My home network is more complicated then most. I host some web sites, my email servers, and various other ancillary services that the average person doesn’t need, or want to worry about. As an IT person though it behooves me to have a test bed to try out new things, without the risk of losing company data.
In recent years I have been using IPCop as the gateway between my home network and the outside world. Generally speaking, it’s worked just great. I rarely had to reboot it and the web interface was usable, if slow. The only draw back for me is that they don’t seem to favor low power machines. Sure, you could build a smallish computer using less then 100 watts and run IPCop on it but when you are talking about handing some basic routing for internet access and the like that sure seems like an insane amount of energy to be using 24 hours a day 7 days a week. IPCop was, as far as I can tell, designed to be run on old hardware; It’s for that computer you don’t use anymore but can’t throw away. I had been using it on an old PII 500Mhz setup and was happy to be re-using the machine. That machine though has finally bit the dust and needs to be replaced.
To be honest I didn’t see this coming. The machine has been so solid and stable that I never really thought about it. It just sat in the basement doing it’s job. At some point a week or so ago, it began to have some small problems. At first it was doing it’s job ok but wouldn’t load the web based administration tools. Then, it began really crashing and not allowing traffic to pass. I had a few days were I would have to restart it at least once. I was pretty sure it was a hardware issue but to be safe, and to try the simple answer, I reloaded it’s software from scratch. I just wanted to rule our the easy stuff before I started spending money to replace it. After the reload though the problems persisted. I just hoped I could get by with a reboot or two a day for a couple weeks while I sorted out a solution. Tuesday it really died. Reboots didn’t help and I had no internet access at all.
I immediately freaked out.
Later that afternoon, as I began to gather myself, I was able to pull together another old desktop, one that is much newer then the now dead machine, and get it up and running again. For me, the simple task of slapping in an off the shelf router as a stop gap isn’t really an option. I have multiple IP addresses and a configuration that a cheap linksys router just isn’t going to handle. Plus I didn’t want to spend more then $100 just to hold me over until I put in place a good, permanent solution.
As soon as I began expecting this to happen I began looking at other options for a router platform and was leaning toward pfSense, so I downloaded and installed it onto the new machine. Better to try it on this hardware before I invest in any special, low power hardware.
pfSense supports the low power hardware I am interested in but in a sort of reduced functionality setup. Initially I was turned off by this, but once I got pfSense up and running on the regular machine I was able to look around and find out what I would be missing when/if I switched it to a low power setup. As I understand it the whole platform works basically the same except you loose access to a collection of addon software, or what they call ‘Packages’. After looking at the available ones, I’m not too upset by that. There isn’t anything available I’m really interested in. Also, most of the low power boards, such as those from Soekris will support laptop style hard drive. It will cost you a few more watts, 5 to 10, but will allow you to run the full functionality on these still very low power devices.
The actual setup and installation of pfSense was fairly straightforward if you have ever installed a linux style operation system. Boot the CD, follow the prompts and pay attention. Took all of about 10 minutes to get a machine up and running but if you are unfamiliar with the… joys… of networking it may take a little longer. You basically give it some information about your network connections and then log into the admin web page. Having information handy about how you internet connection works and how you want your internal network setup will speed the process along.
Once I had the machine configure as best I could I loaded it into my car and drove home. Was sort of odd for me to be setting up a router without being able to test the setup as I was building it. I got home swapped around some cables and powered up. Everything worked great.. sort of. The configuration was fine but I plugged in a random extra network cable instead of the internet cable and that caused some obvious issues. I have no idea what that third cable is plugged into or used for, nor do I know why it was hanging around back there but it left me very very confused until I followed the cables and sorted out my issue.
The pfSense software is great and I’m not missing IPCop. The web interface loads a lot faster then it did in IPCop though I can’t really compare them directly. The old machine was a PII 500Mhz box and then new temp box is a P4 2.4Ghz…
The configuration tools themselves though much more customizable and while it appears to support a wider range of options they are laid out in a way that is clear with lots of little side notes to explain what the different options and check boxes mean. Very helpful for the more arcane options that don’t have standardized terminology.
The plan is to pickup a low power machine and see if I can get the whole setup moved over to that in the coming weeks. I’ll post again with the results…
Hopefully the blog stays online between now and then.
Topslakr
pfSense works awesome on my PII 450. Best free firewall in my opinion. I have installed it on customer’s network and it is very low maintenance. It has the right blend of simple features for small home networks or can grow to much more complex setup.
You really should clean the rat’s next behind your basement desk, it’ll save you problems later…
😉
Ha! I agree and I plan to give it a good sort out when the new hardware comes in. Not good when you find extra cables.. maybe I’m growing some kind of Ethernet monster…