pfsense, help a dummy.

[Wepohn]

Hey guys, so I've posted before saying that I'd like to have computer completely separated from the other computers on my network but I'm not able to do this with the Home Hub 3. I've recently come across something called pfsense and I think! this allows me to do what I wanted without spending much money if I use an old computer.

I've had a quick look online for quick guides etc. but it's a little overwhelming. I'm also unsure if I actually need any specific hardware, network card? or would the on-board ethernet ports be fine?

Thanks.

 

[bremen1874]

You will need two network ports, but apart from that you don't need anything special, just something that's supported by FreeBSD. There're links to hardware compatability lists from the pfSense site. If you aren't sure just boot from the Live CD and see if the hardware is recognised.

If you do this allow for the cost of the electricity. To get the separation you want using a new cable router is going to cost under £20. It wouldn't take an old PC doing the same job very long to cost that in consumed power.

 

[Wepohn]

I'm confusing myself now. If I were to use PFSense, does the Home Hub need to have a WAN port or do I connect it to the one of the LAN ports?

Also would there be any benefit to having a stand alone modem and using PFSense rather than having two routers?

About picking up a cable router, I was under the impression that PFSense would offer better performance/security/features.

Thanks.

 

[bremen1874]

I believe that all you want to do is isolate yourself from the other computers on the network?

If you connect a cable router between yourself and the existing router you'll have your own private network that'll as secure as you need it to be. If you use a cable router with wireless you can also have your own private wireless network. The WAN side of a router is usually directly connected to the entire Internet so a few additional local machines wont be an issue.

pfSense will allow you to build a router using PC hardware. It will do lots of additional clever and useful things, but if you don't need them why bother?

The elegant way to do what you want is to junk the HH completely and replace it with something that'll handle port based VLANs. This would potentially be both expensive and complicated.

In reality just using the security features within Windows should offer all the protection you need. Are you expecting the other users to be actively trying to hack you over the LAN?

 

[Wepohn]

I am quite paranoid, more about anything potentially spreading over the network, I don't really trust the other users browsing habits. Separation is the main thing I want but I was under the impression that having 2 routers had it's downsides. I don't really want performance or reliability to suffer.

That's why I thought that maybe the D-Link 320B paired up with PFSense might be the better option without spending too much.

 

[bremen1874]

If you had a cable connection all to yourself the only thing between you and the rest of the Internet would be a cable router. This you would presumably be happy with?

If you put a cable router between yourself and the existing router then the other users just become a part of the Internet. You’ll be protected from them as much as you’ll be protected from some random machine on the other side of the world.

Using a cable modem in this way would only impact yourself. Replacing the HH would potentially impact everybody. Unless the connection is 100% yours and everyone else is getting free access as a favour you should leave it alone (IMO).

There are some very minor downsides to having routers daisy chained in this way. For most things you wouldn’t even be able to notice.

 

[platypus]

Can you not run a seperate subnet on the HH3? I've got one but other than the engineer installing Infinity it has lived in its box so don't really know my way around it.