Overclock.net › Forums › Software, Programming and Coding › Networking & Security › pfsense box for added security...
New Posts  All Forums:Forum Nav:

pfsense box for added security...

post #1 of 13
Thread Starter 
So I was going to be adding a pfsense box for added security in my home network. I was led to this through doing more and more remote sessions. I was wondering about what would be a good setup to start with. I am not looking to do any site caching, or anything more that maybe use NAT filtering and IPSec with AES-NI utilizing a crypto accelerator card.

My internet connection at my house is ~100Mbps down and ~10Mpbs up. I do not have a static IP from my ISP.

I am very wary of using just RDRAND or Padlock. I was looking into pfsense because of FreeBSD Yarrow. Now from what I would think using pfsense solution, based on freebsd, would remove any doubts of using just RDRand\Padlock with the ability to also use Yarrow as a sort of double the entropy... rolleyes.gif

I was thinking of an ALIX box from Netgate: Netgate ALIX2D3-2D13 accompanied with a Soekris VPN1411 For a grand total of around $300ish would be a good idea as a starter solution to get my feet wet...?

I am wondering though if I could build something out of spare parts that would be better and longer lasting... Then just add in a PCIe cyrpto accelerator card and a dual port Intel Gigabit NIC...?
Intel build
(17 items)
 
  
CPUMotherboardGraphicsRAM
i7 860 gigabyte p55-ud6 gigabyte gv-n560oc-1gi Corsair Vengeance CMZ8GX3M2A1600C9 
Hard DriveHard DriveHard DriveOptical Drive
Crucial M4 WD Caviar Black WD Caviar Black LiteOn Lightscribe 24x 
CoolingOSMonitorMonitor
Thermaltake Frio Extreme CLP0587 Arch Linux x86_64 samsung 2243swx ASUS vs-248H-p 
KeyboardPowerCaseMouse
moditek led flex Seasonic 860Watt Platinum Antec Lanboy air razor death adder 
  hide details  
Reply
Intel build
(17 items)
 
  
CPUMotherboardGraphicsRAM
i7 860 gigabyte p55-ud6 gigabyte gv-n560oc-1gi Corsair Vengeance CMZ8GX3M2A1600C9 
Hard DriveHard DriveHard DriveOptical Drive
Crucial M4 WD Caviar Black WD Caviar Black LiteOn Lightscribe 24x 
CoolingOSMonitorMonitor
Thermaltake Frio Extreme CLP0587 Arch Linux x86_64 samsung 2243swx ASUS vs-248H-p 
KeyboardPowerCaseMouse
moditek led flex Seasonic 860Watt Platinum Antec Lanboy air razor death adder 
  hide details  
Reply
post #2 of 13
OEM Production: http://www.newegg.com/Product/Product.aspx?Item=N82E16856205007

Includes Intel Atom D2550, 2x Broadcom NICs, motherboard, case, and PSU for $130.

It has a x1 PCIe slot that is like 1/3 height. Since you are using a mPCIe, an adapter or ribbon cable may fit
Edited by DuckieHo - 1/6/14 at 2:03pm
Once again...
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 [4.28GHz, HT] Asus P6T + Broadcom NetXtreme II VisionTek HD5850 [900/1200] + Galaxy GT240 2x4GB G.Skill Ripjaw X [1632 MHz] 
Hard DriveOSMonitorKeyboard
Intel X25-M 160GB + 3xRAID0 500GB 7200.12 Window 7 Pro 64 Acer H243H + Samsung 226BW XARMOR-U9BL  
PowerCaseMouseMouse Pad
Antec Truepower New 750W Li Lian PC-V2100 [10x120mm fans] Logitech G9 X-Trac Pro 
  hide details  
Reply
Once again...
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 [4.28GHz, HT] Asus P6T + Broadcom NetXtreme II VisionTek HD5850 [900/1200] + Galaxy GT240 2x4GB G.Skill Ripjaw X [1632 MHz] 
Hard DriveOSMonitorKeyboard
Intel X25-M 160GB + 3xRAID0 500GB 7200.12 Window 7 Pro 64 Acer H243H + Samsung 226BW XARMOR-U9BL  
PowerCaseMouseMouse Pad
Antec Truepower New 750W Li Lian PC-V2100 [10x120mm fans] Logitech G9 X-Trac Pro 
  hide details  
Reply
post #3 of 13
Thread Starter 
Nice...! Thanks duckie! Yea I will check this out... thumb.gif

It would also give me the ability to use two HDD's in there as well.. Sounds like a good solution... All I would need is 2x4GB 1066MHz DDR3 ram... biggrin.gif

Would a USB thumb drive on a USB 2.0 header inside be an easy solution or should I put pfsense on a ssd/hdd instead??

I am a little bit worried about this ... If I wanted to add in like two HDDs/SSDs and a PCIe crypto accelerator card...
Quote:
DC12V 5A 60W Power Adapter
Intel build
(17 items)
 
  
CPUMotherboardGraphicsRAM
i7 860 gigabyte p55-ud6 gigabyte gv-n560oc-1gi Corsair Vengeance CMZ8GX3M2A1600C9 
Hard DriveHard DriveHard DriveOptical Drive
Crucial M4 WD Caviar Black WD Caviar Black LiteOn Lightscribe 24x 
CoolingOSMonitorMonitor
Thermaltake Frio Extreme CLP0587 Arch Linux x86_64 samsung 2243swx ASUS vs-248H-p 
KeyboardPowerCaseMouse
moditek led flex Seasonic 860Watt Platinum Antec Lanboy air razor death adder 
  hide details  
Reply
Intel build
(17 items)
 
  
CPUMotherboardGraphicsRAM
i7 860 gigabyte p55-ud6 gigabyte gv-n560oc-1gi Corsair Vengeance CMZ8GX3M2A1600C9 
Hard DriveHard DriveHard DriveOptical Drive
Crucial M4 WD Caviar Black WD Caviar Black LiteOn Lightscribe 24x 
CoolingOSMonitorMonitor
Thermaltake Frio Extreme CLP0587 Arch Linux x86_64 samsung 2243swx ASUS vs-248H-p 
KeyboardPowerCaseMouse
moditek led flex Seasonic 860Watt Platinum Antec Lanboy air razor death adder 
  hide details  
Reply
post #4 of 13
Is pfSense going to utilize Yarrow? It uses FreeBSD 8.x.
post #5 of 13
Quote:
Originally Posted by adramalech707 View Post

Nice...! Thanks duckie! Yea I will check this out... thumb.gif

It would also give me the ability to use two HDD's in there as well.. Sounds like a good solution... All I would need is 2x4GB 1066MHz DDR3 ram... biggrin.gif

Would a USB thumb drive on a USB 2.0 header inside be an easy solution or should I put pfsense on a ssd/hdd instead??

I am a little bit worried about this ... If I wanted to add in like two HDDs/SSDs and a PCIe crypto accelerator card...


Two HDDs will fit with some modding of the HDD tray BUT you will end up blocking needed airflow.

2x4GB is overkill.... 2GB is probably enough but 4GB if you really want to be sure. Remember, there is no dual channel support so you can get one large DIMM as well. Check eBay for 1066MHz DDR3 since they are pulled from so many older laptops.

USB should be fine for pFSense... just make sure to get the USB version of pfSense which lower the logging which wear out NAND. You can also get 10-20GB SATA 2.5" HDDs for less than $15 pulled from old XBoxes.


60w is plenty of power..... less than 20w for system... 8w for HDD spinup.... 2w for crypto card.
Once again...
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 [4.28GHz, HT] Asus P6T + Broadcom NetXtreme II VisionTek HD5850 [900/1200] + Galaxy GT240 2x4GB G.Skill Ripjaw X [1632 MHz] 
Hard DriveOSMonitorKeyboard
Intel X25-M 160GB + 3xRAID0 500GB 7200.12 Window 7 Pro 64 Acer H243H + Samsung 226BW XARMOR-U9BL  
PowerCaseMouseMouse Pad
Antec Truepower New 750W Li Lian PC-V2100 [10x120mm fans] Logitech G9 X-Trac Pro 
  hide details  
Reply
Once again...
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 [4.28GHz, HT] Asus P6T + Broadcom NetXtreme II VisionTek HD5850 [900/1200] + Galaxy GT240 2x4GB G.Skill Ripjaw X [1632 MHz] 
Hard DriveOSMonitorKeyboard
Intel X25-M 160GB + 3xRAID0 500GB 7200.12 Window 7 Pro 64 Acer H243H + Samsung 226BW XARMOR-U9BL  
PowerCaseMouseMouse Pad
Antec Truepower New 750W Li Lian PC-V2100 [10x120mm fans] Logitech G9 X-Trac Pro 
  hide details  
Reply
post #6 of 13
Thread Starter 
Quote:
Originally Posted by DuckieHo View Post

Two HDDs will fit with some modding of the HDD tray BUT you will end up blocking needed airflow.

2x4GB is overkill.... 2GB is probably enough but 4GB if you really want to be sure. Remember, there is no dual channel support so you can get one large DIMM as well. Check eBay for 1066MHz DDR3 since they are pulled from so many older laptops.

USB should be fine for pFSense... just make sure to get the USB version of pfSense which lower the logging which wear out NAND. You can also get 10-20GB SATA 2.5" HDDs for less than $15 pulled from old XBoxes.


60w is plenty of power..... less than 20w for system... 8w for HDD spinup.... 2w for crypto card.


Thanks for the info... Yea I did see about the hdd space and airflow... so yea.. probably no HDDs for awhile...

Quote:
Originally Posted by The Hundred Gunner View Post

Is pfSense going to utilize Yarrow? It uses FreeBSD 8.x.

Yea I did see FreeBSD 8.3 based support for 2.1 PfSense... So probably no Yarrow.. buttkick.gif
Intel build
(17 items)
 
  
CPUMotherboardGraphicsRAM
i7 860 gigabyte p55-ud6 gigabyte gv-n560oc-1gi Corsair Vengeance CMZ8GX3M2A1600C9 
Hard DriveHard DriveHard DriveOptical Drive
Crucial M4 WD Caviar Black WD Caviar Black LiteOn Lightscribe 24x 
CoolingOSMonitorMonitor
Thermaltake Frio Extreme CLP0587 Arch Linux x86_64 samsung 2243swx ASUS vs-248H-p 
KeyboardPowerCaseMouse
moditek led flex Seasonic 860Watt Platinum Antec Lanboy air razor death adder 
  hide details  
Reply
Intel build
(17 items)
 
  
CPUMotherboardGraphicsRAM
i7 860 gigabyte p55-ud6 gigabyte gv-n560oc-1gi Corsair Vengeance CMZ8GX3M2A1600C9 
Hard DriveHard DriveHard DriveOptical Drive
Crucial M4 WD Caviar Black WD Caviar Black LiteOn Lightscribe 24x 
CoolingOSMonitorMonitor
Thermaltake Frio Extreme CLP0587 Arch Linux x86_64 samsung 2243swx ASUS vs-248H-p 
KeyboardPowerCaseMouse
moditek led flex Seasonic 860Watt Platinum Antec Lanboy air razor death adder 
  hide details  
Reply
post #7 of 13
You can fit one HDD.... my Untangle router has been using the same HDD for 3+ years.
Once again...
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 [4.28GHz, HT] Asus P6T + Broadcom NetXtreme II VisionTek HD5850 [900/1200] + Galaxy GT240 2x4GB G.Skill Ripjaw X [1632 MHz] 
Hard DriveOSMonitorKeyboard
Intel X25-M 160GB + 3xRAID0 500GB 7200.12 Window 7 Pro 64 Acer H243H + Samsung 226BW XARMOR-U9BL  
PowerCaseMouseMouse Pad
Antec Truepower New 750W Li Lian PC-V2100 [10x120mm fans] Logitech G9 X-Trac Pro 
  hide details  
Reply
Once again...
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 [4.28GHz, HT] Asus P6T + Broadcom NetXtreme II VisionTek HD5850 [900/1200] + Galaxy GT240 2x4GB G.Skill Ripjaw X [1632 MHz] 
Hard DriveOSMonitorKeyboard
Intel X25-M 160GB + 3xRAID0 500GB 7200.12 Window 7 Pro 64 Acer H243H + Samsung 226BW XARMOR-U9BL  
PowerCaseMouseMouse Pad
Antec Truepower New 750W Li Lian PC-V2100 [10x120mm fans] Logitech G9 X-Trac Pro 
  hide details  
Reply
post #8 of 13
Thread Starter 
Quote:
Originally Posted by DuckieHo View Post

You can fit one HDD.... my Untangle router has been using the same HDD for 3+ years.

Would you say you like Untangle better the pfSense???
Intel build
(17 items)
 
  
CPUMotherboardGraphicsRAM
i7 860 gigabyte p55-ud6 gigabyte gv-n560oc-1gi Corsair Vengeance CMZ8GX3M2A1600C9 
Hard DriveHard DriveHard DriveOptical Drive
Crucial M4 WD Caviar Black WD Caviar Black LiteOn Lightscribe 24x 
CoolingOSMonitorMonitor
Thermaltake Frio Extreme CLP0587 Arch Linux x86_64 samsung 2243swx ASUS vs-248H-p 
KeyboardPowerCaseMouse
moditek led flex Seasonic 860Watt Platinum Antec Lanboy air razor death adder 
  hide details  
Reply
Intel build
(17 items)
 
  
CPUMotherboardGraphicsRAM
i7 860 gigabyte p55-ud6 gigabyte gv-n560oc-1gi Corsair Vengeance CMZ8GX3M2A1600C9 
Hard DriveHard DriveHard DriveOptical Drive
Crucial M4 WD Caviar Black WD Caviar Black LiteOn Lightscribe 24x 
CoolingOSMonitorMonitor
Thermaltake Frio Extreme CLP0587 Arch Linux x86_64 samsung 2243swx ASUS vs-248H-p 
KeyboardPowerCaseMouse
moditek led flex Seasonic 860Watt Platinum Antec Lanboy air razor death adder 
  hide details  
Reply
post #9 of 13
Quote:
Originally Posted by adramalech707 View Post

Would you say you like Untangle better the pfSense???

To be honest, I haven't used pfSense much.

I had originally select Untangle years ago since I had more than enough hardware to run it and it had easier anti-malware/spam packages at the time. Untangle is GUI click to install. I'm not scared of CLI (I work on RHEL CLI all day long) but sometimes you want things to just work and not have to worry about reading through forums and manuals.

pfSense has better QoS and free squid caching. However, Untangle's QoS is much better now and I don't need caching.
Edited by DuckieHo - 1/8/14 at 6:54am
Once again...
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 [4.28GHz, HT] Asus P6T + Broadcom NetXtreme II VisionTek HD5850 [900/1200] + Galaxy GT240 2x4GB G.Skill Ripjaw X [1632 MHz] 
Hard DriveOSMonitorKeyboard
Intel X25-M 160GB + 3xRAID0 500GB 7200.12 Window 7 Pro 64 Acer H243H + Samsung 226BW XARMOR-U9BL  
PowerCaseMouseMouse Pad
Antec Truepower New 750W Li Lian PC-V2100 [10x120mm fans] Logitech G9 X-Trac Pro 
  hide details  
Reply
Once again...
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 [4.28GHz, HT] Asus P6T + Broadcom NetXtreme II VisionTek HD5850 [900/1200] + Galaxy GT240 2x4GB G.Skill Ripjaw X [1632 MHz] 
Hard DriveOSMonitorKeyboard
Intel X25-M 160GB + 3xRAID0 500GB 7200.12 Window 7 Pro 64 Acer H243H + Samsung 226BW XARMOR-U9BL  
PowerCaseMouseMouse Pad
Antec Truepower New 750W Li Lian PC-V2100 [10x120mm fans] Logitech G9 X-Trac Pro 
  hide details  
Reply
post #10 of 13
Thread Starter 
Quote:
Originally Posted by DuckieHo View Post

To be honest, I haven't used pfSense much.

I had originally select Untangle years ago since I had more than enough hardware to run it and it had easier anti-malware/spam packages at the time. Untangle is GUI click to install. I'm not scared of CLI (I work on RHEL CLI all day long) but sometimes you want things to just work and not have to worry about reading through forums and manuals.

pfSense has better QoS and free squid caching. However, Untangle's QoS is much better now and I don't need caching.

Precisely my use case as well. I don't really need caching... I guess it will end up being a hard question I ask myself... Untangled vs pfSense... I am probably leaning towards pfSense to get a feel of it, and then if I feel pfSense doesn't have what I need and Untangle targets my requirements better I might change over... I do like pfSense being in the realm of FOSS...biggrin.gif
Intel build
(17 items)
 
  
CPUMotherboardGraphicsRAM
i7 860 gigabyte p55-ud6 gigabyte gv-n560oc-1gi Corsair Vengeance CMZ8GX3M2A1600C9 
Hard DriveHard DriveHard DriveOptical Drive
Crucial M4 WD Caviar Black WD Caviar Black LiteOn Lightscribe 24x 
CoolingOSMonitorMonitor
Thermaltake Frio Extreme CLP0587 Arch Linux x86_64 samsung 2243swx ASUS vs-248H-p 
KeyboardPowerCaseMouse
moditek led flex Seasonic 860Watt Platinum Antec Lanboy air razor death adder 
  hide details  
Reply
Intel build
(17 items)
 
  
CPUMotherboardGraphicsRAM
i7 860 gigabyte p55-ud6 gigabyte gv-n560oc-1gi Corsair Vengeance CMZ8GX3M2A1600C9 
Hard DriveHard DriveHard DriveOptical Drive
Crucial M4 WD Caviar Black WD Caviar Black LiteOn Lightscribe 24x 
CoolingOSMonitorMonitor
Thermaltake Frio Extreme CLP0587 Arch Linux x86_64 samsung 2243swx ASUS vs-248H-p 
KeyboardPowerCaseMouse
moditek led flex Seasonic 860Watt Platinum Antec Lanboy air razor death adder 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › pfsense box for added security...