Setting Up Firewall

[TheHyperGamerGuy]

Hey all, just looking for some tips and tricks to set up a physical firewall on my network. 

 

 At the moment my Asus Router does the firewall/router combo and it'd be a lot more secure (and not to mention good practice for me since I wanna move up in my IT job) to just use a physical box to process traffic through. 

 

Currently I have a HP EliteDesk 800 G3 SFF PC that's kinda been my testbench/tinker box and I'm thinking of turning it into a physical firewall. It only has onboard 1gig ethernet, but in all honesty I'm pretty sure my ISP doesn't offer anything higher than 1gig for me as a consumer anyway, and anything 2.5 gig is just for local transfers anyway. 

 

What software would be best and what might be the best way to go about setting it up? I know some people run a Linux based OS that's dedicated for networking (Proxmox and the like basically) but if there are other suggestions as well, I'd be interested to know what they may be. Also any video tutorials or guides to follow alongside are always helpful. I'm much more visual of a learner than text lol. 

 

Whatever suggestions you may have will be welcomed graciously. Thanks everyone <3

[HeliusMagnum]

Have you considered running OpnSense?

[TheHyperGamerGuy]

39 minutes ago, HeliusMagnum said:

Have you considered running OpnSense?

Oh, not a bad Idea I've heard that name once before. I'll see if I can find some guides about it. Thank you!

[HeliusMagnum]

You could use it as you router and use the ASUS router as a AP if it supports it.

 

[TheHyperGamerGuy]

Just now, HeliusMagnum said:

You could use it as you router and use the ASUS router as a AP if it supports it.

 

Ooo, that's not a bad idea either. Then my whole local network would run off 2.5 gig eithernet with my Zyxel switch and I could just run the Asus as a wireless AP... interesting. I like that idea lol. Thank you for that.

[QuantumRand]

I've got a little Intel i3-N305 box with 6x 2.5gbps ethernet ports which I threw OPNsense onto (supports PFSense as well). I have that functioning as my Router/Firewall, and it's farrrrr more performant than of the Wifi-router combos I've used in the past. Even basic traffic shaping/Firewall rules would destroy the network performance on those combo boxes, but my little i3 box has no trouble with it at all.

 

I'm sure your EliteDesk would be more than up to the task. If you need more ethernet ports, you can add some Intel i225-v (with B3 stepping) or i226-v NICs. Other chipsets would probably work fine as well, but I recommend the Intel cards because they tend to have better support/compatibility with most networking hardware/software.

 

Once you have OPNsesnse (or PFSense) configured on your EliteDesk, you can follow a tutorial to show you how to setup some basic traffic shaping to avoid "buffer bloat" and optimize your network.

 

Careful though, custom networking can get a bit addicting, and you'll find yourself constantly tinkering with your network, and it'll be down more than it's up! Lol

 

I switched my Wifi router into AP mode, and it just acts as a switch, but you could continue using it as a router (treating your firewall as another gateway). This way if you ever mess something up on the Firewall, it's easy to just bypass it and use your old router as you did before until things are fixed.

[Falcon1986]

On 1/3/2024 at 11:41 AM, TheHyperGamerGuy said:

Oh, not a bad Idea I've heard that name once before. I'll see if I can find some guides about it. Thank you!

As a side note, these types of "router OSes" have more advanced firewall features than what you'd find in your off-the-shelf combo unit. They also have support for installable packages that can allow you to do more things like DPI, IPS, IDS, etc.

 

OpnSense and pfSense are BSD-based and have poor intrinsic WiFi support. You will have to configure your WiFi on the AP separately. OpenWRT is Linux-based and can run with less resources and has better WiFi support if you're installing on an appliance that has a WiFi adapter/antennae.

 

BTW, LTT has done at least 1 video within the past 2 years about building your own router. My go-to on pfSense how-to's are Lawrence Systems and Crosstalk Solutions on YouTube. NetworkChuck and Willie Howe also have useful networking/WiFi tutorials.