch back into the router

 

silly networking peoplez :p

 

More or less. Router on a stick is multiple vlans connected to a router on a single interface ( or 1 interface per router if running a redundant solution ). Usually it involves configuring 802.1q/LACP, but on pfSense, there is no native VLAN.

 

I am considering doing a writeup for the chip collective of my multi-VM, multi-VLAN, single hypervisor box solution, because I definitely had some wierdness getting everything going.

Link to comment
Share on other sites

Not set up for pfsense yet, been researching my build for it. Figured I'd share one of the more detailed resources I've come across with respect to thin mini-itx boards, which the op started the end of 2015 and has continued to update since:

 

Thin Mini-ITX Motherboard Overview

Thin Mini-ITX Motherboard Overview [updated Aug 2019]

Link to comment
Share on other sites

If it the Core 2 Quad has the AES-NI instruction set, it should work great!

 

On the other hand though, if it doesn't, there is always OPNSense.

 

Not that PFSense is enforcing that right now, or even in the next release, but it sounds like they may very well so.. yeah.

Link to comment
Share on other sites

The great thing about Pfsense and its general purpose, low end/dated hardware within reason will perform just fine. Perfect for re-purposing that old rig sitting in the corner gathering dust !

Link to comment
Share on other sites

The great thing about Pfsense and its general purpose, low end/dated hardware within reason will perform just fine. Perfect for re-purposing that old rig sitting in the corner gathering dust !

 

Indeed. The only reason why I upgraded to modern hardware was due to OpenVPN encryption bogging down resources once our Internet speed increased above 100 Mbps.

 

And even then, I still bought a used Xeon of ebay lol

Link to comment
Share on other sites

  • 5 months later...
don't listen to him, Captain 3950X wants all the overkill for himself.

 

Captain....hmmm I like that. However on a more serious point. Pfense is a networking related product and not something that needs bulky cooling, so you can certainly get that into a compact environment. For me personally I would love to have a pfense box fit nicely on a shelf. However I completely get repurposing a desktop you already have around. No point spending money if you do not need to.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share


×
×
  • Create New...

Important Information

This Website may place and access certain Cookies on your computer. ExtremeHW uses Cookies to improve your experience of using the Website and to improve our range of products and services. ExtremeHW has carefully chosen these Cookies and has taken steps to ensure that your privacy is protected and respected at all times. All Cookies used by this Website are used in accordance with current UK and EU Cookie Law. For more information please see our Privacy Policy