Create Your Own Router and Firewall Solution With pfSense



/ 2 months ago

« Previous Page

Next Page »

Why a Custom Solution?


Besides the obvious benefits of choosing your hardware components, there is also the software side of things to consider. Picking a system like pfSense offers you the benefits of years of development and refinement from a lot of people.

Picking an open-source software piece like pfSense provides you with one of the safest solutions you can get. A conventional router has a limited time where it will be supported with firmware updates, and that can leave you open to possible attacks. That’s only normal, a company that needs to make a profit also needs to push the newest devices, or they won’t survive. That’s not the case with an open-source software like this as there are hundreds if not thousand of people going through the code and either fixing the bugs or reporting them. Regular updates and fixes offer you a safe environment with an absolute minimum of exploits.

With pfSense, you can be in control of everything in regards to your network traffic. Whether you want to run a custom DNS service to block certain sites or maybe allow only a few select sites to be accessed or you want all the possibilities of a VPN (Virtual Private Network) setup, pfSense can do it. The user interface might not be the fanciest looking one, but it beats a lot commercial router options in both usability and possibilities. With a BSD system as the base, you also have the possibility to enter the prompt either directly or via SSH and install or configure anything you want.

SEE ALSO:  Shuttle XPC Slim DH110 Barebone 4K Signage Player Review

As it is, pfSense already supports IPsec, PPTP, L2TP and OpenVPN setups, it can handle multiple WAN connections and configurations. It offers an extensive Quality of Service (QoS) options that allow you to prioritise traffic and shape your traffic, and it also comes with an incredibly detailed performance data collection and graphing. More basic features such as load balancing, captive portal, and DHCP services included, naturally. For a total sense of security, it even supports fail-over to companion pfSense boxes via the Common Address Redundancy Protocol (CARP).

Voice over IP (VoIP) setups is another area where pfSense shines. Bandwidth and general network quality are critical when it comes to VoIP and just a few lost or delayed packages can result in a bad call quality. With the ability to prioritise specific traffic, you can make sure that your phone setup is running smoothly at all times.

With all the possibilities at hand, it will take a little longer to configure than your average router. That’s a given. As a system designed for maximum network security, there are a few things to keep in mind. Services that are possible to exploit, such as UPnP, are disabled by default in pfSense. They are present, but you’ll need to enable them first if you want to use them.


Topics: , , , , ,

« Previous Page

Next Page »


  • Robin Wilson

    I built a firewall in an Antec Minuet 350 6 years ago. It’s been running m0n0wall 24/7 ever since with zero issues.

  • Damien O’Brien

    Sweet, bookmarked.

  • Dave Flynn

    I have just set one up using a cheap hp refurb off of eBay and some Intel GB Ethernet cards. Using my old routers as AP and a managed switch. My setup is a bit more noisy than above but was cheaper than most off the shelf routers. And I can get it to work with Sky Broadband and their MER setup. Pfsense is a fantastic piece of software and i would highly recommend it. I’m all vlanned, guest network across multiple AP’s and all traffic completely segregated!.

  • StevenH

    I could not agree more. The SOHO market you find for the general consumer is atrocious… What routers have gained in style have fallen in security, power, and features. I also run pfsense w/ SNORT but i took a different approach on the hardware it sits on. The system above could be rated for a 10gb pipe (minus the 2x 1gb nics). it is way over kill not to mention loud with fans. I picked up my components from pcengines.ch (yes the website is in china and the owners are in sweeden)
    I felt the apu2c4 would fit my needs the best. the APU3 have LTE support for cellular faillover, but I have a lot of automated downloads and the possibility of that running over LTE is too costly for me.

    Anyway, it has a AMD quad core 1GHz/per core 4gb of ram a 16GB (yes folks sixteen) MSata drive. the enclosure is the size of a 3ish CD cases and completely fan less. 3 Intel Gig Nics

    you will need to know how to terminal (telnet/ssh) into it (google is great for this)

    All parts out the door ~$180 USD. ordering was simple and they kept me apprised of when things were coming in stock when it shipped expected arrival etc.. Do not let the simplicity of the site discourage you. the site has everything you need nothing more. nothing less. If you can build the above system you can do this in spades. (its actually even simpler). PfSense is small and 16GB msata will be more than enough (currently utilizing 7%) not to mention it was only $18… it does not have wifi, but there is a add-on card for that as well if you wish. Personally i picked up Engenius 1750H AP w/ PoE injector. which could be considered overkill but with the explosive growth of IoT and my next fridge is going to tell me when to buy milk I figured it is a good investment. and it is very stable.

    Apologies I digress. If you have a old computer laying around I would try loading it on that first. It is very possible that the hardware will be supported. If you want a cool little project build it. No matter what you build you should build it around what they are designed for. If anything this shows the possibilities. no matter what route (pun intended) you choose you will have a router that decimates the off the shelf products with enterprise class features and free IPS/IDS add-ons for a fraction of the cost of the big boys with similar features.

    I had a screen shot of my pfsense homepage and I attempted load it but it told me i needed to login… even though i had to log in to post this.. so whatever…

    • Bohs Hansen

      Yes, you are absolutely right. The test system is way overpowered for the setup, which I mentioned a few times throughout the article. But it was the system in the office that was free and had the abilities for it. It has the power to be a 4K signage player, so way overpowered. But the principle is the same.

      Yes, the APU2C4 systems are brilliant ones. Tricky to get hold of at times, but really nice. There are other options too that come with mSATA, WiFi, and more bundled for similar money. All you need in one box and easy to setup, so worth browsing for.

  • David

    If you’re going to suggest a hardware firewall maybe don’t suggest a crappy one that’s a pain to setup, has a steep learning curve and an terrible UI…something like untangle or maybe sophos would be far far better.

  • Jay Koerner

    its a router, the amount of cpu grunt it needs is little in the soho market makes more sense to just use a retired desktop and throw in some supported nics(or while your at it ap cards) pfsense cares little about the machine its running on so long as the nic(s) have support and even old pentuim 4s can manage a 10Gbit network fine(maybe not multiple but a doubt you would need. ore then a 10Gbit backbone for local fine access and 1Gbit for to the isp in a soho)

  • don jenkins

    One should keep in mind that pfsense 2.5 will need something more powerful that an eBay discard, or old closet computer.

    https://www.netgate.com/blog/pfsense-2-5-and-aes-ni.html