Historically, I tried out dd-wrt project, which has great functionality, but stability of the router brought me back to default Cisco firmware. Recently even default firmware was not good enough.
One of the steps I've taken already was switching DHCP and DNS servers off and giving those functions to a Raspberry Pi. But that was more because I wanted to try out Pi :)
I've been thinking about a change to more powerful router, but somehow took a look at my "server room" wall, where one of two Intel Atom D525MW boards hung without a proper job and decided to take a look at what opensource is doing in router / firewall space.
 |
| Does this wiring look ok? No way... |
I found very nice review by David Pavlina which led me to choose between pfSense and Sophos UTM Home Edition (scroll down a bit). pfSense looked better to me just for one reason: it's not limited version of commercial SW like Sophos. So let's try it.
First of all I was quite excited because it was first time I was going to try something that is based on FreeBSD project. And I have to say that first impression - install - was very good. I'll see later what it takes to do basic OS things there.
Install of pfSense is quite straightforward and easy.
Initially I tried to put it on USB stick, but I gave it up after several iterations of failed formatting and partitioning... Or should I say: slicing? :D As I had spare SSD on shelf I decided that USB I will try some other time.
Initial config is trivial. Basically, you just need to notice NIC names and feed those back to pfSense as you decide on WAN and LAN side. Autodiscovery didn't work for me, but who cares when manual one is so easy, right?
Connected to webConfigurator interface, nice one. I took a look at menu and saw there all I could imagine I would need from home firewall/router. Except for QoS, but then googled that this is named Traffic Shaping here and and decided to go further with it.
I put in basic things like hostname, domain, etc, switched off DHCP and DNS for now, checked that firewall is on (I have to say "once more", because during install pfSense told that it will be on) and get to putting actual wires into NIC's.
NB It is always interesting to come up with a new hostname. I will not publish actual one, but my thinking came out of this terrible animal, watch out for:
 |
| Regal horned lizard (Phrynosoma solare) |
It took me some time to redo wiring, now it looks even more terrible than previously, but this absolutely is a matter of the another project :) Plus, switching my e3000 to "just wireless access point" also took a few hard resets because it kept becoming unavailable after I assigned it a "normal" IP to it. Obviously, didn't want to give up being router and firewall :D
So, here I am, typing this blog in the new network :)
Now, just switch DHCP and DNS servers from Raspberry Pi to new server. DHCP works like out-of-the-box :) DNS forwarder (the same dnsmasq actually) doesn't want to resolve FDQN for some reason :( But this shouldn't be a big problem, I just need to get to be used to the new one. And DNS is one of the most weird-built things in IT as you all know - already or just now.
No comments:
Post a Comment