Pfsense Router

[ch0b1ts]

I want to build a high-end router/firewall for my Internet connection (FIOS Business 35/35 + 5 Static IPs). I only use one IP to host my stuff. My housemate on the other hand hoards the rest.

Here is what I'm looking at for the build.

Intel DBS1200KP Mini ITX Server Motherboard LGA 1155 Intel C206 DDR3 1066/1333

Intel Celeron G530 Sandy Bridge 2.4GHz LGA 1155 65W Dual-Core Desktop Processor Intel HD Graphics BX80623G530

Crucial 4GB (2 x 2GB) 240-Pin DDR3 SDRAM DDR3 1333 (PC3 10600) Desktop Memory Model CT2KIT25664BD1339

Intel E1G42ET 10/ 100/ 1000Mbps PCI-Express Dual Port Server Adapter

So, I'll have 4 Network Interfaces total. 1 for WAN, 1 LAN, 1 DMZ, 1 Spare.
I have a 500GB Laptop HD laying around that I'll throw in as well.
I plan on running multiple modules like Snort, Squid, ClamAV, and whatever else looks useful.

This build look ok? Any suggestions? Maybe someone could recommend a good case for the build.

 

[Automata]

That is going to be massive overkill for a router. I'm running pfSense on a single core Pentium 4 2.8GHz with 1.5gb of RAM. It has an average load of 0.01 and memory usage of 10%. Granted, you will be pushing a bit more traffic than me, but it is still way more than you need. If you don't mind dropping the cash, there is nothing bad about it, though.

If you need this system to be very reliable, you may want to check out a board/proc/RAM that can support ECC/registered memory.

 

[ch0b1ts]

It doesn't need to be reliable since it is just for my home office and hosting a few services such as VPN for friends and family.

The difference in cost between the G530 2.4Ghz Dual Core CPU and the G440 1.6Ghz Single Core is only $10, so I'll just stick with the G530. Likewise, the difference in cost between 2GB and 4GB is about $10 so I might as well just stick with 4GB. I know it is overkill but the cost difference is negligible.

Now, I just need to decide on a case. I have a spare PSU so I don't need to worry about that.

 

[Automata]

I fully understand on the cost difference and I would likely do the same. I didn't directly state it, but what I meant was you could get an old system for cheap, slap in a few NICs, and be off on your way. If you want to build it from scratch, don't let me stop you! I'm certainly not someone who knows the definition of overkill, and my signature proves that!

I don't have experience with motherboards/cases that small, but I'd guess that nearly anything you pick up will be more than enough. The problem is finding a power supply that will fit the case.

 

[neo668]

Sorry to butt in. Is this thread about creating your own router? This is new to me.

Can I just install pfSense in my home server and use it as a router/home server? This means I can do away with the Linksys router I'm using now and which is the center of my home network? I use a broadband modem for getting internet connectivity. Instead of connecting this modem to the Linksys I can now connect it to the router/home server?

Sorry for all the questions. This is brand new to me. Thank you.

 

[Automata]

Yes, he is talking about building his own router, using pfSense as the router. For security/stability/sanity* reasons, you will want to install pfSense to a dedicated computer with two or more NICs. This would make the computer your router (firewall, DHCP, etc), which would replace your Linksys.

How does your Linksys hook up to your ISP's connection? If it is just a standard network connector, this would work perfectly.



*You want your router to run as few applications/services as possible. Using a complicated setup increases the chances someone can break into your network. This is why you should dedicate a computer (it can be an old/slow one!) to the task of routing.

 

[neo668]

Thanks Thideras.

My ISP installed a modem/router which is the source of my internet connectivity. So I connect one of four "Out" ports on this ISP-provided router to the WAN "In" port on the Linksys. The Linksys also serves as my home network's DHCP server. I then connect everything else to the 4 ports on the back of the Linksys.

I will do more research on this and see if pfSense might be better for my home setup. If nothing else, it just might be educational and fun. Thanks again.

 

[ch0b1ts]

One that you build should be more reliable, allow higher throughput, add a lot of capability, and have lower pings than anything you buy off the shelf at Best Buy.

Neo, if you are thinking about building one then it should be a great learning experience. Other router/firewall distros you can check out are monowall and smoothwall. Pfsense and monowall are BSD based while smoothwall is Linux based. Other than that, I don't know much else about them. It may be worth looking in to.

 

[neo668]

I already have a uATX AMD 780G mobo lying around. I also have several sticks of 0.5 GB and 1 GB DDR2 ram. All I will need is a uATX case, a 2nd hand AMD CPU and some NICs. I think this could be fun.

Will check out Monowall and Smoothwall. Thanks for the tip.

One question. Will I have to install an OS first? If so, Linux or Windows? I still have a valid copy of Win XP and a couple of licenses for Win 7.

Thanks.

PS I also have an old Celeron CPU. So I either buy a 2nd hand mobo for the Celeron or get a 2nd hand AMD CPU for the 780G mobo.

 

[ch0b1ts]

No, the Routers are full BSD/Linux distros. So they will be your system's OS.

On another note. I decided to forgo a case and buy a 12x24 sheet of plexiglass for $14 instead.
Time to break out the power tools!

 

[neo668]

No, the Routers are full BSD/Linux distros. So they will be your system's OS.

Thanks. I've visited the websites of pfSense, Monowall and Smoothwall and understand what you mean. I was hoping to be able to install this on my home server as a tryout first. I guess this is not possible.

 

[ch0b1ts]

So in the past 12 hours, I've reassessed my build and called all my friends looking for spare parts.

My friend has an old computer (~4-5 years old) with a Socket 775 Motherboard, CPU, and Memory that I he is allowing me to take off his hands.
I also forgot about an old Lian Li PC60 Case with a 450W Enermax PSU that I have in storage.
With some luck, my monetary expenditure is going to be minimal.
I'll just need to buy a couple good Intel Gigabit NICs to throw in.

 

[Automata]

I'd pick up a quality power supply, instead of that. Otherwise, that will be a good build!