Overclock.net banner

The pfsense Club

59K views 562 replies 86 participants last post by  Prophet4NO1 
#1 ·
Clubs seem to be popular on OCN so I'll start one for everyone using pfsense!

For those not familiar with what pfsense is all about, you can visit the pfsense website.

Essentially, pfsense is a tiny distribution of FreeBSD that works as a router + firewall, and provides other goodies.

Social Group on OCN: The pfsense Club

For club members, your first post should include:
  • Specs of the PC running pfsense
  • What you use it for mainly (gaming, home office, etc)
  • Number of PC's in your LAN
  • Any observations or other stuff you think is interesting
Anyway, here goes:

PC: Dell Dimension 2400, 2.4ghz celeron, 256MB DDR266, 12GB Quantam Bigfoot HDD (5.25", laugh it up, I know I know), integrated 10/100 NIC WAN adapter, Rosewill RC-400-LX gigabit NIC LAN adapter. The pfsense box and the cable modem are hooked up to an APC BackUPS Pro 650, which will last somewhere close to several hours on battery.

Its used mostly for gaming but I run several services on it such as FTP and Subversion for my own open-source projects. Right now there are only 3 PCs hooked up to it, but if I hosted any LAN parties in my apartment I have a feeling it would work wonders.

I went with pfsense because the software DuckieHo was using (Untangle) has ridiculously high hardware requirements which this Dell Dimension 2400 didn't meet. pfsense uses about 25% of my 256MB and I haven't seen it go above 10% CPU utilization even under load. Plus, its a 50MB ISO download (vs 600MB for Untangle).
 
See less See more
#2 ·
I run it on an old rig, 700mhz, 1GB RAM, 10GB HD, 100mb/s NIC. I have my torrentbox/webserver running 24/7, lots of other computers, and two wireless routers. The traffic shaping is really nice, along with time-based firewall rules. Its also setup to use dyndns.org so I don't have to remember what my home IP address is to administer my server and ssh into my boxes. I plan on building a cluster sometime in the future so it will support that too. Untangle refused to install on it, but I get the feeling its pretty bloated anyway.
 
#3 ·
pfSense is truly the best if all you want is a firewall with more features.

I'm actually running in off a compact flash card inside a VM on an ESXi host (yes you read that right). I delegated 512 of ram, edited it to the "embedded" platform, and didn't install a swap partition. Runs like a champ on the flash card with nearly 0 writes.

I'm running appropriately 10 PCs on it, can jump up to 12-13 depending if I turn some more VMs on.

Just a note when originally searching for a firewall distro I found pfsense to be the only one capable of bridging a tapX interface with the physical lan connection. This can be used to created a bridged VPN.
 
#4 ·
I am planning on running pfsense on a 700mhz P3, 256mb PC133 RAM, 30gb HD, with a Rosewill 10/100 WAN, and an Intel Pro/1000 GT LAN. I will have my Wireless router, and other router along with my gaming comp, htpc, and my mom's computer on it. I hope to have it up and running once my Intel NIC arrives.

If anyone has any good pfsense tutorials or any tips that would be great!
Thanks!
 
#6 ·
I'm only using it temporarily at this point (until I get a machine to dedicate to it, it is in a VM on my laptop (laptop is unusable due to broken hinges).

Very pleased with it though. Seems to be doing a very good job.

If I can work out the finances (and a few other issues) in time I would like to try to use it for load balancing two internet connections.

I'm only able to use it because I got a Cisco 2950 for 40 dollars and my friend discovered that if I use the actual drivers from intels site my laptop supports vlans.
 
#7 ·
My son got me to use it. I have it installed on a POS Dell desktop system that I can't recall the model number. I'll edit the particulars later. Using it as a Router and it's working so well, I hardly log in to check status.

10/100 NIC cards for the WAN and the LAN
 
#8 ·
I have pfsense but I don't use it as my active system.

Specs are...

P3 1Ghz 512MB RAM CF as HDD.

I was testing waters with, monowall, untangle and pfsense. I choose untangle because of the fancy gui, and it's filtering of spam, viruses and such. Easier to control the kids, so to speak.
 
#9 ·
New to pfsense-

After having one crappy manufactures router after another I decided to build one. It didn't seem like it would be a hard thing to understand after a couple months reading on the subject. Since I've started using a router/PC I've noticed the difference, as my Dlink and Linksys would constantly freeze from heavy loads. I've not had that issue since installing a pfsense router/firewall. I'm pleased I made the decision to build my router out of old PC parts. It so far is the best router I've ever owned.

I primarily game, stream and surf. The second PC in the house likes to stream, play flash games, surf and use the network printer -to which I dedicated a subnet with no WAN interface-. I also have a network drive for the home to store music, movies and shared files so that the individual PC's don't have to have 'file share' enabled. The third PC in the house is a dedicated HTPC with Internet, to which it has its own subnet and is not accessible by any PC on the network, but the HTPC can access the network drive in the primary subnet. I have no Wifi, don't want it!

AMD Winchester 2.2GHz 939sckt
MSI/Via K8M890m2-v, 1GB SuperTalent PC3200
Maxtor 40GB IDE, x2 ENLGA-1320 NIC[Realtek chip RTL8186], Netgear FS605 Switch
Pfsense 1.2.2 - Packages: Bandwidthd, iperf, rate

Here is a post of mine about 'Watchdog Timeouts'[WDTO] in pfsense forum.
 
#10 ·
Hey there!

As of yesterday, I have installed pfsense on my routing-pc as well.
It's running on:
ASRock G31MG-S Socket 775 mATX (GBit-lan onboard)
1.8 GHz Intel Celeron D 430 (passively cooled with a Sharkoon cooler, don't remember the name, though)
2gb DDR2 Corsair Dominator (they were unused otherwise)
LevelOne GNC-0105T Gigabit PCI Ethernet Card
EW-7128G Card (54) WLAN PCI Card
all in a asus vento s6 µATX-case that came with a (suprisingly silent) 250W-PSU. So currently, the only fan is the 80mm PSU-fan.

It's used mainly for gaming, but also for remote-controlling work-pcs.

The reason I got it was partly, because I had some trouble with my USRobotics router, but also because i just liked the idea of trying it out.

There is one gaming PC (running boinc) connected via LAN, and (mainly in the evenings) two additional laptops and the occasional smartphone connecting using WLAN.
 
#11 ·
first to join in 2010, wwwoooooooo

My pfsense box is running:
Asus A8V Deluxe 939 skt mobo (gbit lan onboard)
AMD Athlon 64 3000+ @ 2.0gHz (just to say "i have an overclocked router")
1 gB Samsung DDR RAM (2x 512mB)
2x Intel PRO/1000 GT NIC's
ghetto rigged 9550 for display
2gB Kingston DataTraveller

One of the Intel NIC's is a WAN, the other is LAN which goes to my old router and hopefully a switch soon. The onboard LAN (LAN2) goes to my server which runs a lot of things. LAN2 is bridged to LAN and there is a firewall allowing members on LAN2 to connect to LAN to obtain a DHCP address.

So far i am very pleased with the capabilities of pfsense. It seems to be able to handle loads and giving things addresses a lot more efficiently then my old router, seems that the slowdown from everyone (10-13 computers in my house, I've lost track...) connecting to the internet is also pleasantly gone.

I hope to continue to use pfsense for as long as i can, probably the best thing i could do for my network


~{}
 
#13 ·
PC: Dell Dimension 2400, 2.4ghz celeron, 512MB DDR, 40GB HDD, Integrated NIC and D-Link Gigabit

Usage: Router, QoS, VPN between offices, and OpenVPN for remote users. Supports around 50 stations + 1 offsite locations.

Using ntop and traffic things are always fun. Interesting to see who is looking at what. We're pretty open about which websites our users are visiting but it is always cool to see who is ****ing everyone over by trying to download music or watching youtube in HD!
 
#14 ·
Quote:


Originally Posted by PC-GOD
View Post

Any reason to use this over cisco router access-lists??

Cheers

If you are not familiar with cisco.
You don't want to buy cisco hardware.
You have an extra pc laying around.

You can get enterprise level hardware to run pfsense too. (premade low wattage boxes, multiple nics, etc...)
 
#15 ·
I just wonted to post how i feel it's to bad that this fourm never really took off.

My current setup is a:

Shuttle PC:

Intel P4 3.06 Ghz HT 800MHz
2x 1GB DDR
250 GB Harddrive

Nics:

1Gbps on board - Lan
100Mbps on board - Wan

2x 1Gbps PCI
 
#16 ·
Specs:
VirtualBox VM, 1 CPU, 512MB RAM, 2GB Storage, 1 NIC bridged to physical. Running pfSense 2.01.

Usage:
Needed a DNS that would resolve hosts on my LAN, and my D-Link won't pass a LAN host as a DNS when replying to DHCP clients, so needed a separate system that would do both.

Hosts:
1 smartphone, 1 tablet, 2 laptops, 2 PCs, 1 server.

Love it. Runs in a tiny amount of memory, is accessible via a browser and seems much more responsive than Untangle (at least in a VM).
 
#18 ·
I run pfsense on a Alix 2d3 embedded machine (5 watts, 500 Mhz, 256 MB ram, 2GB CF card). I ran version 1.2 and 1.3 for years and recently upgraded to 2.1 which is now causing some wireless issues. As a result I'm now planning on replacing pfsense with an OpenBSD install, and roll my own firewall.
 
#19 ·
pc180421.jpg

0 moving parts. Turion 64, 512 mb of ram, an atheros NIC, and some 6 dbi antennas.
 
#20 ·
@Idiot

Is that a wall-mounted laptop? It sure looks like one...
smile.gif
 
#21 ·
Good to see we have a club for this
biggrin.gif


Mid-2011 Mac Mini Server
2.0GHz Quad-core i7-2635QM
16Gb RAM (2x8Gb Patriot Signature PC3 1333MHz)
128Gb OCZ Vertex (primary drive)
500Gb 7200rpm Seagate (secondary drive)
Thunderbolt to gigabit ethernet adapter (as a second ethernet port)

I'm currently running pfSense in a VirtualBox vm, with 1CPU, 3Gb of RAM and a 2Gb virtual disk for routing, NATing, and protection of both my physical network and two other vms (Debian instances running websites and services in Apache HTTPD server and Tomcat).

The instance is running with the Snort, iperf, Darkstat and iBlocklist packages.

I have the Mini's built-in gigabit ethernet port in use as the WAN port, which is connected to a modem in bridge mode, with all ports on the modem's built-in switch disabled, save for the one connected to the WAN. A Thunderbolt to gigabit ethernet adapter serves as the LAN port. On the LAN, I have a gigabit switch, and a Netgear WNDR3700 configured as a WAP (DHCP and firewall are disabled). Using bridged adapters as virtual ports for the VM, in this configuration, the Mac Mini is, itself, assigned an IP by the pfSense instance and is on the LAN.

I have 5 physical machines on the network (two Macs, two Wintels, and an Amiga 1200 on the wireless with a PC Card), as well as an XBox 360, a first-generation Playstation 3, and a Wii.

I provided some rough instructions for setup, as well as iperf test results in this thread

I also wrote a complete tutorial, with screenshots, but it's not up, yet. I'll get it online when I finish my site redesign.
 
#22 ·
Quote:
Originally Posted by parityboy View Post

@Idiot
Is that a wall-mounted laptop? It sure looks like one...
smile.gif
Yep. I'm working on the build log in the case mod build log section.
 
#23 ·
Hehe, cool!
biggrin.gif
 
#24 ·
IDIOT, that is hilarious. Surely not my style, but I like making use of an old laptop.

I run pfsense virtually (vSphere 5.0). But I'm thinking about moving to a linux distro, most likely Arch. Maybe physical... who knows - change is inevitable.
 
#26 ·
Quote:
Originally Posted by Iris View Post

I didn't know this thread existed. I love pfSense.
biggrin.gif

I see someones using Google's Public DNS servers.
thumb.gif
Wouldn't you...

Back on topic, I've ran it on several machines in the past, an old P4 was my last one...

Currently running it at the office on a little HP MicroServer with a dual port Intel NIC in the PCIe slot.

And I will be doing another one at home very soon using a C2D HP workstation I picked up for $100.
 
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Top