pfSense Firewall - Setup questions

foolishlywise · March 6, 2016

As things go, I have been blessed with a spare PC that is sitting there doing, er, nothing. So, why not use it as a pfSense router/firewall?

Before I start, I have a few questions going along the lines of "is this possible?" nature -

I have a VDSL connection (BT Infinity for anyone from the UK) - have a modem supplied by the network operator. This goes to a Nighthawk R7000 router which then shoots out wireless and has all the wired stuff connected to it. First question is that would I be able to tune pfSense to fit between the modem and the R7000 as a firewall? (so, the setup would go Modem > pfSense firewall > R7000). I am aware that I could have the pfSense box being used as the DHCP but theres something about leaving it to the router to manage I like. Strange but meh, thats me. I'm looking to simply have that pfSense act as a hardware firewall to be honest.

Secondly, in terms of performance, the incoming connection is around 60mbit down, 20mbit up. The pfSense box will have a dual NIC card (Intel EXPI9402PT), a Pentium G630 with 10GB RAM and the system run from a thumb drive. Would this be okay for firewalling a 60/20 connection?

Cheers!

TechFnatic · March 6, 2016

Neat. I like this idea, I've been doing lots of stuff with pfSense in my CentOS lab and I'd love to know the answer to this as well

beavo451 · March 7, 2016

Either sell your Netgear device (replace with AP and switch) or just us it as an access point would be a far better idea.

If you are going to spend the effort to put a PFSense box into your network, you should let it do what it does best: routing and firewall.

foolishlywise · March 12, 2016

Ah, that is a good point. Bought the Netgear over a year ago and its been pretty rock solid with good wireless coverage, so sticking it in AP mode seems a good idea and using it for wireless.

So, I've tried setting pfSense up. Installed but there's issues going on. I'm getting "default interfaces not found". Tried sticking in another NIC (and disabling onboard NIC) and still getting the same error. Tried reinstalling pfSense too.

System spec:

Motherboard: HP Chicago (http://support.hp.com/us-en/document/c02854392) - It came in the prebuilt machine I was bought ages ago (no laughing - the machine was bought for me as I was 'too young' to build a machine when I was 15).

RAM: 10GB DDR3

Processor: Pentium G630

NIC's tested: Intel PRO 100/1000 EXPI9404PT and Intel PRO 100/1000 EXPI9402PT. Confirmed both aren't dead by testing in another system.

I'm plugging it into the x16 slot that's on the motherboard (used to have graphics plugged into it).

Both cards are listed as compatible with FreeBSD. Any ideas what's going on, anyone?

foolishlywise · March 12, 2016

Ah, so I got the EXPI9402 to be recognised. It seems that the EXPI9404 isn't backward compatible with PCIe 3.0/2.0 at all. Since the BIOS in the machine hasn't got the option to set PCIe version, it won't work.

I've attempted to install the pfSense box. But, for now, its back to the dark old days of the R7000 until I figure out what is going on (and don't have university coursework to do simultaneously!). I have no idea if anyone has run into this issue before but here goes my description of it:

The pfSense box was connected to the R7000 with the latter being in Wireless AP mode but with devices attached onto the LAN ports, hence having it perform as a Wireless AP and switch rolled into one. Connecting onto the spare ethernet port on the pfSense box resulted in me being unable to ping anything on the network at all (bearing in mind the other cable was attached to the AP - and could access internet wirelessly). The LAN ports were bridged coming from the EXPI9402 (I managed to find a gigabit Intel PCIE card so that was used as PPPoE input) but it still would not play ball.

Any ideas, guys?