My New Home Router

Hello!

As the title states, I'm building a new router for my apartment.

The specs of the rice cooker is the following.

• Intel Pentium G4560 KL
• ASUS H110M-A/M.2
• Intel Pro/1000CT
• 4GB of DDR4
• Kingston UV400 120GB (Well i like logs... )

So i want to run pfSense on it, and i dont believe that it would be a problem. But do you guys have any idea of how I could utilize the setup?

I'm new with pfSense in terms of, I have some/no knowledge of the OS, amd I want to be adept with it.

I want to use the server/router for VPN (to my LAN), DHCP, NAT/Port forward and snort... Because you never know...

That hardware sounds more than adequate to get you started. If you're actually buying these parts, you may want to ensure that your CPU supports AES-NI. It's not required right now, but will be down the road at version 2.5.

I think this series will get you up to speed pretty quickly.

Just checked, the Pentium G4560 does support AES-NI so he's all good

I had an old cabinet laying around (Corsair 350D), and i got a god deal that i could not say no to.

And thanks for the link, this looks very good.

Thanks for the help! I would be very sorry if it did not...
But where did you check it?

Towards the bottom where it says AES New Instructions.

It is off topic but AMD needs to do something like the ark.
As much shit I give Intel for their pricing and stuff, ark is fucking awesome.

You need to help me with this one @noenken.

Ark is basically Intel's archive for technical information about any product they made.
AMD does have their product pages but nothing close to this.

Oh yeah that is true.

Well, everything is up and running now!

Router.PNG1920x1080 126 KB

Are there any plugins you guys recommend?

Snort for sure!

I really miss the RRD graphs from the previous version. The new traffic graphs don't get as granular as they used to and that granularity was VERY helpful.

edit: I'd also change your DNS servers from something that isn't your ISP provided servers. Google DNS servers are a popular choice, but there are tons of others too.

I might take OpenDNS.
I got too much google already.....

I just suggested google since they tend to be pretty fast. OpenDNS is a good choice as well.

I no longer run Squid, because I use HTTPS Everywhere on my browsers and Squid can't cache encrypted traffic.

I do run Snort, but it takes a lot of time and patience to get it configured. @Wendell's recent vid seems to suggest that he likes Suricata better. Neither of these tools are good for the paranoid, 'cause if you already think that they are after you, these tools will definitely prove it!

Personally, I would enable the DNS resolver and then use GRC's tools, including his DNS Benchmark to find and configure good local resolvers.

I would also adopt a default deny policy for your internal firewall interface rules.

As far as packages go, only run what you need. There is no sense in presenting additional attack vectors to the bad guys, if you don't really NEED the service.

EDIT: You also may wish to consider configuring NTP, so that your hosts all use the same time source.

[quote="acetothermus, post:11, topic:115939, full:true"]
Snort for sure!

I really miss the RRD graphs from the previous version. The new traffic graphs don't get as granular as they used to and that granularity was VERY helpful.

He also could host his own DNS server, but that is probably more advanced than he wants to get into. I haven't hosted my own DNS server yet, but I plan to do so, once I build my Presence box.

Thanks for all the feedback!