EyeofSauron
Member
PFsense is what I use.
Highly recommended.
Highly recommended.
Are Chinese cameras secure?
- Thread starter mikefamig
- Start date
Does pfsense require you to dedicate a computer to it's use or could I run it on the same machine that I am running Blue Iris for example? And how does it handle wifi connections when running on a Windows PC.
Running a custom firewall is completely new to me. Can someone explain what a pfsense machine would look like. What special hardware is necessary? Now many ethernet cards?
Mike.
Running a custom firewall is completely new to me. Can someone explain what a pfsense machine would look like. What special hardware is necessary? Now many ethernet cards?
Mike.
pete_c
Guru
I now a few folks that have configured their PFSense firewall on a VM and doing all sorts of stuff these days that way.
You can purchase multiple port network cards (Intel Gb) very reasonably. Here while my PFSense box is dedicated to PFSense my main mITX board (BCM) has two Intel Gb NICs on it and I added two more Network cards to it. I tinker so purchased 2-4 port Intel Gb cards.
The installation of PFSense is plug n play using the current distribution install ISO on USB or CD Rom. You do not need to know BSD to run PFSense. The GUI is very much plug n play and you can run it on any old computer with multiple NICs. Here have two NICs dedicated to WAN links and 4-8 dedicated to LAN links.
I have started to write a DIY on building you PFSense box here on the forum and on Homeseer.
Here are blogs I wrote on Cocoontech (going back a couple of years now). Thinking first one was in 2013
PFSense update and tweaking
PFSense Failover Configuration
PFSense - PfBlocker
Anyone using PFSense as a firewall?
.
On Homeseer started this one recently and still updating it.
How to configure a PFSense Firewall
For a bit I started or trying to see about a group buy for a mini 4 port PFSense Firewall. I was targeting a cheapo $100 Intel Skylake CPU firewall....except right now these are still closer to $250...Personally wanted to install it in my 42" Leviton media panel. Today do have one managed 24 port switch and one 8 port POE switch, modem(s), VOIP, patch panel inside of the box.
Some info on current running PFSense box.
Version 2.4.3-RELEASE (amd64)
built on Mon Mar 26 18:02:04 CDT 2018
FreeBSD 11.1-RELEASE-p7
The system is on the latest version. Version information updated at Tue Apr 24 7:34:38 CDT 2018
Uptime 21 Days 15 Hours 40 Minutes 57 Seconds
NTP GPS time with PPS
Satellites in view 15, in use 11
Clock location provides Longitude / Latitude and elevation
In to time in general here and have used an NTP server since the 1990's. First GPS / PPS / NTP at home was using a Trimble from a tank; built to last forever. For work also worked on flight vectoring software (Unix) that utilized a very expensive GPS at international airline hubs.
You can purchase multiple port network cards (Intel Gb) very reasonably. Here while my PFSense box is dedicated to PFSense my main mITX board (BCM) has two Intel Gb NICs on it and I added two more Network cards to it. I tinker so purchased 2-4 port Intel Gb cards.
The installation of PFSense is plug n play using the current distribution install ISO on USB or CD Rom. You do not need to know BSD to run PFSense. The GUI is very much plug n play and you can run it on any old computer with multiple NICs. Here have two NICs dedicated to WAN links and 4-8 dedicated to LAN links.
I have started to write a DIY on building you PFSense box here on the forum and on Homeseer.
Here are blogs I wrote on Cocoontech (going back a couple of years now). Thinking first one was in 2013
PFSense update and tweaking
PFSense Failover Configuration
PFSense - PfBlocker
Anyone using PFSense as a firewall?
.
On Homeseer started this one recently and still updating it.
How to configure a PFSense Firewall
For a bit I started or trying to see about a group buy for a mini 4 port PFSense Firewall. I was targeting a cheapo $100 Intel Skylake CPU firewall....except right now these are still closer to $250...Personally wanted to install it in my 42" Leviton media panel. Today do have one managed 24 port switch and one 8 port POE switch, modem(s), VOIP, patch panel inside of the box.
Some info on current running PFSense box.
Version 2.4.3-RELEASE (amd64)
built on Mon Mar 26 18:02:04 CDT 2018
FreeBSD 11.1-RELEASE-p7
The system is on the latest version. Version information updated at Tue Apr 24 7:34:38 CDT 2018
Uptime 21 Days 15 Hours 40 Minutes 57 Seconds
NTP GPS time with PPS
Satellites in view 15, in use 11
Clock location provides Longitude / Latitude and elevation
In to time in general here and have used an NTP server since the 1990's. First GPS / PPS / NTP at home was using a Trimble from a tank; built to last forever. For work also worked on flight vectoring software (Unix) that utilized a very expensive GPS at international airline hubs.
tmbrown97
Senior Member
It's been a while since I've had to deal with this, but a call to Comcast could get theirs turned off. I complained that I didn't want their Xfinity SSID creating more RF interference in my space (home or office) and made them turn it off. That said, this is why I run my own modems and my own routers, along with separate wifi. That way I have all the control and can place each device where it's best suited.pete_c said:
EyeofSauron
Member
You should absolutely be running your own modem, and firewall.Work2Play said:
I went with an Arris modem, and my PFsense box is a hardware firewall from Netgate.
pete_c
Guru
Before PFSense here was using Smoothwall which worked fine for me for many years except that the opensource / free version did not allow for multiple WAN connections. Been a happy camper now for a few years with PFSense. Still using a Motorola SB-6141 cable modem here which works well enough for me at this time. These have 8 downstream channels and 4 upstream bonding channels. Newer have more and are faster today. Relating to FIOS used a Verizon combo modem (which was the same MFG as their DSL modem). The combo used coaxial and ethernet and had a built in switch and WAP. I kept the coaxial network going for the television STB's and DVR and bridged one Ethernet port to a DD-WRT router/ AP at the time. Never touched it for many years and worked fine for me.
pete_c
Guru
The old updated to DD-WRT / OpenWRT routers were more tweaklable power wise and the range was good even though it was 54 Mbs. Personally liked the Buffalo combo routers to tinker with for a bit a while ago. These were banned from import for some time and I think it related to a Linksys power struggle. 
Today the FCC has mandated that the radios on new WAPs are not tweakable but you can still tweak them with DD-WRT / OpenWRT OS's.
You can just add it to your network and check out the radio footprint.
There are more options built in to the OpenWRT OS than the DD-WRT OS (thinking here relating to VPN and DNS stuff).
There was also a mention of using the RPi. These are faster and have more memory to do more stuff.
Today the FCC has mandated that the radios on new WAPs are not tweakable but you can still tweak them with DD-WRT / OpenWRT OS's.
You can just add it to your network and check out the radio footprint.
There are more options built in to the OpenWRT OS than the DD-WRT OS (thinking here relating to VPN and DNS stuff).
There was also a mention of using the RPi. These are faster and have more memory to do more stuff.
You lost me here, I know nothing about dd-wrt or open-wrt. I don't know if I would bridge or cascade, flash the firmware etc? It's all new to me.pete_c said:The old updated to DD-WRT / OpenWRT routers were more tweaklable power wise and the range was good even though it was 54 Mbs. Personally liked the Buffalo combo routers to tinker with for a bit a while ago. These were banned from import for some time and I think it related to a Linksys power struggle.
Today the FCC has mandated that the radios on new WAPs are not tweakable but you can still tweak them with DD-WRT / OpenWRT OS's.
You can just add it to your network and check out the radio footprint.
There are more options built in to the OpenWRT OS than the DD-WRT OS (thinking here relating to VPN and DNS stuff).
There was also a mention of using the RPi. These are faster and have more memory to do more stuff.
But is is worth the time and trouble to configure a 54mb router or should I spend money on a new router? I'm thinking about installing the old Linksys 54G just for the experience of doing it before spending money and I'm also thinking that it may be all that I need here. I think that the firmware is flashable.
Mike.
pete_c
Guru
The mentioned DD-WRT and OpenWRT OS's are OpenSource Linux replacement OS's that are better than the MFG OS's to these boxes.
That is what was selling these old routers; hence the name WRT (first one was the Linksys WRT-54G).
Flashing the firmware is a non issue. Just read the step by steps for doing this. Tinkering with the OS's mentioned internal to your network will not hurt anything and will provide you with a learning tool before spending the money on a new router or firewall OS (PFSense for example).
You can do the same testing using an old computer with two network cards and the PFSense ISO install internal to your network. Using VPN does eat more resources than the run of the mill bean counting a typical router does. It's all of the encryption that eats the CPU and memory.
I would tinker first to wet your beak. You cannot break anything if running the device inside of your LAN.
The Cisco APs typically only work with Cisco OS firmware. Over the years they changed from proprietary Cisco POE to standard POE. Here have early Cisco POE WAPs somewhere around here.
That is what was selling these old routers; hence the name WRT (first one was the Linksys WRT-54G).
Flashing the firmware is a non issue. Just read the step by steps for doing this. Tinkering with the OS's mentioned internal to your network will not hurt anything and will provide you with a learning tool before spending the money on a new router or firewall OS (PFSense for example).
You can do the same testing using an old computer with two network cards and the PFSense ISO install internal to your network. Using VPN does eat more resources than the run of the mill bean counting a typical router does. It's all of the encryption that eats the CPU and memory.
I would tinker first to wet your beak. You cannot break anything if running the device inside of your LAN.
The Cisco APs typically only work with Cisco OS firmware. Over the years they changed from proprietary Cisco POE to standard POE. Here have early Cisco POE WAPs somewhere around here.
mikefamig said:
One thing to keep in mind is your broadband bandwidth. The older routers are great to tinker with but they have slower CPUs. Depending on your internet speed the router can become a bottleneck because it cannot process packets fast enough. Adding VPN on top of that is going to slow things down even further. I ran VPN on my last Asus router with custom firmware Asuswrt-Merlin, wiki here. To play and learn the WRT11g is a good way to get your feet wet but it may not serve your long term needs due to performance reasons.
I ended up abandoning consumer grade routers due to burning them up and when broadband speed increased above 100 it was the final straw so I went with all Ubiquiti hardware (now paying for 300/20 getting 450-80 / 23, gig here sometime before end of year) The router and WiFi access point are separate hardware components and are rock solid. Also went to managed switches again Ubiquiti.
In the end it really depends on what you wan to do, do you want to be able to tweak and adjust or do you want something that just works that you don't have to think about once it is set up. In other words is it the journey or the result that you are after? The ubiquiti hardware is definitely not as consumer friendly but there are very active forums and good YouTube how to videos. And once it is set up it is done and it just runs. I've gone many months without reboots only doing so after firmware updates.
pete_c
Guru
My first at work desktop connected to the internet in the 1990's had a public IP address on it. I could at the time get to it from any place in the EU. No private addresses or NAT or DHCP was being used at the time (or firewalls). The internet was much smaller then.
Relating to VPN here have utilized it for access to my network for a few years now. The bottlneck there was the uploading speeds versus the downloading speeds with my ISP. That said today can use tablets / phones running VPN to my home network for automation stuff.
The whole VPN monthly service thing is relating to surfing freely untethered by your ISP and today somewhat related to the use of KODI.
This year again (it's been attempted before) China and Russia are trying to restrict or ban the use of VPN tunnels to the outside of country world of the internet.
Off on a bit of a tanget here....
==============================
You can surf the internet using the TOR network with little effort these days.
Tor is free software for enabling anonymous communication. The name is derived from an acronym for the original software project name "The Onion Router". Tor directs Internet traffic through a free, worldwide, volunteer overlay network consisting of more than seven thousand relays to conceal a user's location and usage from anyone conducting network surveillance or traffic analysis. Using Tor makes it more difficult to trace Internet activity to the user: this includes "visits to Web sites, online posts, instant messages, and other communication forms". The intent for Tor's use is to protect the personal privacy of its users, as well as their freedom and ability to conduct confidential communication by keeping their Internet activities from being monitored.
The core principle of Tor, "onion routing", was developed in the mid-1990s by United States Naval Research Laboratory employees, mathematician Paul Syverson, and computer scientists Michael G. Reed and David Goldschlag, with the purpose of protecting U.S. intelligence communications online. Onion routing was further developed by DARPA in 1997.
==============================
Over the years there has been a switch from private line commercial point to point stuff (expensive) to utilizing now the Internet with VPN tunnels replacing the point to point stuff (relating to enterprise domestic and international inter company transport).
Relating to WAP's the first Ubiquiti AP I had I never did modify it or replace the OS as they did good with this stuff. I also tested their intro in to CCTV. It was a reasonably price inexpensive camera that just worked but had no bells and whistles at the time.
Relating to VPN here have utilized it for access to my network for a few years now. The bottlneck there was the uploading speeds versus the downloading speeds with my ISP. That said today can use tablets / phones running VPN to my home network for automation stuff.
The whole VPN monthly service thing is relating to surfing freely untethered by your ISP and today somewhat related to the use of KODI.
This year again (it's been attempted before) China and Russia are trying to restrict or ban the use of VPN tunnels to the outside of country world of the internet.
Off on a bit of a tanget here....
==============================
You can surf the internet using the TOR network with little effort these days.
Tor is free software for enabling anonymous communication. The name is derived from an acronym for the original software project name "The Onion Router". Tor directs Internet traffic through a free, worldwide, volunteer overlay network consisting of more than seven thousand relays to conceal a user's location and usage from anyone conducting network surveillance or traffic analysis. Using Tor makes it more difficult to trace Internet activity to the user: this includes "visits to Web sites, online posts, instant messages, and other communication forms". The intent for Tor's use is to protect the personal privacy of its users, as well as their freedom and ability to conduct confidential communication by keeping their Internet activities from being monitored.
The core principle of Tor, "onion routing", was developed in the mid-1990s by United States Naval Research Laboratory employees, mathematician Paul Syverson, and computer scientists Michael G. Reed and David Goldschlag, with the purpose of protecting U.S. intelligence communications online. Onion routing was further developed by DARPA in 1997.
==============================
Over the years there has been a switch from private line commercial point to point stuff (expensive) to utilizing now the Internet with VPN tunnels replacing the point to point stuff (relating to enterprise domestic and international inter company transport).
Relating to WAP's the first Ubiquiti AP I had I never did modify it or replace the OS as they did good with this stuff. I also tested their intro in to CCTV. It was a reasonably price inexpensive camera that just worked but had no bells and whistles at the time.
I'm a big fan these days of "it just works!" I have a single Ubiquiti AC-Pro WAP servicing our homestead, located in the center of the house on the first floor. Great UI to look at what is connected and what is consuming wireless bandwidth, easy to manage connections, etc, etc...
