A silly Question, is there a better alternative to pfsense for home use?

Discussion in 'Software Stuff' started by vl1969, Dec 13, 2017.

  1. vl1969

    vl1969 Active Member

    Joined:
    Feb 5, 2014
    Messages:
    518
    Likes Received:
    53
    Here is the thoughts,

    I was looking for help on setting up pfSense at home. simple setup for now.
    I have ISP modem --> to wireless router --> hose network.
    on the house network I have a second Wireless router in AP mode to extend range.
    an HTPC (Linux Mint 18 on Intel NUC )
    an Office Computer (Linux Mint 18)
    Network Printer
    2 laptops
    2 smart phones

    Plan to add a Proxmox Server with several VM. and maybe a couple security cameras just for fun.


    my wants are :
    Replace my ISP router with a pfSense or alternative setup.

    so idea for new setup is

    ISP modem(WAN) --> connected to pfSense/alternative PC (FireWall(FW))
    after that . FireWall PC LAN port plugged in into switch making it a router/DHCP/DNS/Gateway/firewall
    into switch plugs in all other devices including wireless router in AP mode or real AP device.

    now how do I secure all of this, so a wireless devices can use the internet but not anything else on LAN
    but some devices do need to access my server and shares.

    is pfSense the best for this setup?
    is Zentile a good alternative?
    NethServer ?

    please drop me some ideas here

    thanks vlad.
     
    #1
  2. Rand__

    Rand__ Well-Known Member

    Joined:
    Mar 6, 2014
    Messages:
    2,612
    Likes Received:
    348
    Sophos UTM or XG is also an option
     
    #2
    Evan likes this.
  3. cactus

    cactus Moderator

    Joined:
    Jan 25, 2011
    Messages:
    801
    Likes Received:
    68
    I have used pfSense and some other distros at home, but am back to just using EdgeRouters. (five including family) They are low power and little hassle; something I can set up and forget. When I did have a lab at my house, I tried to put the whole network behind a pfSense VM, but that meant I could never take the host down without losing internet.

    Also, not saying the EdgeRouter is the best, it is just what I became comfortable with and were at a good price point at the time. pfSense has the SG-1000 and the SG-3100 which are low power and get you pfSense.
     
    #3
  4. nkw

    nkw Active Member

    Joined:
    Aug 28, 2017
    Messages:
    130
    Likes Received:
    44
    This is what I usually end up doing anywhere there not a need for a fancy router (which now is pretty much any site that doesn't run full BGP in my opinion). I've even started moving smaller sites over to the Ubiquiti USG. They can route/firewall/nat line rate gigabit just fine and I've grown to like the centralized GUI management that the Unifi controller provides -- but that could just be because I'm old and lazy.
     
    #4
    cactus likes this.
  5. K D

    K D Well-Known Member

    Joined:
    Dec 24, 2016
    Messages:
    1,374
    Likes Received:
    286
    The edgerouter devices are awesome and can be tucked in anywhere. I still use an edgerouter-x that I got for 30bucks from my local microcenter.

    I personally use unifi devices. Set them up for a couple of family members for whom I provide tech support to. The ability to completely manage the network from anywhere I am with my phone is real cool.
     
    #5
    nkw and cactus like this.
  6. T_Minus

    T_Minus Moderator

    Joined:
    Feb 15, 2015
    Messages:
    6,404
    Likes Received:
    1,313
    pfsense would work fine for this setup.

    My pfsense appliance currently is like 6"x6"x1" it can fit almost anywhere too, is ultra low power, etc... you don't HAVE to use an old PC for pfsense... you can use some rather expensive high-end mini hardware now days too :)

    Amazon Search or Google: pfsense appliance or pfsense device
     
    #6
    EWBtCiaST likes this.
  7. am4593

    am4593 Active Member

    Joined:
    Feb 20, 2017
    Messages:
    122
    Likes Received:
    26
    if you're just looking for alternate firewall software there is also Untangle. Its linux based, more user friendly than pfsense. or so they say.
     
    #7
  8. Pri

    Pri Active Member

    Joined:
    Jul 30, 2014
    Messages:
    120
    Likes Received:
    47
    My personal opinion is that pfSense is the best option but it can be power hungry if you build your own box or costly if you use one of their pre-made systems. Ubiquti's $99-$299 units are pretty good and easy to use too.

    Personally pfSense all the way for me, it's just so good.
     
    #8
  9. brendantay

    brendantay Member

    Joined:
    Aug 12, 2015
    Messages:
    127
    Likes Received:
    17
    vyOS :)
     
    #9
    voxadam and audio catalyst like this.
  10. Evan

    Evan Well-Known Member

    Joined:
    Jan 6, 2016
    Messages:
    2,309
    Likes Received:
    322
    I don’t especially like pfSense but newest version is no doubt better, its not that it didn’t do anything at all that I needed though.

    I am using Sophos XG and also works well and I feel more polished in most areas.

    Prior I have used UBNT ERL3 (edge router) and found it very simple to operate and a fine firewall (fast and low power fanless) also but not with the anti malware etc that the pfSense add in and Sophos can provide.
     
    #10
  11. vl1969

    vl1969 Active Member

    Joined:
    Feb 5, 2014
    Messages:
    518
    Likes Received:
    53
    thanks everyone for this nice lineup of great answers. I will look over any that sound interesting to me.

    let me however do add more info.

    I did not plan to buy any device. although edgerouter sounds nice, at the moment is is not on the list.

    My plan was to setup a dedicated small factor PC (I already have) with Proxmox.
    than run a firewall distro VM on it. the PC I have is a Lenovo SFF with a PCIe 2 port nic added.
    so I have 3 Intel Gigabit NIC ports, 6GB RAM and 120GB SSD.

    I want to use Proxmox with VM to make it easier to test and switch firewall setups. but I could run it as a dedicated machine too.

    I tried Sophos 9 and like it but some things I wanted were missing in Free version.
    that is the issue with many distros I have looked over.

    pfSense seams to provide the best set of features even on free setup over most.
    but it is complicated for me as I am still kind of noobish with Linux and pfSense is not even Linux but BSD so some differences here too.

    so since my plan is to run a dedicated but virtualize setup I will try out most of the suggestions here but just wanted to limit
    myself to most popular and high ranked distros out there.
     
    #11
  12. mstone

    mstone Active Member

    Joined:
    Mar 11, 2015
    Messages:
    474
    Likes Received:
    110
    pfsense's decision to go with freebsd means their hardware support is much worse than the linux-based firewalls. they used to be more of a community project, but they really seem to see themselves as a corporate appliance provider with an open source dump on the side. this impacts their willingness to add anything that doesn't directly improve their own hardware offerings. they seem to be making decisions aimed at making third party hardware less attractive. if you're using pfsense and like it, great. but I don't think I'd choose it over other options for a new project if I had no investment in the platform.
     
    #12
    SwanRonson likes this.
  13. Rand__

    Rand__ Well-Known Member

    Joined:
    Mar 6, 2014
    Messages:
    2,612
    Likes Received:
    348
    What has been missing in UTM9?
    Just wondering...
     
    #13
  14. Pri

    Pri Active Member

    Joined:
    Jul 30, 2014
    Messages:
    120
    Likes Received:
    47
    When you say their hardware support is much worse do you mean for network interface cards? - I ask as I've not had or seen any complaints about hardware compatibility before it seems to work well on all manner of processors and platforms.

    The only time I've seen people say it doesn't have good support for their stuff is with those niche SFP+ cards from Mellanox where the user has to install some driver themselves instead of pfSense having native out of the box support.
     
    #14
  15. DouglasteR

    DouglasteR Member

    Joined:
    Dec 19, 2015
    Messages:
    80
    Likes Received:
    7
    Edge router really.
     
    #15
  16. vl1969

    vl1969 Active Member

    Joined:
    Feb 5, 2014
    Messages:
    518
    Likes Received:
    53
    it's not that it was missing but rather free version did not have the options I want it .

    like antivirus, website blocking features,
    if you want to use that you had to get a paid subscription.

    now I do not mind paying per see, but I do not like a subscription based model on things like firewall OS or some applications I use at home.
    when you run a business you can write off legitimate business expense like a subscription needed to run your business. but for home it does not work for me. so I am trying to find something that would do what I want and where I do not have to have a subscription. If I like an app I will donate what ever is suggested or even more but I like to have an option to pay one time and use thing I pay for.
     
    #16
  17. mstone

    mstone Active Member

    Joined:
    Mar 11, 2015
    Messages:
    474
    Likes Received:
    110
    Well, the most common NICs in low priced gear are from realtek, and they are largely unusable in pfsense. The support for new hardware (e.g., denverton) is slow to roll out. The next version of pfsense is supposed to require AES-NI, which seems like a shot against a lot of common third party pfsense hardware based on J1900. They've been in a dispute with qotom (who sold a lot of J1900 boxes) which may be unrelated, but also makes one wonder what hardware they'll decide to drop next and why. There was a lot of hype about QAT a couple of years ago, and a lot of people ran out to buy QAT hardware for pfsense, then one of the devs said later on reddit they weren't going to release anything that worked on the rangeley QAT platform because there were more third party boards with rangeley QAT than netsense hardware, so it didn't make financial sense for them. None of this is to say that they're evil, just be aware that their goal is to make money, which they've decided to do by selling hardware and corporate support contracts, and that if the free version works for you that's a happy accident. It isn't a community project driven by user contributions or desires.
     
    #17
  18. K D

    K D Well-Known Member

    Joined:
    Dec 24, 2016
    Messages:
    1,374
    Likes Received:
    286
    I agree with everything in your post but the above statement. If one is savvy enough to build their own router based on pfsense, then at the minimum they should look at building based on supported hardware. The statement hold good only if you want to just loadon pfsense on any old equipment that you have lying around and expect it to work. But those kind of compatibility issues are not limited to pfsense and apply to all software to some extent.
     
    #18
  19. BLinux

    BLinux Well-Known Member

    Joined:
    Jul 7, 2016
    Messages:
    1,866
    Likes Received:
    523
    I know I'm not doing what most people are doing, but that's why I thought I would throw the option out there.... this is only if you're really comfortable with Linux and you mention you have Linux computers; i've been using Linux OSes as network appliances for over a decade so this is what i'm comfortable with and chose to do...

    i got myself a cheap N2930 based system that draws like <20W, 8GB RAM, a 512GB SSD for caching and other stuff, and a 32GB USB drive for booting OS. it came with 5x 1Gbps NICs. this doesn't have AES-NI and frankly, I don't need it; I can run half a dozen VPN connections and the CPU is hardly working - I think AES-NI would be great if you need to do more VPN stuff, but that's not my case. i just threw a very stable CentOS7 on it and between netfilter and all the other open source tools available, I'm routing between my 2 internet connections (1x cable modem, 1x gigabit internet fiber), a wireless zone, a dmz zone to my publicly accessible servers, and my internal private network. i have policy routing to manage traffic between my 2 internet connections and I can download Windows or Linux distributions at near 1Gbps from the internet and system is mostly idle. the system is dead quiet and hidden under one of my desks in the home office. i'm very comfortable on the Linux CLI, so it's very easy for me to setup what i need, no GUI is all the better for me as I really don't like web servers running on a network appliance connected to the internet.

    I've tried other network router/firewall dedicated OSes and they are all fine, each with their pros/cons. I like CentOS because it is generic, super stable, has very long support cycle, and if I want to add any software on it, it's easy to find packages from the many repos, or setup a CentOS VM to compile/build whatever tools I want to put on the firewall/router and then just upload it. The last part, the flexibility, really appeals to me as I like to tinker and try things, or write my own programs/scripts to do this or that (e.g., I parse my logs for VPN connections and grab the GeoIP and send myself a message) and there's nothing special about doing development for a generic OS like CentOS (or whatever your favorite Linux distro might be).

    i know this isn't for everyone, but if you're comfortable with Linux, and have an appreciation for flexibility, then you can probably just throw your favorite Linux distro on it (doesn't have to be CentOS) and do whatever you want with it; no need to have "another OS" just for firewall/routing.

    P.S. based on comments above, i also want to throw out there that a generic Linux OS will have very broad hardware support too... so less restrictions on what you can use.
     
    #19
    Cheddoleum and voxadam like this.
  20. Rand__

    Rand__ Well-Known Member

    Joined:
    Mar 6, 2014
    Messages:
    2,612
    Likes Received:
    348
    Weird, I have those features with my free license?
     
    #20
Similar Threads: silly Question
Forum Title Date
Software Stuff Nutanix Community edition questions May 14, 2017
Software Stuff Anti-Virus Question Mar 23, 2017
Software Stuff FreeIPA domain question - getting things right before I start Feb 19, 2017
Software Stuff Question about Firefox browser.sessionstore setting Oct 29, 2016
Software Stuff Question about OwnCloud Sep 9, 2016

Share This Page