>get tired of routers that never get firmware updates >buy a used thin client with an Atom and 2 GB flash storage >install a wifi card, get a USB lan adapter for the wan interface >set up pfSense just so for firewalling, wifi access point etc >works nicely, has low power draw >now I'm all set A couple months later >pfSense release 2.4 >discontinued nanobsd >discontinued 32bit hardware support
Well, back to square one then. Any good Linux based firewalls out there that I could try?
FreeBSD's pf (thus pfSense/OPNsense) is from 2009.
Luke Barnes
Yes user, If form factor is no prob just get a refurbed SFF from an office sale on ebay for the cost of a router (30 - 60 bucks)
I built one with a Core 2 Duo 32 bit. SFF means you can just drop in a wifi card and extra ethernet. Also, older Core 2 duo's run so chill no fan noise except for the PSU. Buy one without a CPU fan / just a heatsink.
Mine was running Bro IDS, Airdoump-NG, IPtables on Ubuntu Server LTS.
It was fucking sweet. Super easy to maintain.
Dont go with meme chassis's or USB NIC's - they are gayer than traps.
Cameron White
There's no way to really manage anything in that cabinet
I'm more at home with Linux though
Every time I had to do anything in the pfSense command line I had trouble and had to google stuff
Blake Robinson
Try IPFire like another user suggested, is Linux and professional, then tell us how you did.
Juan Thompson
Pretty much any desktop, even SFFs, would probably have at least twice the power consumption
I had my doubts going with the USB nic, but it has worked flawlessly.
Yeah it looks good, seems to update and runs on lower end stuff.
Joshua Butler
Why didn't you just buy an OpenWRT compatible router? What do you need a full x86 firewall for? Are the wifi AP speeds even any good? What's your average maximum throughput between local devices attached to the AP?
Ethan Gomez
Use OpenBSD with pf. One of the most secure OS + their own version of pf. (Plus *BSD are quite good for networking)
Carter Butler
>Why didn't you just buy an OpenWRT compatible router? They cost more than this thin client, for one. And I'd be locked to that specific OS. Also tinkering is fun
I did run ddWRT on this Buffalo router before I set up the pfSense box. It was just too limited and once completely lost its configuration for no apparent reason.
>What do you need a full x86 firewall for? Nothing, really
>Are the wifi AP speeds even any good? What's your average maximum throughput between local devices attached to the AP? I seem to get about 5 MB/s copying stuff from the server to this laptop, so it's not brilliant. My htpc got about 80 MB/s on its gigabit lan. But I have wired ethernet going to every desktop, wifi is just for laptops and phones.
If I ever upgrade to wireless AC, I'll get a separate access point. None of my clients are AC though so no need for that.
Easton Bennett
iptables kek
Colton Jenkins
OP, you don't need pfsense
You just have to learn to setup iptables.
Chase Campbell
any 32 bit distro will do. And you just need a wifi card with soft ap to create an access point.
Kayden Hughes
I'm considering this, too. But I'm going to try ipfire first. WebUIs are nice after all.
Kayden Howard
>atom it will die eventually anyway, might as well change your board
Cooper Rivera
This isn't a C2000 series Atom, it's much older
Zachary Bell
Side note, I did consider getting one of those octa-core ITX Atom boards for my server a couple years ago. But they were too expensive so I went with a used Xeon instead, and thank dog I did
John Garcia
>Buy Orange Pi >Forward all needed ports to it >Install GNU/iptables on it >Use it as a gateway to my home server filtering out poop people >Unplug it from USB power when at home to prevent hacking
Logan Wilson
Shorewall is a nice frontend to iptables. You get to write a fairly human-readable config file and it computes iptables commands from it.
Adam Stewart
just keep using pfsense and dont upgrade, its not a fucking hard decision.
also you are dumb as shit for not buying the expansion slot and putting a 2nd nic into that thing
Adrian Ross
buy a better thin client
pic related, Fujitsu futro, AMD64 CPU, GbE nic, and internal pci and pci-e slots
cost like €20, added a dual GbE PCI-e nic and PCI wlan card on mine, runs a full install of pfsense and can route my 100MB link without breaking a sweat
Carson Richardson
>32 bit hardware has been deprectated and now I'm in a bind!
Dude it's the current year. If your hardware is 32bit only, you need to purchase something that was made in the last decade. This is a wake up call for you
Xavier Torres
>Fujitsu Sketchy as fuck. They lost all my trust in the mid 2000s with their laptops straight out of hell. Can you give your model number, and did you buy it used? "like €20" is interesting
Andrew Cooper
pfSense is great of course but really if you get a nice router that gets frequent dd-wrt updates its just as good. Put a little bit of storage on there and you can run all sorts of logging software
dd-wrt uses iptables for its firewall and has SSH so you can write the rules however you like, you can do this even with the NVRAM and jffs2, my router is like $40 and runs really complex rules with a huge list of blocked hosts - it fits in the NVRAM and the internal memory with no problem
Christopher Hughes
yes, used, model is s450
don't know what models made you lose trust in them, but the thin clients are developed and manufactured by the offices in Germany. Not sure if it was the old Siemens division.
Jose Wood
>comparing dd-wrt functionality to a full fledged pfSense install Nah dude. pfSense is an enterprise capable deployment. dd-wrt is home user tier, just saying.
Elijah Reyes
Those expansion slot thingies cost even more than the computer itself. And there weren't many available back then. The USB nic works fine for me, my countryside link is only 8 Mb/s :/
I'm not sure if that's better. No onboard SATA? Also it looks PCI only, how did you fit a PCIe card? And what's more, old AMD power consumption vs Atom?
This is very Sup Forums of you, thanks. The processor was released in 2008 though so not quite a decade old yet
Had dd-WRT, wanted more
Adrian Hall
I don't need sata for my pfsense usage, and it has both PCI and PCI-E internally, so you could add sata controller and still have a slot left
never measured power consumption, datasheet says idle 13W and max 18W
Brandon Thompson
get a pcengines board
Grayson Adams
Oh, I see the slot now. The ones I looked at on eBay didn't even have it fitted.
>spend more money even though you already have working hardware No thank you
Jack Gonzalez
Consider trying nftables if you get the chance. It kicks pf's butt.
Joseph Morgan
I wasn't saying spend more money, I was saying for the amount of dosh you spent on your setup you could've gotten something much better, that's actually designed for routing packets.
5 MB/s over wifi is absolutely pitiful, and I assume you spent money on the wireless card you put in there. That isn't even hitting the maximum of 802.11g.
I understand you bought it, and now you're stuck with it and don't want to spend money. I never said you should replace it now. I was simply saying, in my opinion, you overspent and the only thing you've gained is something to tinker with. If that's all you wanted, then okay, but OpenWRT allows the same level of messing around that you'll be interacting with with this hardware, and you would have much better performance to boot.
That's all I'm saying.
Owen Perry
>shilling pfshit >shilling OpenBACKDOORS >falling for the BSD trap I hear you like memes
Elijah Rivera
I hunted down the receipts and calculated the total cost.
- HP T5740 26.73 eur delivered - TP-Link USB3.0 ethernet 25 eur (I didn't remember it was this expensive, wow) - Atheros wlan card came from a broken laptop - Antenna cable (2.25 eur) was bought in a two-pack earlier for a different project - Antenna from an old router
I think that's all the bits I used for this. So 55 eur, about.
If you had this budget, what would you do? Perhaps keeping in mind that I ran dd-WRT earlier and wanted more in terms of ssh access, including ipmitool for remotely restarting my server if necessary.
Re: wifi speeds, it's true the pfSense folks don't recommend using it for wifi access points. But I had the parts already and could eliminate a box by doing it this way.
Ryder Robinson
>Fu
Shouldn't the T5740 come with a PCIe slot? Would have been cheaper to throw a NIC at it.
Parker Allen
It needs an expansion module with a riser card, or else the nic would stick out of the side and the cover wouldn't fit on. I found only one of those on eBay now and it would be about 38 eur delivered.
Leo Cooper
That's when you use the Dremel.
Adam Sanders
And use plywood to make a cover for the nic, I assume?