Jump to content
RESET Forums (homeservershow.com)

pfSense Router Build


Recommended Posts

I've had this setup for while and would like to share with the masses.. I'm currently running pfSense 2.1 Dev on the below hardware. I've had the box up and running for almost 2 years and its gone thru many changes... Mostly software changes as this box first ran pfSense 1.2.3 then 2.0Beta to get the LCD display to work then 2.0BetaIPv6... It currently runs 2.1Dev which includes the IPv6 code. I've never had a high uptime because I'm always making changes but it did have a 36 day uptime once because I away for training with my reserve unit. My first router box running pfsense 1.2, had a year up-time since I never messed with it after its setup.

 

This box has 4 Intel NICs, 2 on the MB and 2 on a PCIe card. I'm using 3 ports today, WAN, LAN, and another is a VLAN trunk. The VLAN trunk allowed me to setup my Linksys/Cisco Router(running DD-WRT, AP setup only) with a Guest Wireless VLAN. I didn't want to setup another wireless AP for guests, and since I can setup virtual Interfaces on the AP and tie it to a VLAN; it just seem the right way to go about it. I plan on adding another VLAN for cameras. I use OpenVPN in 2 forms, 1 for remote access and another is a Site-to-Site to my brother's network so I can mess with from time to time... And to give remote support...lol. As a test, I was able to connect my Verizon 3G USB stick and setup a WAN fail-over. I've removed 3G USB stick since i used that stick when i'm on the road.

 

I use traffic-shaper to its fullest. With the setup I have, I can be VPN into work moving files, watching a Netflix stream, playing xbox 360, and downloading 5 torrents with no hiccups. Of course this is over a 50/5 cable modem pipe so that helps too. I setup the "limiter" function so guest that are using the wireless can't hog bw, they get a 5/512k pipe.

 

With the help of other members on the pfsense forum, I was able to get the LCD display to work. Which is why I got this case to start with... Small factor, and able to display stats on its screen.

 

I also setup pound on the box as a reverse-proxy. There is a pfSense packages that does this but I couldn't get it run so i found pound to just work. It allows me to have a FQDN route to different boxes on my network all via port 80. In the past I would use IIS on my server to allow me to have different web sites on the same IP.. But I also wanted to see my TED5000(electric monitoring device) thru the internet. I was able to do with assigning a different port in NAT rules then have it direct to boxes IP on port 80.. But with this setup I had to remember different port numbers and open many ports on my firewall. Now with pound, all my traffic comes in via port 80. Pound looks at the FQDN and points that FQDN to the internal IP I assigned it to. Now if you browse to my public IP on port 80, nothing is displayed because pound is looking for a FQDN to process the request. Does this make my box less secure, maybe. But i've thrown every thing I have and can't break in... Working for a ISP, we have many tools to use from ;-)

 

Example all using port 80:

www.homeip.net - 192.168.0.10

ted.homesip.net - 192.168.0.15

whs.homeip.net - 192.168.0.100

 

 

Case: M300-LCD Enclosure with Bootable CF Reader, 1 PCI Slot and 2x20 LCD Display

MB: Supermicro X7SPA-HF-O Atom Dual-Core D510/ Intel 945GC/ RAID/ V&2GbE/ Mini-ITX Motherboard

Memory: x2 Kingston 2GB 200-Pin DDR2 SO-DIMM DDR2 667 (PC2 5300) Laptop Memory Model KVR667D2S5/2G

HD: Seagate 160GB (ST9160314AS) 5400rpm SATA2 8MB Notebook

PS: picoPSU-150-XT Power Supply 80W AC-DC Power Adapter Kit

Extras: Intel Dual Port Server NIC, PCIe (Can't remember the model as I already had it)

A special over-price PCIe ribbon riser so I can use the PCIe slot with this tiny case. Need to open the case back up and take a photo

 

pfSense Packages:

arpwatch

Backup

Country Block

Cron

imspector

iperf

LCDproc (hacked to get the LCD in the case to work)

mailreport

nmap

Notes (Comes in handy!)

RRD Summary

Shellcmd

TFTP

vnstat2

 

ntop (not running right now)

snort (not running right now)

 

Ports i've added to the system:

pound (resersve proxy for http/https, allows me to direct different FQDN via port 80 to differnt boxes on the network)

monit (monitors the system,re-start services if they are down)

freeipmi (allows me to access the ipmi chip for watchdog and temps within pfsense)

 

lcd setup:

http://forum.pfsense.org/index.php/topic,23919.msg173074.html#msg173074

 

pound setup:

http://forum.pfsense.org/index.php/topic,33566.0.html

 

watchdog/freeipmi setup:

http://forum.pfsense.org/index.php/topic,34056.0.html

 

Some photos:

The cable modem is the thin tall one, the other modem is for my phone..and the verizon 3G usb stick and the box off to the side my a QNAP 109-II with 2TB drive it in :-)

IMG-20110702-00093.jpg

current load

IMG-20110702-00094.jpg

states

IMG-20110702-00095.jpg

uptime

IMG-20110702-00097.jpg

the dashboard

dasboard.jpg

Link to post
Share on other sites
  • 5 months later...

Has anyone figured out how to setup a DD-WRT router to act as a remote OpenVPN client connecting into an PfSense 2.0 router? Amazingly I've yet to find a tutorial on how to accomplish this. am trying to avoid having to add another WRT54G router just to make it act as a VPN server (connected to my Pfsense server already running OpenVPN). If someone has achieved this and wouldn't mind writing a how-to it would be sincerely appreciated. In meantime, I have Hamachi 2 installed on both the remote client PC (1000 miles away) and my WHS 2011 box.

 

Thanks!

Link to post
Share on other sites
  • 1 month later...

I have been thinking about posssibly using pfsense. I have a Cisco RV082 router which does not support vlan tags so I can't build the guest account that I want to build with my Cisco wap4410 wireless which supports vlan tags.

I really like your pfsense unit. I would like more information on the hardware side. Are you using the Bootable CF Reader?

 

Edited by coxhaus
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...