Re: [PLUG] Cheap Firewall

From: Tone Montone <tonemontone@gmail.com>
Sent: Tuesday, May 29, 2018 7:02 PM
To: Philadelphia Linux User's Group Discussion List
Subject: Re: [PLUG] Cheap Firewall

Lee,

You have hit on a project I've been looking at for the past month. I never used FreeBDS before and was looking at picking up a cheap PC from craigslist, with a CPU that was AES-NI friendly, and then install pfsense on it. I also thought about adding snort and Splunk as well to gain some insight into those tools as well.

While looking around for parts, I resolved to stick it on an ESXi server I am using for development. Not sure if it will work well, but it's just a project thing.

Mike

On Tue, May 29, 2018 at 4:01 PM, Lee H. Marzke <lee@marzke.net> wrote:

So is your total Cloud billing, plus reduced network to the house , and reduced power to the house a net
increase or decrease in monthly bills ?

If you like full features and a GUI, I still recommend pfSense, and you can get it on supported hardware from
https://store.netgate.com/SG-1000.aspx

The SG-1000 may only pass 100mbs with filter enabled, so you may need something larger if you do video or VPN connections.
AES-NI support in the cpu helps a lot. The next pfSense 2.5 will require AES-NI.

Netgate doesn't allow pre-installed pfSense - so any units on Amazon with that are likely old versions, and
you may have hw issues with upgrades, so be careful.

I've had bad luck with pfSense running on micro SBC units, with the chip running the switch interface
not working so well on multiple Nics, especially with vLans, so you might want to pick supported hardware.
The same exact pfSense ran fine as a VM, but wouldn't play correctly on the small SBC.

I've also had good luck with the Edge-router as a backup firewall ( since my main pfSense is virtual )
but anything more than basic features are difficult with GUI, and the command line is based on vyatta
( now vyos ) which is like Juniper fw, so there is a learning curve.

Lee

----- Original Message -----
> From: "Casey Bralla" <MailList@NerdWorld.org>
> To: "Philadelphia Linux User's Group Discussion List" <PLUG@Lists.PhillyLinux.org>
> Sent: Tuesday, May 29, 2018 11:42:07 AM
> Subject: [PLUG] Cheap Firewall

> I'm finally closing down all my servers in my basement on my comcast
> commercial account and moving them all to rented servers in the cloud.Â Â
> I'll be able to save a ton of money on internet charges, but will have
> to give up a bunch of blinken lights.
>
> I'm not sure how to setup a good firewall, however.
>
> Up till now, I've been using an old PC with 3 network cards.Â But
> without the servers, this is way overkill.Â Â I thought I might use an
> old wireless router (in non-wireless mode) to provide NAT.Â But I'm not
> sure if that is robust enough.
>
>
> Any suggestions from the list on setting up a good, low-power firewall
> that is capable of gigabit speeds?
>
> --
>
> Casey Bralla
> ___________________________________________________________________________
> Philadelphia Linux Users Group -- http://www.phillylinux.org
> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
> General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

--
"Between subtle shading and the absence of light lies the nuance of iqlusion..." - Kryptos

Lee Marzke, lee@marzke.net http://marzke.net/lee/
IT Consultant, VMware, VCenter, SAN storage, infrastructure, SW CM
+1 800-393-5217 voice/text
+1 484-348-2230 fax
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug