Linux firewalls?

Try IPFire like another user suggested, is Linux and professional, then tell us how you did.

Pretty much any desktop, even SFFs, would probably have at least twice the power consumption

I had my doubts going with the USB nic, but it has worked flawlessly.

Yeah it looks good, seems to update and runs on lower end stuff.

Why didn't you just buy an OpenWRT compatible router? What do you need a full x86 firewall for? Are the wifi AP speeds even any good? What's your average maximum throughput between local devices attached to the AP?

Use OpenBSD with pf. One of the most secure OS + their own version of pf. (Plus *BSD are quite good for networking)

>Why didn't you just buy an OpenWRT compatible router?
They cost more than this thin client, for one. And I'd be locked to that specific OS. Also tinkering is fun

I did run ddWRT on this Buffalo router before I set up the pfSense box. It was just too limited and once completely lost its configuration for no apparent reason.

>What do you need a full x86 firewall for?
Nothing, really

>Are the wifi AP speeds even any good? What's your average maximum throughput between local devices attached to the AP?
I seem to get about 5 MB/s copying stuff from the server to this laptop, so it's not brilliant. My htpc got about 80 MB/s on its gigabit lan. But I have wired ethernet going to every desktop, wifi is just for laptops and phones.

If I ever upgrade to wireless AC, I'll get a separate access point. None of my clients are AC though so no need for that.

iptables kek

OP, you don't need pfsense

You just have to learn to setup iptables.

any 32 bit distro will do.
And you just need a wifi card with soft ap to create an access point.

I'm considering this, too. But I'm going to try ipfire first. WebUIs are nice after all.

>atom
it will die eventually anyway, might as well change your board

This isn't a C2000 series Atom, it's much older

Side note, I did consider getting one of those octa-core ITX Atom boards for my server a couple years ago. But they were too expensive so I went with a used Xeon instead, and thank dog I did

>Buy Orange Pi
>Forward all needed ports to it
>Install GNU/iptables on it
>Use it as a gateway to my home server filtering out poop people
>Unplug it from USB power when at home to prevent hacking

Shorewall is a nice frontend to iptables. You get to write a fairly human-readable config file and it computes iptables commands from it.

just keep using pfsense and dont upgrade, its not a fucking hard decision.

also you are dumb as shit for not buying the expansion slot and putting a 2nd nic into that thing

buy a better thin client

pic related, Fujitsu futro, AMD64 CPU, GbE nic, and internal pci and pci-e slots

cost like €20, added a dual GbE PCI-e nic and PCI wlan card on mine, runs a full install of pfsense and can route my 100MB link without breaking a sweat

>32 bit hardware has been deprectated and now I'm in a bind!

Dude it's the current year. If your hardware is 32bit only, you need to purchase something that was made in the last decade. This is a wake up call for you

>Fujitsu
Sketchy as fuck. They lost all my trust in the mid 2000s with their laptops straight out of hell. Can you give your model number, and did you buy it used? "like €20" is interesting

pfSense is great of course but really if you get a nice router that gets frequent dd-wrt updates its just as good. Put a little bit of storage on there and you can run all sorts of logging software

dd-wrt uses iptables for its firewall and has SSH so you can write the rules however you like, you can do this even with the NVRAM and jffs2, my router is like $40 and runs really complex rules with a huge list of blocked hosts - it fits in the NVRAM and the internal memory with no problem

yes, used, model is s450

don't know what models made you lose trust in them, but the thin clients are developed and manufactured by the offices in Germany. Not sure if it was the old Siemens division.

>comparing dd-wrt functionality to a full fledged pfSense install
Nah dude. pfSense is an enterprise capable deployment. dd-wrt is home user tier, just saying.

Those expansion slot thingies cost even more than the computer itself. And there weren't many available back then. The USB nic works fine for me, my countryside link is only 8 Mb/s :/

I'm not sure if that's better. No onboard SATA? Also it looks PCI only, how did you fit a PCIe card? And what's more, old AMD power consumption vs Atom?

This is very Sup Forums of you, thanks. The processor was released in 2008 though so not quite a decade old yet

Had dd-WRT, wanted more

I don't need sata for my pfsense usage, and it has both PCI and PCI-E internally, so you could add sata controller and still have a slot left

never measured power consumption, datasheet says idle 13W and max 18W

get a pcengines board

Oh, I see the slot now. The ones I looked at on eBay didn't even have it fitted.

>spend more money even though you already have working hardware
No thank you

Consider trying nftables if you get the chance. It kicks pf's butt.

I wasn't saying spend more money, I was saying for the amount of dosh you spent on your setup you could've gotten something much better, that's actually designed for routing packets.

5 MB/s over wifi is absolutely pitiful, and I assume you spent money on the wireless card you put in there. That isn't even hitting the maximum of 802.11g.

I understand you bought it, and now you're stuck with it and don't want to spend money. I never said you should replace it now. I was simply saying, in my opinion, you overspent and the only thing you've gained is something to tinker with. If that's all you wanted, then okay, but OpenWRT allows the same level of messing around that you'll be interacting with with this hardware, and you would have much better performance to boot.

That's all I'm saying.

>shilling pfshit
>shilling OpenBACKDOORS
>falling for the BSD trap
I hear you like memes

I hunted down the receipts and calculated the total cost.

- HP T5740 26.73 eur delivered
- TP-Link USB3.0 ethernet 25 eur (I didn't remember it was this expensive, wow)
- Atheros wlan card came from a broken laptop
- Antenna cable (2.25 eur) was bought in a two-pack earlier for a different project
- Antenna from an old router

I think that's all the bits I used for this. So 55 eur, about.

If you had this budget, what would you do? Perhaps keeping in mind that I ran dd-WRT earlier and wanted more in terms of ssh access, including ipmitool for remotely restarting my server if necessary.

Re: wifi speeds, it's true the pfSense folks don't recommend using it for wifi access points. But I had the parts already and could eliminate a box by doing it this way.

>Fu

Shouldn't the T5740 come with a PCIe slot?
Would have been cheaper to throw a NIC at it.

It needs an expansion module with a riser card, or else the nic would stick out of the side and the cover wouldn't fit on. I found only one of those on eBay now and it would be about 38 eur delivered.

That's when you use the Dremel.

And use plywood to make a cover for the nic, I assume?

Or... I could just plug in the USB nic