I 'm looking into building a firewall pc

[G+_Adam EL-Idrissi]

I'm looking into building a firewall pc. I'm leaning towards pfsense but I'm curious how it compares to monowall, smoothwall and ipcop,etc. I'm kind of a "noob" when it comes to this. I was also thinking that i would put a switch from my modem to the pfsense box and my asus rt-n16 wireless router. I run a vpn and a few other services on my current router. instead of running the pfsense box and router separately on a switch should i go modem-pfsense-asus? Looking into running squid and a spam filter on the pfsense box and looking a little further into what it offers. any ideas, suggestions, experience is appreciated.

[G+_Adam EL-Idrissi]

Correction,snort. It's listed on pfsenses website and I believe you can do SSH tunnels using snort.

[G+_Travis Hershberger]

First of all, doing this with pfsense and snort yourself is a great learning experience.  So don't let my recommendation stop you if you're after some more experience.

 

For a PC based router I've started using ClearOS.  Getting it setup with the features you want is easy, and adding more features after install is too easy (you'll overload the system quite easily if you throw all the available options on it.)  Even better it's based on CentOS, so you can always use ssh to get a command prompt.

[G+_610GARAGE]

I am a big fan of pfsense. The biggest reasons are good documentation and a nice ui. Also, if you have freenas, they're both based on freebsd, so if you have to get into the command line, they are the same. It also dosent have the shell shock vunublitly. Doesn't  include bash, at least, out of the box.

 

Also, I would not run two routers on the same network. If there is something that pfsense can't do, that you need, I would setup another server and port forward or go through a vpn (which pfsense does support). Having multiple routers can lead to confusing and wonky network issues.

[G+_Adam EL-Idrissi]

Currently I have a Comcast gateway and my asus router connected to each other and port forward what I need from the Asus to the gateway and the gateway port forwarding the Asus IP and port.long story. At the end of the month I'm getting a Motorola surfboard that is docsis 3 and on comcasts approved list and then the above mentioned setup. The reason I was still going to use the Asus was for wireless since I'm not sure if pfsense can handle that. If it can then I'll use the Asus as a bridge in the living room and a switch off the firewall for my wired connections. In the process of building a wired network for every room and unfortunately where my TV is there's no way to run a cable.at least for me,not comfortable run a cable through an exterior wall plus there's no way to get to it safely from my attic.

[G+_Adam EL-Idrissi]

Travis Hershberger I thought about clearos but I've seen a lot of builds go from clearos to pfsense. I might put clear in a VM and try it out.,assuming it'll work in a VM.

[G+_Travis Hershberger]

Mine run as VMs on a Xen install, so it should.  I haven't tried pfsense for almost 5 years now.  Should probably give it another look.

[G+_610GARAGE]

Pfsense will turn a wifi adapter into a hotspot. I have had mine do some weird things in the past, but that may have been a bug or a misconfiguration. It has been working great for a while now. 

[G+_Adam EL-Idrissi]

I've been looking at mini itx boards with dual LAN and seems they all,or most,have mini pcie ports. What's a good company for those cards? Also,the bards run dual core atom d2500 CPU or Celeron j1900 CPU. I have a 50/10 connection with Comcast so would those CPU with 2 or 4 gb ram handle what I'm looking at? From the requirements on pfsenses site it should just didn't know if anyone had first hand experience.

[G+_610GARAGE]

You should have no problems with that setup. I have an Intel Atom dual core, 1.6ghz with 2g of ram. I don't think I even get close to %50 utilization. 

 

I am unsure what wireless cards are best. My board came with a wirless device onboard. My only recommendation would be to get a known brand. Sorry I couldn't be more help. I did find freebsd's compatible hardware list:

 

https://www.freebsd.org/releases/8.0R/hardware.html#WLAN

 

Also, if it helps with specs, heres the board I use:

 

http://www.asus.com/Motherboards/AT3IONTI_DELUXE/

[G+_Adam EL-Idrissi]

I'll have to look through the compatibility list you linked and research that a little bit more. I have an Intel d510mo motherboard in my Ubuntu server I might repurpose for pfsense but then I'd have to use usb wireless.not sure about that though. I was looking on mini-box.com at their boards they have and the m350 case(which seems to be the perfect size to get everything I need in as small a case as possible.

[G+_Ben Tyger]

Adam EL-Idrissi I have an Atom D510 motherboard in my pfSenses box for the small business I work at. It works great and is rock solid. If you just doing the standard connection tracking and routing you'll be hard pressed to peak over 10% usage. I run snort and usually run around 25%. The question is what services are you planning on running? Are going to do a antivirus SMTP gateway? A grey list? Are you planning on running a HTTP proxy that virus scans? Are you planning on using pfSense as a load balancer?

[G+_Adam EL-Idrissi]

To be honest,I've just been looking at hardware and what other people are running so far. My Ubuntu server is in an apex m-008 case so I can install a pci nic (getting a new one tomorrow/today) and I'm going to install pfsense in virtual box(I cheated and installed gnome.command lines were pretty foreign to me when I originally set it up). I haven't looked at the plugins yet but that's next on the list. For sire running vpn and now that you mention it virus scanning and antivirus as well. I don't think I'd need a load balancer since it's just a basic home network for now. From what I've seen to be popular is the Intel d2500cce board,Pico psu,4gb ram and m350 case which I like for the dual nic in a small form factor,smalled than my server casr(which hols 2-3 3.5drives and a 5.25 drive).