machine spec to run pfsense

[ik9000]

Internet started getting really slow. Then we saw the router winking away when all our machines were turned off. Did some digging and found not one but two rogue machines on my wireless. Have changed all the settings and put on a much more substantial password, but think this is time to look at doing something I'd thought about a while ago: pfsense.

Can anyone help spec me a machine purely to run as a server for pfsense and manage all the network/WAN traffic. We have a decent fibre optic internet connection, and between 2-4 machines on wireless, 1-2 on LAN. Depending on who's in.

The machine needs to sit in the lounge so something quiet is essential.

[Jay]

I used an Atom 230 cpu with 1gig of ram and that was overkill!

[spoon_]

Its not worth to put a fully fledged PC to act as a router... Leccy bill will tell you why.

Look at Alix boards, I would anyway if I was thinking of pfsense.

[peterb]

From what you have posted, pfsense won't solve the problem of people using your wi-fi link.

Strong passwords, encryption (more of a privacy issue than authentication, but still helps) and (if your router supports it) VLAN over the link, will help solve your problem without using a separate firewall.

[abaxas]

From what you have posted, pfsense won't solve the problem of people using your wi-fi link.

Strong passwords, encryption (more of a privacy issue than authentication, but still helps) and (if your router supports it) VLAN over the link, will help solve your problem without using a separate firewall.

Agreed, you can make your wireless network secure, but you cant stop people from DOSing it.

Depending on your router, I would do both strong encryption/passwords AND mac based filtering so nothing in the mac table got more than 10k down 1k up.

That way you can give you key to anyone and even if they abuse it, it wont really matter.

[scaryjim]

Surely you can just have your router refuse access to anything not in the mac filter table? It's a minor annoyance when someone wants to connect a new device to the network legitimately, but surely that's better than having any old scamp on the wireless...


"Your MACs not down, you're not coming in!"

[peterb]

mac filtering is a good add on, but mac addresses can be spoofed. It all depends on how determined the attacker is. If it is a determined, targetted attack, you will need some fasirly sustantial countermeasures; if it is a casual attack just to use your internet connection, then simpler countermeasures will be OK. All comes down to risk assessment/management, and the trade off between ease of use/administration, and security.

[ik9000]

It all depends on how determined the attacker is. If it is a determined, targetted attack, you will need some fasirly sustantial countermeasures; if it is a casual attack just to use your internet connection, then simpler countermeasures will be OK.

Well that's the problem. We had hidden the SSID, used WPA2 TKIP and a 10-digit password (mix of characters + Symbols, not a word) and they still got on, so yes I think it's fair to say they're a bit determined. We've changed the SSID, quick pin codes (whatever they're for - can I deactivate these?) and password, plus i blocked the rogue mac addresses but if it is as simple as people say to mask the mac with a spoof one then it doesn't seem I can really do anything else.

[ik9000]

From what you have posted, pfsense won't solve the problem of people using your wi-fi link.

Strong passwords, encryption (more of a privacy issue than authentication, but still helps) and (if your router supports it) VLAN over the link, will help solve your problem without using a separate firewall.

I'm a novice when it comes to networking stuff - what's VLAN?

[peterb]

virtual lan - supported by Draytek, (and maybe others) and requires a username and password to log into the router (on top of any link encryption etc)

http://www.draytek.co.uk/support/kb_vigor_vlan.html gives the details for wired ports, but the same principle can be applied to the wireless port.