Home firewall with PFsense

[KingCollins]

Hey guys, just wanted to dabble my feet in a little home networking project and was wondering if it was possible with the modem my ISP has provided? 

I have a spare machine that is way to overpowered (Intel Xeon with 8gb of memory) but it's just sitting around and is asking for attention! So I just bought a standard gigabit pci nic today and was hoping to install PFSense and let this machine do all the work, OpevVPN, firewall, portforwarding, DHPC the works.

 

What I was wondering, the modem/router my ISP has provided me might be a little strict? Or I'm a noob.

 

There's an option to change it to "modem only" mode, what exactly does that mean? It says it only "disables Wifi interface", says nothing about bridging which I would rather. And also an option to disable the firewall and disable the DHCP service.

Do I need to be able to pass through my public WAN address to get the full benefits of PFSense? Or if my "modem" was assigned an address of lets say 192.168.100.1, could I configure that as my WAN address in PFS?

 

Apologies if I sound like an idiot, any help appreciated!

 

[Electronics Wizardy]

Just saying that system will probably suck a good amount of power, so your powerbill will suffer.

 

You want modem only mode. That disables NAT, DCHP, DNS, and all the router goddies, and just a modem.

 

You can do dual NAT, and should be fine in most uses.

[KingCollins]

3 minutes ago, Electronics Wizardy said:

Just saying that system will probably suck a good amount of power, so your powerbill will suffer.

 

You want modem only mode. That disables NAT, DCHP, DNS, and all the router goddies, and just a modem.

 

You can do dual NAT, and should be fine in most uses.

We're on a flat rate here so it's all good! From what I've found in the forums, moden only mode turns it into a stand alone DOCSIS3 cable modem. So hopefully that should do what I need!

 

Not sure about the double NAT, but there is an option for a DMZ zone, would that be beneficial by isolating my PFS machine?

[Donut417]

32 minutes ago, KingCollins said:

We're on a flat rate here so it's all good! From what I've found in the forums, moden only mode turns it into a stand alone DOCSIS3 cable modem. So hopefully that should do what I need!

 

Not sure about the double NAT, but there is an option for a DMZ zone, would that be beneficial by isolating my PFS machine?

NAT is how a router share one Internet routeable address with multiple computers. If you have two routers in line then you have double NAT. It can cause issues with some software and game systems, as it makes a bitch to port forward correctly. Just switch the box from the ISP to Modem only and you should be fine.