Return to Level1Techs.com

Pfsense prebuild

#1

I want to make pfsense for gig speed from comcast as i have modem netgear cm1100 and a netgear nightawk r8000 as i am limit to use 500 or 600.

I want to do pfsense to get at least full gig and have better router all aloud and cache download as familiy of 8 people use allot the internet.

I heard old video of level tech one any old pc can be router as i see allot of them in pawnjob old one be good enough to get gig speed or do i go amazon or ebay and get gen 8 or 9 for i3 or i5 and small m.2?

0 Likes

#2

Anything should really work you need to make sure you have aes-ni cpu that’s about it.

0 Likes

#3

is there chart what cpu does it have that

0 Likes

#4

If your buying Intel their ark site has it and not sure what their specific site is but would probably buy zen as older is workable but too much power

I have an i3/ mobo combo for sale if you are interested

0 Likes

#5

I think intel newer than sandy bridge as long as its not a pentium and ryzen are fine, check ark.intel.com for specifics if you have a model in mind

0 Likes

#6

Alternatively to pfsense you could put Debian or any other Linux distro - it’s less picky when it comes to drivers and might be faster in a home setting.

0 Likes

#7

Why would you build a firewall on a architecture with a ton of security flaws?

@patricia2626 I suggest a Ryzen 2200G or an server level ARM processor but I dont know how you would get your hands on those… Its overkill with the ryzen but youll never bottleneck especially if you ever upgrade to 10 GBE

Heres a mobo that would be amazing for it: https://www.newegg.com/p/N82E16813145083 … two PCIE slots for networking cards… Ryzen 2200G … this is actually my next build for a firewall im doing for a friend with 10GBE NICs so I mean it is overkill but he asked for overkill and the funny part is its pretty damn cheap

0 Likes

#8

I would recommend Netgate’s SG-1100 without not knowing what services you are running. I know the SG-1100 does has some speed limitations but that depends on the services you run.

Lawence does a decent review of it with performance: https://www.youtube.com/watch?v=_bM3XqK5JzE

1 Like

#9

I could also recommend some of Qotom’s industrial PCs. They make great pfSense boxes. I have an earlier Celron j1900 version that has been solid for years. Mine doesn’t have the AES-NI, but the newer versions do. Here’s a link of a barebones box so you can decide how much RAM/Storage you need.

0 Likes

#10

Sorry, I meant this one:

0 Likes

#11

I get your line of reasoning, however being able to actively exploit those vulnerabilities without being able to run code on the firewall (i.e., in this use case) is pretty impossible. If you’re patched (and you should be), they’re not even exploitable in a cloud environment when you have a running VM on the physical machine.

It’s not like your firewall is processing javascript or any non-trusted code on it (and if it is, you have bigger problems already).

Yeah, intel bad, etc. But in this particular use case… not a big deal. Pretty much every x86 based router in the enterprise world today is intel inside… and the sky isn’t falling.

0 Likes

#12

Fair I guess I was being an ass about intel at the time

0 Likes

#13

Also, a lot of the security flaws are based in Intel’s SMT (hyperthreading) implantation. Most x86 routers can work with a smaller number of threads, so SMT could probably be disabled without an issue and mitigate most of Intel’s unsolved issues.

0 Likes

#14

Also AES not a requirement anymore just as info.

0 Likes

#15

Holy s*** thats amazing. The AES requirement really made a lot of otherwise capable small machines just not seem worth it.

0 Likes

#16

I’m wondering if a mod could branch this off into it’s own PSA type thread. Or would it be easier to just post a new thread. Either way, that’s great news!

0 Likes

#17

IPFire runs on damn near anything and does not just the basics. Won’t do everything that PFSense can do… but still a lot.

0 Likes

#18

https://forum.level1techs.com/t/pfsense-2-5-aes-no-longer-required/145027/2
Already made one

1 Like