User:Paul/sandbox/Residential and SOHO network gateway with pfSense

From Wiki
Jump to navigation Jump to search

WARNING: This article is in a user sandbox, indicating it is a rough draft, and as such, is likely incomplete, contains buggy and insecure configurations, and is subject to substantial and frequent changes.

This article describes installing pfSense, a free, open source enterprise-grade firewall and routing software, as a residential or SOHO network gateway. The installation will use a dedicated computer, some PCI/PCIe network interface cards (NICs), an optical drive, and USB flash media.

For most residential and SOHO users, a network gateway is a device which connects a local network to the World Wide Web. For most users, the device will be an off the shelf router, but unfortunately many of these network gateways have become prime targets for hackers. The reason for this is that the firmware on many routers is poorly developed from a security standpoint, difficult to update, users are not made aware of available updates, and many manufacturers never offer updates for their firmware even after security researchers demonstrate that hundreds of thousands, if not millions, of routers can be easily compromised. Even worse, a compromised router is very difficult to detect from within the local network and will evade detection from nearly all popular security tools.

The network gateway will provide the public-facing IP address, but it is not the same device as the local (cable, DSL, etc.) modem. Some ISPs do provide a modem that has a network gateway built into it, and many of these devices have been demonstrated to be easily compromised from many different

Hardware requirements

The gateway will normally be running 'headless', which means that there will be no monitor or other normal devices, such as a keyboard and a mouse, connected to it. For this reason, it is important to verify that the computer can boot without stopping on a no keyboard, no mouse, or no monitor error.

No monitor detected. Press F1 to continue.

In the example setup, a $12.50 USB card reader (ca. 2006) is used with a 32 MB compact flash card.

If the ISP advertises a maximum connection rate that is below 100 mbps, then there is no benefit to having a NIC that is any faster. Additionally, if the network is not used for local file transfers, such as from a local file-server to a computer, there will be no benefit.

Determine if the system supports 64-bit architecture.


External links

pfSense announcements mailing list - Sign up to receive email announcements of release updates. Covers all pfSense versions and averages about one email per month.

Welcome to The Internet of Compromised Things