Homebrew Firewall/DHCP/Wifi
Home › Forums › Home Theater Computers › Homebrew Firewall/DHCP/Wifi
- This topic has 10 replies, 5 voices, and was last updated 13 years, 10 months ago by jrandeck.
-
AuthorPosts
-
January 14, 2011 at 12:16 am #25854
My trusty WRT54G is on the verge of death, now requiring frequent reboots, clashes with certain devices, etc. and I was thinking of using old pc components to take a stab at a pfSense or some similar option (if there are any). Has anyone else gone this way with their home network?
January 14, 2011 at 1:18 am #29358flipsI use m0n0wall at home. It has been serving me well for probably 5 years or more. I use the VPN feature on it, but not too many more of the advance features other than that. I tried out the traffic shaping, but I’m not sure how much of a difference it really makes, assuming I have it setup properly.
Probably the only down side is the elec cost of running the computer 24/7. I have been looking at the DD-WRT project lately, but I have never tried it.
flips
January 14, 2011 at 1:26 am #29359NayliaI have a Athlon XP-M 2400+ that runs 35W at full load, so I’m hoping that the overall system at real world loads won’t actually be very high. Someone pointed out to me the idea of server grade NICs on ebay and they are quite cheap.So I’ll ditch the onboard NIC for a dual port Intel server card for about $24. I’ll also need to find an inexpensive but reliable 5 port switch to connect up and I have an Apple Airport Express AP lying around that will provide wifi for the laptops and cell phones in the house or drop in an old wireless PCI card that I think I still have.
January 14, 2011 at 1:28 am #29360NayliaDamn…just realized I’ll need a low profile fan/heatsink for the PC case I’m using…
January 14, 2011 at 1:58 am #29361mikinhoI use pfSense 2.0-BETA5 x86-64 at home on an Intel Atom D525 and am extremely happy with it. It handles everything I want and more.
Definitely go with an Intel dual NIC if you end up with a *BSD platform. For WiFi if you have a Marvell PCImini-PCI card the mwl(4) drivers in FreeBSD allow for up to 32 access points and wireless client at the same time. Works very well. I wish it was updated to use some of the newer mini-PCI-E cards but that is still a little far off.
January 14, 2011 at 11:00 am #29363flipsWhat is the adavantage of using a server grad NIC? Your LAN traffic doesn’t go through the router, right? so your only perfomance boost would be to the internet. Would you really notice a performance difference on a 6 mbit internet connection?
flips
January 14, 2011 at 1:22 pm #29364skirge01I’ve been using IPCop for at least 6 years now and love it. I repurposed an old Dell mini-tower I got from work and it’s still chugging along just fine. When (if?) it dies, I may look at other firewall software, like pfSense, but only because I’m curious what they have to offer, not because of any issue I have with IPCop.
January 14, 2011 at 2:00 pm #29365mikinho[quote=flips]
What is the adavantage of using a server grad NIC? Your LAN traffic doesn’t go through the router, right? so your only perfomance boost would be to the internet. Would you really notice a performance difference on a 6 mbit internet connection?
flips
[/quote]
The advantage is with stability. On many *BSD and *nix platforms lower grade NICs are not very well supported or developed. For instance, 3-4 years ago I had an older firewall running m0n0wall and switching from an on-board Realtek to a dedicated Intel PCI-E NIC (workstation grade, you can find them for $29 on Newegg) increased my speed test by 4 Mbps and lead to a much more stable connection.
If you can find a good price on an Intel PRO/1000 MT Dual Port get it, that cards rock. My router, Motorola 6120, has a gigabit port and with Comcast rolling out their 5010 (and 10050 in some markets) plan I don’t want my hardware to be the limiting factor 🙂
January 14, 2011 at 2:12 pm #29366jrandeckDoes anyone know how well pfSense or something similar would work running as a virtual machine? I thought about doing that but as I don’t have dedicated server hardware, I would need to share a NIC between the host OS and the VM (I suppose I could get another NIC if needed) and I didn’t know how well that would work.
I know there are preconfigured VMs available for some of the products out there, though.
If you leave your PC on 24/7 like I generally do anyway, then that would save the extra cost of running another server PC.
January 14, 2011 at 2:32 pm #29367mikinho[quote=jrandeck]
Does anyone know how well pfSense or something similar would work running as a virtual machine? I thought about doing that but as I don’t have dedicated server hardware, I would need to share a NIC between the host OS and the VM (I suppose I could get another NIC if needed) and I didn’t know how well that would work.
I know there are preconfigured VMs available for some of the products out there, though.
If you leave your PC on 24/7 like I generally do anyway, then that would save the extra cost of running another server PC.
[/quote]
You will need a minimal of two NICs. You could technically do it with one if you have everything on a static IP address aside from 1 virtual NIC for the WAN but the performance would suck and be more trouble than it is worth.
I had pfSense running under Hyper-V for ~1 year before setting up my initial Atom D510 1U system (now an Intel D525). Since Hyper-V doesn’t officially support *BSD I had to run the virtual network cards in legacy mode but the performance was still better than a Apple Airport Extreme I tested against. I went with Hyper-V since I had a server setup already. If you are setting up a hypervisor environement just for this use I would suggest VMWare ESX/ESXi.
I don’t think I would ever use a desktop though. I wouldn’t want the performance hit of running virtuals on my primary desktop or worry about rebooting and dropping the network connection. But that really depends on your home setup and if your work or family requires a steady connection.
January 14, 2011 at 4:27 pm #29368jrandeckI knew I’d need 2 NIC’s I was wondering whether it would be better to have 2 dedicated to the router or whether the LAN NIC could be shared with other VMs or the host OS.
When I was considering doing this I intended to set up a hyper-v environment, but a hardware failure on one of our desktops made me scrap plans for that server for the time being. Basically, the server hardware became my desktop hardware, and I run Windows 7 there so I can play games, though for the amount of time I (don’t) spend doing that, I wonder whether it’s worth it to even have a gaming PC. I think everything else I do on that PC could be done in a Windows 7 VM.
Right now I’m running Tomato firmware on an Asus RT-N16 router which does what I need, so this is mostly an academic interest for me at this point.
-
AuthorPosts
- You must be logged in to reply to this topic.