Part I – Hardware for your Pfsense firewall
For a long time I have given it many thougts to buy an firewall for my server and home network. But a good firewall can quickly be pretty expensive. I had some old harware laying around in my appartment and I thougt it could be fun to make it into a project to build my own firewall. the only thing I needed to buy was a chassie because a friend and I tried to make another chassie smaller but it didnt ended up so pretty as we were expecting it to be so I throug it out.
Well I was googling around and found some interesting opensource firewall builds like Pfsense, Ipfire, IPCop and etc. all of them was based on linux except for Pfsense there is based on FreeBSD. I have been reading a lot of reviews of each systems and I think pfsense is the best choise of them all! The people behind pfsense is really engaged and knows what they are talking about. Pfsense have some cool and very usefull features you normally would have to buy a expensive firewall/router to get the same features. It has a lot of very usefull packages/addons for an example squid proxy server, squid gard and snort intrusion detector. One of the things to have in mind when you choose FreeBSD is the hardware compability. You can run almos anything in linux but in FreeBSD is there less supported hardware, but the hardware there is supported are highend hardware and i think almost all Intel NIC’s are supported (you can see the list here)
Minimun hardware requirement
- 10-20 MbpsWe recommend a modern (less than 4 year old) Intel or AMD CPU clocked at at least 500MHz.
- 21-100 Mbps recommend a modern 1.0 GHz Intel or AMD CPU
- 101-500 Mbps Server class hardware with PCI-e network adapters, or newer desktop hardware with PCI-e network adapters. No less than a modern Intel or AMD CPU clocked at 2.0 GHz.
- 501+ MbpsServer class hardware with PCI-e network adapters. Multiple cores at > 2.0GHz are required.
256 Mb ram is the minimun recommended
min. 1 Gb. Hdd or Compact Flash card.
And you need at least two NIC’s one for WAN and one LAN.
The hardware i am going to use in my Pfsense setup
- Gigabye j1800-d2h (from an old server)
- Celeron 2,4 Ghz Dual core (Integraded on the motherboard)
- 4 Gb ddr3 so-dimm ram
- 320 gb hdd Western digital (from an old laptop)
- IBM Intel PRO/1000 PT Dual Port PCI-E Server NIC
- Arduino micro controller + 4×20 lcd display
- Tp-link 8 port gigabit swtich
- Linksys wrt54gs (DD-WRT Firmware)
- Atheros AR9285 mini pcie-e wifi card (from and old laptop, i just had to buy to antenna adapters so i could mount antennas)
How to install and setup Pfsense.
I wanted my network map to look like this so my server is in the DMZ (Demerlized Zone) The reason I choose to place my server in DMZ is that the DMZ is a “secure” zone. you can connect to the devices in the DMZ from your LAN but DMZ can’t connect to the lan from DMZ, it is a one way communication. So if the server is under attack then you LAN should be secure, there is ofcourse never anything there is totally bulletproof and secure but this is a great way to do it.
re1 -> Wan (82.180.28.xxx
em0 -> Lan (10.0.0.1)(Including a switch and Wifi Router)
em1 -> DMZ (10.0.1.1)
ath0 – Wifi on mb (need to figure out how to get it to work)
In part II are we going to setup the Pfsense Box from scratch. I will post the next part later in this week