So, Tek Syndicate taught me about using an old PC and pfSense as a personal router and access point. Nifty.
DIY Tryin taught me about free NAS.
This made me think of making personal storage solutions separate from the computers used.
Then I thought: Why not make a half decent mid spec system to run both pfSense and free NAS(or similar)? I could potentially use this to set up a home server, NWN/2 server, Minecraft, Terraria, so on, so forth, in one system. Is this a horrible idea? Would I be better suited making separate systems for each purpose? Is this just a horribly stupid idea in general?
Considering security, I would not put all of my files on a system that has a port directly connected to my ISPs WAN port. Even Microsoft recommends against doing anything on an IIS server or RRAS server that doesn't need to be on there. Basically in the IT world, if it is touching the internet, it is "unclean" and is a potential risk.
However you would "probably" be fine unless you know someone is trying to hack you. pfSense is pretty robust but I would still recommend against doing anything on pfSense but pfSense. I constantly see China based IPs attempting to hack my fire walls, it doesn't matter if they are on a home network or a business network. They are relentless. I have no idea why.
So no, probably not the best idea to run a firewall and NAS on the same box. In my opinion.
I am interested in knowing what it is that gets done in this thread. Let's see a solution as to how to best go about doing what it is that the OP needs done.
Well, it looks like I'll be doing a dedicated router/hardware firewall, the NAS will be separate.
Should the game servers be loaded on the router for quicker access without having to filter intro the network, or should I load those into the NAS box?
I'll tell ya why, I had 4 servers, 1 of em got compromised by China based IPs as well. The target is to use your machine in an army for DDoS attacks. It is really easy to mitigate, just turn off Telnet/SSH or change the SSH port.
Linux keeps logs of all remote connections successful or not.
EDIT: It was so bad that I had an over 500 MB log of attempts to authenticate through SSH.
The port they were actually hammering on was 1433 (SQL Server). The firewall was in front of a small energy management company. Not sure for the reasons, who knows with China. Then again it could have been from a completely different country running a bot net out of China.... Im sure the rabbit hole goes deeper. Just keep up with security and you will be fine. Eventually I just blocked massive ranges of IPs (from China).
At least I'll have a decent security interface, and actually know what is going on. Would y'all have any input on game servers? Should I stick them on their own box or could I stick then in with another one? Like, the router.
I'm no security expert so I couldn't tell you how stupid or non-stupid your idea is, but I hear that the Raspberry Pi is pretty useful for that kind of thing...
You'll need a 64 bit cpu with at least 8gb of ram for FreeNAS 9.3 since it only runs zfs now. Maybe you can still install FreeNAS 9.2.
Router+NAS would be a fun project, but probably wouldn't be stable even if you could get it to work. You can't run pfsense from a FreeNAS jail.
I've read that you can safely and securely run pfsense as a virtual machine on ESXi vmware, but freeNAS won't be stable if it's not installed on bare metal - so you can't install it on top of vmware. However, you may be able to run pfsense as a virtual machine and also run a different type of server than FreeNAS on the same machine. I don't think you'll want to do that either given the hardware that you're using.
I'm new to this stuff too, but my understanding is that if you have a virtual machine running, it's going to use at least an entire core of your cpu in ESXi, so if you only have 2 cores, the most that you can run is two virtual machines concurrently that are running OS's that only require a single core processor. Someone please correct me if I'm wrong.
That's pretty useful, and only cements my move to separate boxes for each. I can p probably still use the old PC as the router, and set up a dedicated NAS. I'll probably have to have each box independent, so...
Router ||| || Game server | PCs NAS
And have them each connected to reach other, either via direct hard line or the router.