PFSense, modern solution for 1995 problems

The only internet I have is an “unlimited” plan from att, most of the time past my cap it’s 120kbps

Barely usable so I want to use PFSense to block Microsoft shit like updates, spying and security from every pinging outside the network for any reason at all

Second I need to set up caching so I don’t have to RELOAD the same YouTube ads and website pages

Now here’s my problem
I don’t have any wifi cards except for the intergrated one in my laptop
So I either need to have USB tethering working in PFSense or have my laptops wifi antenna both act as an AP AND connect to my internet phone’s hotspot AP

I have my internet phone for hotspoting it’s in the one location I get signal in the house permanently, then I have my laptop, and then my daily phone

I know zilch about Linux and I could use some help

  1. You said “act as an AP” - to service what other device? If you just want it to do pfsense/pihole things and - you wouldn’t need AP/Client at the same time.

  2. Assuming you do need it to be an AP for some other device - is the laptop Wifi a dual-channel/band wifi? Does it present 1 or 2 adapters to the OS?
    https://unix.stackexchange.com/questions/84440/hotspot-and-internet-access-together-why-not

1 Like
  1. It needs to get it’s WAN connection via WiFi or via USB tethering and the devices it serves only have WiFi (my daily phone)
  2. It’s 2.4ghz single band only

Squid reverse proxy + cache on the PFsense box for caching http

Also take into consideration:
Pihole will be more effective for blocking the microsoft stuff (and ads).

Run it on an actual raspberry pi, docker, old computer and set it to be the dns server for your Pfsense (or current router). Use pfsense or current router to block all DNS traffic that is not coming from the pihole to ensure its doing its job.


Blacklist for Microsoft on pihole:

  • (^|.)download.windowsupdate.com$
  • (^|.)edgesuite.net$
  • (^|.)microsoft.com.nsatc.net$
  • (^|.)windowsupdate.com$
1 Like

My raspberry pi is locked up in my mom’s storage unit that she has yet to pay for :I

Do you have a separate box for PFsense or are you running it on a vm on you laptop?

1 Like

Super cheap not cheap enough?
Hmmm, might need the W version for wireless which will be more than the $5 version.

2 Likes

I was just going to dedicated the laptop to pfsense, Sandy bridge doesn’t age well if it’s not on a ssd

Would it be possible to load up win7 on it, USB tether, then run pfsense in a VM under 7?

No job at the moment, I gotta get my feet fixed and that could take months

Well, it will make for a super fun network config, but you could run a pfsense VM and point your devices to that cache/dns/pfblocker instance…

So everyone still joins the hotspot to give a network fabric, but then they manually point to the pfsense kvm/vm/virtualbox for dns and perhaps default route…

3 Likes

It sounds like you will really only have one or two things connected to your pfsense / hotspot. You could use two VMs one for pfsense one for pihole. That would be using your existing hardware, so no extra cost.

Since it sounds like you are running a very slow connection and you don’t have many devices there is not much concern for network performance being hit by the virtualization. I would not worry about the caching as fewer and fewer things are being served http.
Squid would be more useful for caching windows / app updates if you are serving more than 5 computers really.

2 Likes

There’s either a plug-in or something you can do and it makes squid cache https
I’ll have to Google for it again but that’s what the guide claimed
And I really need caching for YouTube ads more than anything

You can do it, in pfsense I think you have to use the dev version of squid but I haven’t played with it in a while. It’s generally more trouble than it’s worth especially if you are the only user. Caching https also removes your ability to verify certificates on the sites you visit, so keep that in mind.

I have no idea how well squid will cache YouTube ads but if I had to guess it would be somewhere between not at all and not very well.

While pihole may be easier to use for blocking Microsoft stuff you can also do it in pfsense with the pfblocker package and it’s DNSBL.

1 Like

This may help with the windows updates

I do suggest not outright ignoring them so WSUS Offline will be a necessary tool.

2 Likes

At that bandwidth, just phoning home to MS tanks it

+1 on doing this in one vm. A thin client would really be you friend here imo, but if budget is zero, it is what it is.