Finaly time to Roll my own Firewall

[Fragment85]

So I run a FTP dump for a few Paying customers, Off of my Home File Server's extra space. Its been on auto pilot for a good 6 months now. (Due to work I have not had the time to do much) SO I had some free time Friday and started cruising through my secure logs and found disturbing amounts of attempts to log in. Good thing if the server recognized them as possible attacks and closed all the connections. Everything just looks like brute force attacks. So in light of this its time to roll my own firewall. I have some equipment in the house that could easily run PFsense but that would mean loosing my VM server.

So any way. Looking to Run PFsense.

• Case - NORCO RPC-230
• Mobo - MSI-A55M
• CPU - AMD A4-5300
• Ram - Kingston 8GB
• Nic - Intel EXPI9402PT PRO/1000 Half off on Amazon!!!

This case would go great in my network rack as I only have a short and Shallow rack for my network gear and the Filer server is mounted into part of my desk. I have 2 WD VR 300GB for drives that I'm going to use for cache. I'm thinking everything will work just fine I'm just not sure about that NIC but I am trying to keep costs down.
Any advice or changes that would be worth it?

 

[Automata]

I think you are putting way too much money into this, especially considering that you are trying to save money. Unless it has to be rack mounted, any old system will do firewall tasks perfectly fine. Find a Core2 based Dell/Gateway/HP and use that.

That NIC is crazily overpriced. I just paid $35 total for two of those shipped.

 

[Fragment85]

It doesn't "Have" to be rack mounted but dam would it save me trouble. Ill keep searching for a few things. I know I have a few other parts at the house that I could most likely use but saving the space is worth the money when you move as much as I do.

 

[txus.palacios]

I have that exact NIC on my VM host. Look on eBay, I found one for 27 EUR shipped (about 35 USD).

Everything else looks good enough. Overkill (an Atom would do), but will do.

 

[cullam3n]

I run pfSense on a A64 3200+ (S939) and 1GB of RAM just fine, no need to go crazy on the specs unless you have tons of firewall rules and are dealing with tons of traffic.

I've also been hit with some brute force attacks as well. I was away for 3 weeks so I put on SSH on the default port and look who showed up.

 

[Fragment85]

Just found the Nic on Ebay for $34 and change shiped. Thanks for the sanity check.
I didnt have anything laying around but A friend that had a extra, gifted me a older HP media Center (2 gigs of ram and a Athlon II), its been striped but atleast it gives me a PSU, MOBO, and CPU.
Then grabed the case and a CPU fan from Newegg.

 

[Automata]

Sounds like that will be great for a firewall!

 

[txus.palacios]

Add RAM to the mix and a PSU and you have a server.

I've ran a stripped Atom board with a dubious quality PSU as a pfSense firewall for a long time. Eventually I got it it's own box and later on I virtualized it.

 

[Fragment85]

I'm gonna use this for now. Old ram just gets to expensive for my tastes. At some point for the not so distant future your totally right tho.

 

[Automata]

You really don't need to upgrade the RAM. My pfSense box has 1.5 GB and is using 8%.

 

[Fragment85]

You really don't need to upgrade the RAM. My pfSense box has 1.5 GB and is using 8%.

Thats great to hear. I was refering to the Virtualization part, its always a matter of time before I pick the next thing to learn and Virtualization could save me a little cash. I really thought about adding the VM to my VM box but the dam things a heater already and summer is right around the bend. I get just a weee bit hot here in the Desert.

I run pfSense on a A64 3200+ (S939) and 1GB of RAM just fine, no need to go crazy on the specs unless you have tons of firewall rules and are dealing with tons of traffic. I've also been hit with some brute force attacks as well. I was away for 3 weeks so I put on SSH on the default port and look who showed up.

Untill I get it up and running i just denied all traffic other then my desktop for SSH. So ill just have to remote in there first then over to the server if i really need to remote manage.