When I was setting up my home file server, I wanted to have external access to it when I was away. Simple enough, I would just open the admin panel of my wireless router, open a few ports and viola. I can now access it remotely. Then, as I wanted to start doing more things like configuring multiple public IP addresses, multiple LAN sub-nets, bandwidth allocation, it became apparent that my seemingly robust router only scratched the surface. If I was going to configure my network to handle the connections I needed, I would need something a little more sophisticated. That is where pfSense comes in.
Because I’m the type of person that would prefer to build something myself than just buy something off the rack, I looked into a handle of options. One was to flash the firmware of a Linksys router with http://www.dd-wrt.com/, but the reviews seemed hit and miss. I did look into commercial options, but while I was willing to spend some money, most of these were out of my price range. I then came across http://www.pfsense.org/. After reading through all the documentation, reading reviews and a handful of YouTube videos it became apparent that this would do what I needed, and I could build it too.
I began looking at hardware. My main requirement was that it needed to be completely functional and be able to handle any of the features I was planning to use in the software while at the same time using the least amount of power. Since this would be running all the time, I didn’t want it to be running on a machine that would have a high base line of power consumption. After a day of scouring the internet, the Jetway JBC200F99-525-B that came with a JetWay JNF99FL-525-LF motherboard seemed like the best fit.
It is running an Intel Atom D525 processor, has 2 integrated NICs and allows me to add a Jetway AD3INLAN-G 3 x Gigabit LAN Daughterboard to expand up to five total NICs. The machine has built in VGA out to hook up a monitor during installation and the unit itself is fairly small. So I ordered it along with an Intel NIC daughterboard. Once it arrived I threw 8GB of memory in that I had left over from my MacBook, and a 320GB 2.5″ hard drive I stole out of my other laptop.
I threw the latest build of pfSense on a usb drive, configured the bios to how I liked it and then installed it based on the documentation from pfSense. I set the bios to automatically restart after a power failure, and this has worked successfully after a few power failures to restart the machine automatically. This is important to maintain access when you have a power failure at home while you are away. Everything installed fine, without any issues. Once it was ready, I hooked up my desktop and hopped into the admin panel. Right away it was apparent that there was much more available than my old router.
First thing I did was set my firewall rules, then configured the DHCP server for each subnet. I have each subnet running off each NIC. Once that was done, I could then statically map each public IP to an internal device, or specifically forward a port from one public IP to an internal device. After that was done, I was pretty happy since that was the main issue that I couldn’t do with my old router.
But then I needed to figure out how to create my wireless network. Most of what I read online was people hooking up a standard Wireless Access Point and I was about to go that route when I figured that I could probably just hook up my old wireless router to a new subnet and configure the settings on both. I did just that and it worked. I set the wireless router gateway to be a client on the wireless subnet of the pfSense router and set the wireless router to have a new DHCP range. After doing that it worked as I expected, and I didn’t have to buy a new wireless access point.
After using my D-Link DIR-655 router for over a year in this configuration, it starting having issues. I had to start rebooting the router almost every day. Since I had been using the router for over 5 years, I figured it was about time to retire it. I went with a Ubiquiti UAP-AC-LR Networks Enterprise Wi-Fi System. For about $100, it has fit the bill nicely. It is powered with Power Over Ethernet and includes the POE adapter if you don’t already have one. I turned off the DHCP settings, assigned a static IP to it, configured the authentication and encryption, connected it to the pfSense network and it was ready to go.
I have been running the pfSense router for about two years now and have no complaints. During this time, I have updated the software a handful of times since I first installed it, and the automatic upgrade process has been completely painless. I’ve always made sure to save a local copy of the config file before upgrading in case I hit a snag and needed to re-install the software. For about $200 and the additional parts I already had on hand I was up and running. Plus there are many other options available like setting up a VPN connection.
Issues I Encountered
I will admit I did run across two problems with the router. The first one was, I tried to install pfSense onto a compact flash card using a CF to SATA adapter. I kept getting errors during the installation and finally decided to install the traditional hard drive. After I installed it, everything went smoothly. Secondly, I had an issue with receiving a “Strict” NAT type when playing Call of Duty: Ghosts multiplayer. Nothing I tried seemed to work. Even completely opening the firewall would still give me this error. After a long and frustrating period of trying to get it work, I finally found out that I needed to configure the outbound NAT settings to manual and change it to a static port. Once I did this, the NAT type switched to open.