So here's my small one Person, one Room Network Setup.
I recently planned and built my pfSense box which can be found here:
https://forum.teksyndicate.com/t/what-hardware-to-get-for-pfsense-build/99146
But I will list all the parts here too.
As you will read in my pfSense thread I am in the unlucky position that the Modem only mode on the Router I wanted to use was removed with the oldest firmware version so I have 2 NATs right now but this is only temporally.
My Modem/first Router is a AVM FRITZ!Box 7430 (With the "real" router configured as Exposed Host)
Then I have of corse my router. The pfSense box. It has the following specs:
- ASUS N3150M-E (Intel Celeron N3150)
- 4GB DDR3 RAM
- 250GB Notebook HDD
- 2 cheap TP-Link Gigabit NICs (from other project)
- Fractal Core 1100
Comming soon:
- Intel Quad Gigabit NIC (should arrive in the next days)
- Fan controller (it can get really hot in summer)
Now there is only Snort running but I want to try out squid in the future.
To store my data I have my overkill-NAS running on unRAID because it is much easier then FreeNAS.
The specs of this NAS are:
- some MSI Z97-Board
- 32GB Crucial Ballistix Sport
- Intel Xeon E3-1246v3
- Fractal Define R5
- 1x6TB 1x4TB 3x2TB WD Red
- Samsung 850 Evo 250GB
- Be Quiet Fans (Because all of my Networking is in my room where I sleep, I am only 16 years old :D)
The NAS is running some VMs and Docker containers.
My Switch is a unmanaged Netgear ProSafe 16 Port Gigabit switch (nothing special)
As AP I have one AVM FRITZ!Box 4790 (Main AP)
And one DrayTek VigorAP 800 (for Guest WIFI and Range Wifi (2.4 GHz) in the whole house)
Other Devices in my Network (not that important):
- PC1
- PC2
- Notebook1
- Notebook2
- Tablet1
- Tablet2
- Smartphone
- ...
I have images uploaded there because I can only add 2 images here: https://files.acrobat.com/a/preview/1830d235-a435-48e8-9400-c1ef093cf414
Sorry for the bad quality :D
How are the speeds with pfSense doing the coreswitching? - it's usually not preferred to let it do the job of a switch
Sadly pretty much everything is on WiFi as most of the computers are upstairs and the modem/router is downstairs, except my mother computer which is in the same room but she uses WiFi on purpose because she thinks it is better. I'd like to use Ethernet but the layout of the house wouldn't make it easy unless we get the modem moved upstairs.
The standard network benchmark is iperf.
This is my home network about a month ago. Since then I have added another camera. Its an evolution as I am always tweaking it.
Use a Ethernet over Power plug. I use them myself and performance is fine and they're more stable than WiFi.
Kinda done shitty I guess but it will be clear enough I think. Switches are mostly there to reduce cable clutter because I could do with less.
Good to see this thread come back. I've gone almost full Docker since last time. Finally got around to replacing pfsense that I've not been too happy with.
There are actually only 4 or so wired devices here. All of the clutter is VMs and containers.
Nothin' fancy for me. Model + ASUS Router running DD WRT.
Ignore the random ethernet cable + pi2. Normally not there. In process of checking if my Arch install on it is working.
Do not have any pictures, so I will just describe it.
Cable modem --- pfsense runing on a old AMD Athlon 64 dual core HP office pc I purchased with no hard drive and 2 gig of ram for $35 Canadian added intel nic pci for another $35. ---- netgear 8 port switch, this is wired to 3 pcs and wired to a wireless access point using a asus N53 wifi modem the wifi is for phones and laptops.
Was wondering if anyone knew of a way to make it so the asus n53 wifi could not see the rest of the network. That way if the wifi is hacked then they would not be able to see what is on the rest of the network.
Easy, if the wireless interface is part of a bridge then take it out and make it it's own interface. Then create a firewall rule on the wireless interface to allow any to any, then above that create a deny rule for any to the LAN subnet. Now it will be able to access the internet but won't be able to access the LAN. If you want to allow some access just add more rules above the deny rule.
Still learning pfsence and how it works, could you please give me more details or point me to a web sit, my searches have lead me to frustration. I am most likely giving google the wrong info for the search
Is the wifi part of a bridge or on it's own interface?
The asus n53 is connected to the netgear 8 port switch and all the computers are connected to the netgear 8 port switch
The netgear switch is connected to the pfsense router.