Indians For Guns

Gentlemen:

I'm sorry I've been a bit scarce lately. I know I have some loose ends to respond to here and will do so soon, I hope. We have had a few things going on and are in the process of moving -- ugh!

Anyway, I have been fooling with a toy I have meant to address for quite some time: a pfSense installation that will allow me to do advanced firewalling, intrusion and virus detection, and spam interception. I had intended to do this on a very old machine that I have, but recently I bought a cheap Intel mini ITX motherboard with an Atom cpu (D2550MUD2) and set it up with pfSense. I have a "smart" L2 switch and intend to set up VLANs to segregate my home traffic so that the webcam and VoIP ATA are separated from other LAN segments.

Previously, I've used a DLink DI614, a Netgear RPV614v4, and most recently, a TP Link T600VPN. We have always been plagued with varying internet performance and I've always had difficulty connecting to VPNs. Since this has always been an issue, I figured it was due to the ISPs I was using.

However, with my little pfSense box connected to the cable modem, things have been flying for my Wife's Mac mini and my iMac, as well, along with the home theater PC we use. The performance difference is amazing!

I've read tests of home routers and, from the results, never imagined that things were so sluggish due to the commercial home routers I've been using.

Anyway, it will be fun to learn and work with the many tools this new package offers.

If you have an old laptop or PC, you might want to experiment with running Ubuntu or some variant of Linux on it.
You can load Ubuntu on a stick or DVD, boot off it and try it out without changing anything on your PC. If you like it, you can install it later. You can also dual boot a Windows PCwith Ubuntu or Windows.
Ubuntu is great for beginners or for people not familiar with Linux. Everything is point and click, you dont have to use the command line for anything.
It is also free. You can run Firefox or Chrome for a browser and Thunderbird for a mail client.
Sometimes weeks go by before I turn on a Windows PC at home.
http://www.ubuntu.com/

@timmy
Common home and office routers are just designed to handle small traffic and with no special intrusion prevention and vlans in mind, thats why they are dirt cheap.
It is nice that you've gone for a home made router, may I know what motherboard you used for it?
For the same reason you mentioned I always use a router that can handle a custom frmware like TomatoUSB or DD-WRT. Right now I use AsUS RT AC68U and Netgear R7000. That way there is less to manage and they do have less power requirement.

Msingh:

Yes, the motherboard I got is this one: http://www.intel.com/content/www/us/en/ ... 0mud2.html

There are better ones with two Gb ethernet ports. This one only has a single, but my WAN speeds are so low that I stuck a Gb Realtek board in the PCI slot. This would be good enough for fast ethernet. If the time comes, I'll get one of those Jetway mini pcie Gb ethernet boards for the WAN interface. The difference was, the dual ethernet boards were about $115, and this one was about $45. I stuck it in a tower case (that's what I had laying about). I stuck 4 gigs of memory in it and pfSense has not come close to exhausting that, even though I have snort and squid running on it as well as anti virus and squid guard.

You are right about the home-grade commercial routers, but I was shocked that there was such a lack of power in even ones that scored highly on tests.

XL:

The Linux distros are great -- pfSense isn't so far away from this as it is built on BSD Unix. UNIX/Linux NAT routing is pretty capable stuff, but pfSense comes with an http GUI that you can manage from your regular system through the browser. It has a lot of add-on packages and options, so it was a good place to start for a person like me.

@timmy
Choosing pfsense with a single ethernet is right choice if your requirements are low.
Otherwise there are many alternatives like IPcop you can use.
And you are absolutely right about power of Linux, most custom firmwares run on linux kernel, android is linux stripped and stocked.
If you are feeling more geeky someday, use a normal linux installation and turn it into a router, very less memory consumption and very less HDD space requirements. My pick would be Arch Linux. And about power and machines, check google for Raspberry Pi routers.
Happy to see someone using a hardware to its full potential with help of Linux.

I put the full 4 GB of memory into the thing, and only use 10% of it. The hard drive is a 9 GB one from a laptop, and it's about half full, so I'm not close to exhausting the resources of the package.

The second Ethernet port, because it's on the PCI bus, is limited by the bus's 133 MHz rate, true, but with Internet speeds < 50 Mb/s, it's really not a factor. Like I said, if I ever get very high speed internet, Jetway makes a mini PCIE card that this board will accept, and it will match the speed of the native ort (both having the Intel Ethernet controller chip).

Remember, pfSense rinse on BSD UNIX, not Linux - which is a small distinction.

I do have a Raspberry Pi I play with, but did not consider it for a router. The power consumption is minute, true, but there's only one Ethernet port and it is supported by the USB controller. The Pi USB bus is not very speedy. Remember that, while my WAN speed requirements are low, the LAN side has to route between my VLANs, so that I can control access between LAN segments. I don't think that the Pi is up to this kind of work in my situation.

Old or cheap hardware is usually more than sufficient to work as a home internet router. Sometimes noise created by processor fan or power supply fan or slightly higher electricity consumption compared to embedded systems, is an issue with old hardware. If this is not something of concern, it is the thrill and satisfaction that comes when your home made configuration is up and doing what you want it do. Since you have smart L2 switch, it looks like you are all set to create a efficient VLAN based home network.

Goodboy Mentor: +1

This system has an Atom processor, which is what iPads use. The consumption of the motherboard is around 10 watts to 15 watts in service. The board itself is fanless, although the power supply does have a fan. Later on, I might get a more efficient fanless power supply for the thing. It is pretty quiet now, but if it winds up near my desk in the new place, that fan may bother me and motivate me to change the power supply.

I had originally installed pfSense on an old Socket 7 board that I had, and then tried it on a Pentium 4 system. This last one is a real toaster that gobbles up electricity - I figured a year's use would pay for the new mini-ITX board.

The system is up and running, but it will have to wait until after the move for me to add the VLANs and fine tune the thing.

It is quite interesting to read the logs and note the attempts to dig into my home LAN.

Timmy you may want to disable the QoS on it. QoS if not configured correctly usually causes degradation of quality for VoIP and applications that are used for streaming data.

Thanks! I'm not running QoS, and for now, VoIP is working OK. I'm going to wait until after the move before I add any other controls or the VLANs, because right now, I just need the access to work.

You can further reduce electricity consumption, heat and noise by replacing the hard drive with a CF card via an IDE to CF adaptor. For your purposes it should work just as well as any SSD hard drive but at a lower cost.