December 8th, 2019 by Guest Author
Home Lab Deep Dive: PFSense
I grew up during the days of dial-up and ISDN (Integrated Services Digital Network). If you’re old enough to know what that was, consider yourself unlucky. Back in those days, phone modems were all the rage. We had a separate phone line to handle faxes and internet, and it was amazing. The first connection we had was 14.4 kbps which back then was LIGHTNING fast! We could get any image we wanted off of the internet. We could send mail back and forth to any of our friends and family and within minutesthey would receive it! Take that USPS! Those were the days (ok, boomer). All it took back then to get on the internet was an ISDN router, ethernet hub and then the “family” Windows 95 (then Windows 98 SE) PC to access the internet and hear the beloved “You’ve Got Mail” on a daily basis. The internet was different back then. Smaller, but so open to possibilities. Little did I know that it would be the greatest invention mankind had come up with to that point.
Fast forward a number of years. I’m in college, in an apartment, on an ADSL line. 25/1 (mbps) was my connection from AT&T. I decided that instead of leasing the gateway my ISP provided, I was out to buy my own modem and router. That router w the ASUS N56U. Way ahead of it’s time, the N56U had DUALband 802.11n in both 2.4GHz and 5Ghz bands, 5 Gigabit ports and even 2 USB ports for NAS storage built right into the router. Boy was this router sweet. Wire-speed throughput (for the most part), Hardware NAT, and other basic features made me keep this router for years and years. However, homelabbing was growing as a hobby for me, and I wanted more. And when I got my first real server (HP DL380 G6) and a real switch, I wanted a real router.
That’s when PFSense took over for me. At the time, PFsense was still a relatively new product. It had only been out a few years, and I decided I wanted to take the plunge on one of their early public releases. PFsense is open source and is based on FreeBSD that is, for lack of better words, a firewall/router. While not considered to be used in enterprise applications (though I’ve definitely heard and seen it being used there), it’s certainly up there for prosumers, homelabbers, and enthusiasts alike. The fact that it’s entirely community driven makes this project come to life. And while there’s dedicated hardware that Netgate provides, PFsense can be run on your own hardware, and it can even be virtualized!
For me, I didn’t hesitate, as this was an excuse to build another computer…that would be my router. Now, when it comes to hardware for PFSense, there’s fairly low requirements. You need a NIC (community prefers Intel I-450s, but there are many, MANY more that fit the bill), a CPU that supports AES-NI (and that’s more for future proofing), and a small amount of RAM (more if you want to do some networking monitoring on tools such as Snort or Suricata). And, this wasn’t going to my show PC. It’s going in the 24U rack with everything else. So, it doesn’t have to be pretty.
If this isn’t the ugliest PC you’ve ever seen, then it’s got to be up there. Back then, this is what I had to work with….an old 500W Power supply with ketchup + mustard cables (cringe), an old Intel Xeon 1220, 8GB of RAM and Hard Drive (in this picture is an SSD that I swapped in more recently)…all of which is stuffed inside a 2U Case. What isn’t pictured here was the NIC, which I’ve changed out a couple of times. The main reason was…the first one I put in this box was a “fast” ethernet NIC, and for those keeping score at home, that’s a 10/100 NIC…not even Gigabit! I feel old sometimes.
So, in this box is now an I450 Quad Gigabit NIC, and while it still looks almost as ugly as it was back then, it is a champ. The feature-set on PFsense is endless…and it goes beyond that when it comes to plugins and addons that are easily downloadable and ingestible into the already comprehensive interface. Applications such as VPN, Traffic Shapers, Intrusion Prevention, GeoIP Blocking, Packet Inspection, Domain Name Blacklisting…etc. The list goes on. The amount of power in this firewall is unbelievable, and especially for a free product. I mean, look at the kind of dashboard it has:
And my build is considered somewhat “slim”.
At the end of the day, it’s a router….an amazing router. Every Homelab should have the best toys, and sometimes, the best ones are “free”.
It is important to note however, that sustaining cost is just (if not more important) than upfront cost. Homelabbing aside, sustaining/maintenance costs are actually incrediblymore expensive than upfront costs in enterprise, mostly due to licensing, power, labor, and most of all, support. One element I didn’t quite touch on is power, and when it comes to a homelab, that is very significant (depending on where you live) when making choices on hardware. Keep in mind that ASIC based routers (such as the N56U that I started off with) and many other consumer and prosumer routers (and even enterprise routers) have a MUCH smaller power consumption rate and thusly are more attractive to many buyers. In my case, power is cheap and performance is King above all else, so I preferred to build a router myself (it’s difficult to build an ASIC router without some more…skills so I chose to build an x86 based router). YMMV as it always does, but this is something to keep in mind. Happy Homelabbing….until next time!
This post is part of an ongoing series of user-submitted content dedicated to exploring the fun and challenges of building, maintaining and sometimes building again a home lab. This series is in partnership with our friends at /r/homelab. If you're interested in sharing your set up, please send an email to email@example.com