Building a pFsense Firewall

Building a pfSense box is much easier now than it used to be. If you are looking to build a fast network router/switch than building your own is a very fun and interesting project. pfSense is primarily a firewall device that you place between your ISP connection (cable, DSL or fiber) and the rest of your network. But you can also bridge interfaces so you can have multiple devices connected to the same network. pfSense also lets you set up multiple VLANs so you can run different devices on different networks. Mine has my raspberry pi cameras running on their own VLAN separate from the rest of the machines in the house. (The camera’s these days seem to be more for catching squirrels, birds and skunks doing weird stuff than actual security).

I’m including a lot of links in this blog post to setting up a pfSense box. This isn’t a guide. If you want a guide click the link below.

Guide: Set up a pfSense Firewall Router

People hear “build you own firewall/router” and think it’s expensive. My pfbox was built using my old i7-3770 itx system that used to be a HTPC. I bought a HP NC364T off ebay for $30, giving the computer an additional 4x 1 gigabit ports, in addition to the port on the motherboard. You can buy the card here on Ebay for $25-$35 including shipping. Software was installed to a spare 120 GB ssd I had in a drawer. Using old hardware, I only spent $30 to setup this machine.

The case is much larger than it needs to be, as it the power supply (a full ATX psu). I’m looking for a smaller case to put this into. The i7-3770 is over powered for this set up, if I had another ivy bridge CPU I would have preferred to use that one.

So why did I want to build my one?

  1. Support – pfSense is under active development. Most consumer routers loose support after a few years. Since these devices don’t need to be replaced that often, they become vulnerable to attacks. pfSense will be updated and supported for a while.
  2. VLANs – I don’t need my IoT devices to interact with any of my computers, so putting them on their own isolated network reduces the threat in case a hack comes out for one of the devices. Here is a good write up on what VLANs are good for and how to get one set up.
  3. Packages: pfSense supports add-ons in through the Package Manager. See this page -“The Best pfSense Packages“. They manage block lists, graphs, and network caching.
  4. OpenVPN – pfSense also supports OpenVPN, allowing you to set up your own private VPN. If they ever re-open coffee shops, I’ll be using this to connect to my home network.

If you don’t want to build your own machine, there are a ton of prebuilt computers you can buy from AliExpress and New Egg (they’re all basically the same machines, just shop for the best price.) Most of them have 4 network ports and use a Celeron/i3 CPUs. They cost from $180-$300. Most of them don’t use fans so they are pretty quiet. (update: and now neither does mine)

It’s a fun project and let’s you poke at your network. Since adding it to my Home Lab setup, I’ve been enjoying the additional control I now have over everything running in the home.

Again, build your own stuff. You’ll learn something new every time.

**UPDATE 2021-01-01**

Still in it's comically large case

Updated the pfSense box to a much more sensible cpu. Swapped out the i7-3770 cpu/mobo for the ASRock j-4005b-itx. I was able to find one off Ebay for $59 including shipping. It has an Intel Celeron j4005 dual core cpu, and 4 GB of ram, supports AES encryption for open VPN, and doesn’t need a fan (it’s a 10 watt TDP cpu vs the 77 watt TDP i7). It is also very picky about ram, it can only support 8 gb of RAM total, and each module has to have more than 2gb of ram. (it’s weird, here’s the list of supported ram sticks). Currently waiting on a PicoPSU to get here.

Back to home