Jump to content
RESET Forums (homeservershow.com)
KrisseZ

A new router / firewall

Recommended Posts

Greg Welch

These are great boards for Pfsense http://www.supermicr...SPE-HF-D525.cfm . I don't know how the price or availability would be for you though. The IPMI, dual Intel nics, watchdog features and lower power usage sold me on it.

 

i agree , i will be swapping mine out for this soon. i like the IPMI 2.0 / KVM i use it on my server ( gives headless a whole new meaning)

Share this post


Link to post
Share on other sites
KrisseZ

I am glad you got it working. I thought by your diagram you had 192.168.0.1 255.255.255.0 assigned to vlan 1 with a network 192.168.0.0/24 and with trunking set up with the other vlans. I have seen addresses flow one way and not the other when using vlans. My old Cisco days. Routers tend to work better when 2 interfaces are used. Router on a stick is a router with one interface. I have seen problems in the old days with routers and one interface. I have not used pfsense so I was looking at it from a network point of view. I currently use a Cisco router with untangle behind it. I am considering using pfsense to reduce my response time on the WAN.

 

Oh my god you're right. :D I did made a mistake while making that diagram. That's what you get when you're doing work while being tired. Coxhaus I am also at least trying to look this from the network point of view. I am currently studying

CCNP at our school. Next year I intend to get the CCNA certification. (I have studied all the CCNA modules, but since it's by our schools curriculum we won't automatically get the certificate.)

 

And I am still envious for you guys, since you can get your hands on the more exotic hardware with such ease. :( I think I have narrowed down my new firewall options to three candidates and will make a post about them later today.

Share this post


Link to post
Share on other sites
mattd390

i agree , i will be swapping mine out for this soon. i like the IPMI 2.0 / KVM i use it on my server ( gives headless a whole new meaning)

 

It is great isnt it :). RDP is awesome too but if you need to get to the BIOS or reboot a frozen pc IPMI is more awesome lol.

Share this post


Link to post
Share on other sites
KrisseZ

These are my current findings about pfSense router on a stick config with PPTP VPN and 100mb lan

 

Computer specs:

AMD Athlon™ 64 X2 Dual Core Processor 3800+

2GB DDR1 memory 400 Mhz

 

Both computers in the same vlan.

pfSense CPU util: 0-1%

Throughput: 99 Mbps

 

Both computers in different vlans

pfSense CPU util: 0-1%

Throughput: 0 Mbps and unable to connect

 

Both computers in different vlans and PPTP VPN enabled and connected

pfSense CPU util: 33-42%

Throughput: 90 Mbps

 

So I was wrong about the 100mb being insufficient for my testing. I kinda forgot the whole full-duplex thing :(

The only sad thing is I can't test with a IPsec and more robust encryption settings, but this was still eyeopening.

I can say that pfSense is very viable option for my new firewall.

 

I think it has boiled down to these three candidates. They all have their pros and cons and I'm trying to summarize them shortly.

 

DIY firewall with pfSense 170€

Asus E35M1-I with Zacate E-350 & 2 Gb DDR3

Chieftech FI-01B enclosure & 4 - 8 Gb USB stick

Optional add-on NIC

 

Pros

*Largest range of features and customizability

*"Firmware" updates are garanteed

 

Cons

*Open source, nothing is ever fully functional

*VPN features broken ATM

*ipv6 support is only half-way finished and is usable only with A LOT of tweaks

*Don't know of 3G failover

 

D-link DSR-1000N 310€

 

Pros

*For a commercial product has the most VPN possibilities

*Wlan (Not sure if want it)

*Rack installable

*No fan

 

Cons

*By the numbers lowest VPN throughput

*I have a bad image of D-link

 

ZyXEL USG-50 350€

 

Pros

*No fan

*Highest VPN throughput of the commercial products

*I have a good image of them

*full ipv6 support

 

Cons

*The most priciest

*VPN tunnel counts are way smaller than D-links

 

 

So this is what I have gathered. It's really hard to pick one since I haven't used the ZyXEL or the D-link. I like to use pfSense very much but I am intimidated by the fact that it's open

source. I tend to trust commercial products more.

 

Opinions?

Edited by KrisseZ

Share this post


Link to post
Share on other sites
coxhaus

Did you feel like pfsense had good 802.1q tagged trunking support as you were testing? I run a separate Cisco business wireless unit away from my WAN router. I want to be able to work on either and reboot them without affecting the other one. My wireless unit supports 802.1q tagged vlans which I would like to take advantage of setting up a proper guest account. My old router does not support tagged vlans so I can’t do what I want to do. I was hopping pfsense would work. I will still continue to run untangled in transparent bridged mode. What a great product.

Edited by coxhaus

Share this post


Link to post
Share on other sites
KrisseZ

Coxhaus, I would state that pfSenses 802.1q capabilities are superb. My friend was very skeptical about my idea of running the pfSense one armed, but it turned out that pfSense seems to be made for this kind of stuff.

 

When you configure the vlans in pfSense they will show up as interfaces when they are properly configured. It makes managing them very simple and easy. For a person how hasn't got a physical access to the pfSense machine, could think that a one armed router is a machine with for example three nics.

 

Having worked with cisco equipment I would rate pfSense on par with cisco or even slightly better with trunks.

Share this post


Link to post
Share on other sites
ikon

I am completely the opposite re: open source vs. 'commercial' (in my mind I substitute 'proprietary' for 'commercial'). With open source what's going on is not hidden and can be vetted by anyone with the necessary skills. With proprietary you can never know for sure what's going on. That said, I no longer run Linux as a desktop; I finally got tired of it never living up to its potential. So, I run Windows. Yes it's proprietary, but it's still the best thing available, IMHO.

Share this post


Link to post
Share on other sites
KrisseZ

Yes I agree with you that open source can be vetted by anyone with the necessary skills. Another thing is to find such a person. Even for a power users such as ourselves for example if the pfSense VPN is broken, it is and stays broken until someone better than us fixes it. We might be able to pull of some bubblegum fixes posted on the forums, but that's the extent of it.

 

So the way I see it in this case open source is almost the same as proprietary with the difference that proprietary devices have much more testing and validating behind them. But don't get me wrong, I am still very tempted with the pfSense.

Share this post


Link to post
Share on other sites
coxhaus

Windows does make life easy. I will never switch.

 

The easy way for vlans is to have a layer 3 switch. If only they were cheap and low power.

Share this post


Link to post
Share on other sites
KrisseZ

Vlan is layer 2 technology, you don't need a full L3 switch in order to use vlans. L3 is for routing and we have cheap pfsense that can do the intervlan routing for us. :)

 

For example this: http://www.newegg.com/Product/Product.aspx?Item=N82E16833127326 for 243$

has complete vlan features and is a fanless design, perfect for home. Not so expensive. :)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now



×
×
  • Create New...