Network Help for a Newbie (router/firewall + ad blocker)

[beldecca]

I'm trying to install a router/firewall OS on a Celeron N5105 w/ six (6) i226V NIC's. I was thinking of using PFSense for the OS. 

I was thinking that I could have:

one as WAN,

one for LAN- -> wireless AP w/ switch (I'd like to use my Orbi that I already have)

one for Guest LAN -> Wireless AP

one for LAN to my primary PC

one for Pi Hole Ad Blocker

one for my NAS (Synology)

 

I was going to use a cheap N100 box for Pi-Hole that I picked up on a whim a while back and have been looking for a use. 

 

I also have a 10GBE cable running between my primary PC & my NAS - I might upgrade the switch to have at least two 10GBE ports to simplify everything, but I haven't picked one up yet. 

 

The router/firewall has a 256GB drive. (It was the drive I had on hand). PFSense won't use all of that. Is there something else I should use that storage for? 

 

What problems could I run into? What should I look out for? 

I've been building PC's since the 90's but never really tackled learning networking. So I really appreciate insights. Thanks for your time. 

[Falcon1986]

19 hours ago, beldecca said:

The router/firewall has a 256GB drive. (It was the drive I had on hand). PFSense won't use all of that. Is there something else I should use that storage for? 

Well, you could eliminate needing another piece of hardware altogether to run a DNS ad blocker. Instead, install the pfSense plugin pfblockerng with the relevant blocklists and call it a day. Alternatively, you could install Proxmox, allocate resources for pfSense and an ad blocker separately, and install pfSense and PiHole. My preference is AdGuard over PiHole since it's a bit simpler to use. I've heard of people using AdGuard blocklists within pfblockerng.

 

The obvious downside to the above setup is that everything is dependent on one piece of hardware running 24/7. If the hardware fails, the entire system fails. However, with only 2 services on the same hardware, I don't think it's as high risk. The more services you add, the more you should give consideration to bare metal.

 

On the other hand, you save on power consumption, heat production and physical space.

 

19 hours ago, beldecca said:

What problems could I run into? What should I look out for? 

I've been on a break from pfSense for a while. Using a simpler setup while occupied with "life". So my information might be a little dated...

 

I remember pfSense CE being a little behind in hardware support compared to pfSense Plus. OPNSense tends to support newer hardware much quicker than pfSense. Whichever one you choose, ensure it supports the Intel NICs your appliance has.

 

19 hours ago, beldecca said:

I also have a 10GBE cable running between my primary PC & my NAS - I might upgrade the switch to have at least two 10GBE ports to simplify everything, but I haven't picked one up yet. 

Don't ignore SFP/SFP+ when you need high bandwidth over short distances. You might find that your overall cost and heat production are less in comparison to ethernet at these speeds.

 

As an aside, a good quality UPS with surge protection and line conditioning is a needed investment when you're using expensive network setups. You won't know how valuable some form of battery backup is until your appliance fails to boot due to a corrupt write that occurred during power failure. Of course, if your mains power is reliable and you don't have lightning strikes in your area, this investment might not be as important or can be delayed until the budget allows.

[beldecca]

47 minutes ago, Falcon1986 said:

Well, you could eliminate needing another piece of hardware altogether to run a DNS ad blocker. Instead, install the pfSense plugin pfblockerng with the relevant blocklists and call it a day. Alternatively, you could install Proxmox, allocate resources for pfSense and an ad blocker separately, and install pfSense and PiHole. My preference is AdGuard over PiHole since it's a bit simpler to use. I've heard of people using AdGuard blocklists within pfblockerng.

Wow so much good information. Thanks Falcon.

 

 I appreciate the simplicity of making one machine take care of more than one task. I think that Celeron N5105 should have enough power to do more. I will be honest - the reason that I'm reluctant is that I'm still much of newb that I don't have any experience with Proxmox. I'd like to get a network up and running before I launch off into a new direction. But if I need to, I'm open. I do like the idea of the pfSense plugin which I will look into. 

 

I tried OPNsense build and I was having a hard time getting it to set up correctly. I was having trouble logging into it / setting up additional networks. I know some say it's the easier GUI of the two, but I thought I'd try to get pfSense to run. 

 

The main reason I was looking at using the N100 as an ad blocker was that I had the machine that I purchased on a whim that I was looking for a use for.  

 

I do have a good UPS - so glad to see that as a recommendation - a UPS should be recommended more often! 

 

I'm using Cat6E between my PC and my NAS because both machines have a standard NIC and no option for SFP+. I went to 10GBE because I do a lot of photography and the NAS is my repository of files and Photoshop projects.

 

If I did a remote switch, I'd think about RJ45 on one end and SFP+ on the other if it was warranted. Does anyone have a recommendation out there for a good switch? (like at least two 10GBE & 4 more ports). 

[Falcon1986]

20 minutes ago, beldecca said:

Does anyone have a recommendation out there for a good switch? (like at least two 10GBE & 4 more ports).

Take a look at ServeTheHome and the associated YT channel for suggestions.

[beldecca]

7 hours ago, Falcon1986 said:

Take a look at ServeTheHome and the associated YT channel for suggestions.

I will take a look. Thanks. 

 

Does anyone know of a good place for some info (maybe a recommended video) on setting up pfSense? I was able to get it installed, but can't seem to get data to go through. I'm sure I have a rules wrong or something. 

[Falcon1986]

On 2/23/2024 at 5:01 PM, beldecca said:

Does anyone know of a good place for some info (maybe a recommended video) on setting up pfSense? I was able to get it installed, but can't seem to get data to go through. I'm sure I have a rules wrong or something. 

1. Crosstalk Solutions
2. Lawrence Systems
3. NetworkChuck

[beldecca]

On 2/23/2024 at 7:53 PM, Falcon1986 said:

1. Crosstalk Solgutions
2. Lawrence Systems
3. NetworkChuck

Thanks! I watched through them, and I'm going to tackle this in a bit.