Jump to content
RESET Forums (homeservershow.com)

Super Router


Recommended Posts

This post is a reply to pcdoc in another thread (didn't want to hyjack that thread with this unrelated topic).



pcdoc, one of the things I love about having my router (pfSense) and UTM (Untangle) on a VM, is how easy it is to stop one setup and start another. I did that a lot when I was first setting things up. Now I have pfSense as the router and Untangle after that as the UTM and pretty much leave it alone. Combined they work great. The only thing I pay for is the extra virus protection on Untangle. It comes with a light weight virus scanner, but I pay for the Kaspersky Virus Blocker to get better scanning at the router level. With two teenage boys (well almost 15 and 11), having virus protection at the router level makes me feel a little better.


I have both pfSense and Untangle running on a Xenserver and only use it for this purpose. I have considered beefing up the hardware and running some other VM's, but I like having these two guys all alone. They are both backed up to another server and before making any changes to them I always take a snapshot. Therefore, even when the harddrive in the system failed on me a couple of months ago, I was back up and running withing the hour (had a spare drive already) with the exact same setup.


Here is a screen shot I just took of my Untangle "rack" as they call it.





I hear Untangle is a good router, but I have not tried it that way and only use the filtering functions (virus, spam, phish, spyware, web, etc). For a router, I prefer pfSense. It has pretty good QOS settings, UPNP works great, reporting is pretty good and there are a number of add on packages to add more functionality. I use a Dashboard plugin, Country Block plugin (block all of Asia, Russia and several other locations) and a few others.


Here are a few screen shots of pfSense:



This is the initial screen you see when you log into pfSense. I am using the Dashboard package which makes the screen more useful.






Here is the traffic graph with the Rate package added so I can see which computer is using what bandwidth at the moment (no historical reporting however)





Here is the RRD graphs. Only two graphs are shown in this screen capture (the 4 and 16 hour graphs), but further down on that same page are the 2day, 1 month, 6 months and 1 year graphs. Also, that was just the quality graph, there is also a traffic graph and several others.






And while I have double virus scanners running on the Untangle box, I also use a pfSense package called Country Block, as shown below.





When I first set all this up I was a little worried about how much lag it would introduce, and I didn't want anything screwing up my Xbox360 Call of Duty games. Well, even with the wife on her computer, one of my sons on the other Xbox and the other one streaming video from the internet, the Call of Duty games are unaffected by any noticeable amount. Before I built my own router, under these same conditions, every router I tried had trouble (just a couple Netgear and Linksys routers). So I am very pleased with the setup.


Also, I have Untagle e-mail me a pdf report every day of what happened the day before. I was shocked when I was reading one of them and found it had blocked 14 virus from being downloaded. Me and my 15 year old had a good talk about him visiting hacking websites!!

Edited by geek-accountant
  • Like 1
Link to comment
Share on other sites

Wow, this is a great post. I have never seen pfSense before but I did run untangle as router about 6 months ago. About 2 months before they released there brand new version. I had it running on an atom box and it worked great except one thing. Everytime I would launch a blu-ray and TMT would start to fire up it would freeze. The issue was media center would try and access a IMDB site eveytime a blu-ray would play and untangle would block it. I am sure there is a way to fix it but at the time I did not have the time as we where just starting the podcast so I let it go. I am now ready to try out their new version and see if I can things to work. Now that I have a local expert, I let you know how this works out or if I have any questions. Thanks for taking the time to post the screen shots and the detail information. Keep you posted on my progess and thanks again for the effort. Very cool setup you have there.

Link to comment
Share on other sites

Wow! This is a nice setup. I might try untangle as a router and filter. I may have to seriously consider something like this when my boys get older.


I notice that the Kaspersky addon is not cheap. $108 for a year so it takes some commitment to this platform if you want to run the extra stuff. Do you mind sharing your xenserver setup? How many NIC's you run, etc?

Link to comment
Share on other sites

THe debate of using local protection in lieu of router based is always there. I prefer to use nortons internet security on the PC and then use Untangle or equiv as the firewall. You need a min of 2 NICs. One for the modem, one for internal network, and a third if you want a DMZ or Wireless access point. I have just ordered all the component build this and will be joining the ranks with geek-accountant in the next couple of weeks. They have a brand new version out and I want to give it another shot. I do like his approach of using a VM but I will just build up an atom board and use it a dedicated router. There is a good video of it on Hak5 as well as other sites. Never tried pfSense yet but may give that a shot before final deployment.

Link to comment
Share on other sites

All of the addon's are not cheap from Untangle, but the additional virus protection is their cheapest. I found their free virus scanner to be somewhat weak and I wanted the added protection of the stronger scanner (wait until you kids get bigger :( ). I still have antivirus protection at the PC level, but like having it at the router level also.


The setup is a AMD dual core cpu with 4gig of ram. For a long time, I ran pfSense and Untangle in separate boxes with weaker hardware (just some old stuff I had lying around). Then when I heard about virtulization, I decided this would be the perfect project. First tried esxi and it wouldn't install on the new hardware I just bought, so I turned to Xenserver which installed fine.


The system has 4 nic cards, including the onboard card. The onboard card is used for Xenserver management, one card goes to the cable modem, another to my switch and the last one is for when I want to hook up a unsecured wireless connection (I have a wireless access point at another location in the network). The unsecured wireless is only turned on when we expect guest and is separated from the main network. In addition to the physical nic's, there is a virtual switch/nic that goes between pfSense and Untangle.


In this setup, Untangle is used in transparent mode and the firewall is turned off. Therefore, I am using Untangle just for the UTM functions. The setup sounds a bit complicated, but it really is not that bad.


The benefits of having all this in a virtual environment is the ability to have multiple setups and switch between them fairly easy. Also, backing up the VM's is a great way to protect your router setups in case something goes wrong. While I was testing, I had the following VM's setup and switched between them often:


  • pfSense to Untangle
  • pfSense standalone - no packages
  • pfSense - few packages
  • pfSense - many packages
  • pfSense - DHCP services only
  • Smoothwall
  • Untangle


There where some more but those are all I can remember right now.


I should also note, that I have resisted the temptation to run other VM's on this server. While it should be fine, I really want to keep these VM's on their own server with no other VM fighting for resources or worse causing stability issues or security problems.


Given how often I mess around with stuff, this server has been rock solid. It once ran for about 100 days without a reboot and then only had to reboot because we had a long power outage. :angry:

Link to comment
Share on other sites

As for pfSense vs Untangle, they both have their strengths and weaknesses. pfSense has better QOS, better real time reporting, better UPNP and lighter weight. Untangle has better/easier filter, the web filter has worked great with my two boys.


Here is a pretty good article discussing the two:



Link to comment
Share on other sites

I hate these kind of posts....they just get me thinking about something else that I can do, should do or want to do.


I guess I am a little fuzzy on your setup Geek-accountant. You have:


Internet <-> cable company modem <-> pfSense Router <-> Untangle <-> home network


Is that correct? Does all traffic come through pfSense and then Untangle to get to your home computers? How is everything routed through Untangle? or am I missing something. This is all new stuff to me so I am just trying to figure out how it works.


And I only have a 6 year old girl that uses the internet right now but she is too smart for her own good. I need to be thinking one step ahead of her at all times....

Link to comment
Share on other sites

Yes, you have it correct. In this setup, Untangle is in what they call "transparent mode". All it is doing is filtering the traffic that comes through it. pfSens is handling all the DHCP and firewall duties. You may want to try them individually first (both are free, Untangle has some paid addons, but works fine without them), before setting them up together. I ran pfSense alone for a good while before adding Untangle. I like Untangles filter better than that in pfSense.


For pfSense, almost any old hardware will work. The hardware requirements are really low. Untangle needs a bit more horsepower and of course if you are going to run them on a virtual server together, then even more horsepower is needed.




Link to comment
Share on other sites

Two questions for Geek-Accountant:


How does the Untangle product compare to either ISA Server or Astaro and secondly how many NIC cards are in the Hyper V box? (I presume you are running all the VM's from the same box as your WHS, etc)

Link to comment
Share on other sites

Not sure Untangle compares to ISA or Astaro. I have downloaded Astaro and installed in on my Xenserver, but haven't done anything past that. I have never used ISA, sorry.


These router OSs are not running in my Hyper-V server. They are running in my Xenserver. Heck, I don't even know if you could get these to run in Hyper-V since it can't run as diverse an OS list as Xenserver.


The Xenserver has 4 nic's. The onboard nic is used for Xenserver management, one nic is goes to cable modem, another to my switch. The last one is only used for an unsecured wireless access point that I run when we have guest that need it.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Create New...