A friend recently sold me on the idea of making a machien for pfSense. It sounds like a fine time, both putting together the hardware and configuring the software. My friend says that it's best and cheapest to just use an older junk PC and add what it needs, but I kind of want to go the smaller, sleeker route. Does anyone have much experience with them? How much might I expect to pay?
>>51620522
I just set up a pfSense machine
The "use any old machine" route is certainly cheaper. For most purposes anything this side of a Pentium 2 will be fast enough, all it needs is two network interfaces. It wasn't that hard to get up and running. I'd get a switch to use for whatever wired machines you have, and then if you want wireless, take your router, switch off NAT, the DHCP server, and the firewall, and plug it into the switch. (mine had an "access point only" mode that does this), it was easier than using a third interface and plugging the router into that.
>>51620522
I took the easy route and just bought the pfsense SG-2220. Low power consumption, it just works.
As for the software...holy shit, it's awesome. You'll never again want anything else between you and the intertubes, other than your pfsense firewall. I've got snort running on mine, which by default blocks *everything* that doesn't check out 100%. Feels good man.
I installed opnSense (very similiar to pfsense, but more..pretty) on a small dual NIC machine. Works great. Installed to a micro usb drive
>>51620522
what is this semen demon?
>>51620683
..so you have snort on top of the pfsense software? Is their a separate interface for each? Do you have the subscriber lists?
>>51620806
https://www.google.co.uk/url?sa=t&source=web&rct=j&url=http://www.aliexpress.com/store/product/2014-NEW-Intel-Celeron-C1037U-aluminum-fanless-dual-core-living-room-HTPC-Barebone-Mini-PC-with/1295458_1943481997.html&ved=0ahUKEwimx96WtbnJAhVM6RQKHXekCvsQFggxMAM&usg=AFQjCNH3OQSzoOBNh8oMc9XrPAfavfoH3g
I used
http://www.aliexpress.com/item/Bay-Trail-Celeron-J1900-nano-pc-fanless-dual-lan-port-thin-client-Win-7-Ubuntu-Linux/32318046928.html
It`s nice, built solid
>>51620855
Pfsense has all sorts of official software packages you can install. Installing Snort is literally just a couple of clicks.
But that's installing it...learning to live with Snort is another matter. Just because an internal machine is calling out to a host on merely port 80 on the WAN, doesn't mean the traffic should be allowed through according to Snort, as something about it may be on an emerging threat shit list of one type or another. You can configure the rules from loosey goosey, to all out fascist mode according to the latest emerging threat research, updated every 6 hours.
Warning: if you crank up the security, to do a lot of basic web browsing you will have to get *well* acquainted with Snort's whitelist interface and the pfsense firewall logs. Ex: the strictest rules block downloading Windows executables. You'll have to figure out how to loosen this particular rule, for what IP adresses, and then remove the offenders from the blacklist they just got put on.
The most basic Snort threat alert subscription is free, and honestly it feels quite adequate. But there's a $30/personal use plan as well.
>>51620522
if you want to all from scratch look for a
"thin mini itx" mobo with pci-e and mini pci-e
then build a case for it.. will cost ~$300USD+
>>51621139
CLICK LINK
SEE THIS BANNER
How's the power consumption? Comparable to a standard home router?
>>51621139
Still a bit expensive for a pfsense pc, needs RAM and storage.
Aren't there cheaper ones out there with two ports? Performance doesn't really matter right?
