ytddewqf Posted October 19, 2023 Share Posted October 19, 2023 Afternoon, I have my unRaid server running fine at home, however I want to add some dedicated security to it, looking around I noticed Pfsense. I've read the pros and cons for VM or hardware, and I want to go the hardware route. My two questions are; 1) Any recommendations for a Pfsense hardware unit, and 2) This Pfsense unit will be sat between unRaid and the rest of my home network, it won't be replacing my home router that manages the rest of the house, it will solely be for my server. Will this cause any issues? Many thanks. Quote Link to comment
JonathanM Posted October 19, 2023 Share Posted October 19, 2023 I personally like the small ali express multi ethernet port fanless mini-pc's. As far as causing issues, it all depends on your skill level. Network security is an entire profession for a reason. 1 2 Quote Link to comment
ytddewqf Posted October 19, 2023 Author Share Posted October 19, 2023 5 minutes ago, JonathanM said: I personally like the small ali express multi ethernet port fanless mini-pc's. As far as causing issues, it all depends on your skill level. Network security is an entire profession for a reason. That sounds good enough for me, cheers. Haha true. At least it gives me something to get my teeth stuck in to. Quote Link to comment
ConnerVT Posted October 19, 2023 Share Posted October 19, 2023 (edited) You should ask over on the pfsense forum. The typical pfsense/OPNsense configuration is as a router/firewall device. You can likely use it with only the intrusion protection filtering, but will require more than the basic install and configuration (which you get from the many tutorials out there). I agree with JonathanM. I use one of the Chinese 4-port systems with OPNsense on my network. No complaints on my end, and the quality of the units seem to have improved some since they hit the market a couple of years ago. https://forum.pfsense.org/category/38/general-pfsense-questions Edited October 19, 2023 by ConnerVT Added link 1 Quote Link to comment
ytddewqf Posted October 19, 2023 Author Share Posted October 19, 2023 1 minute ago, ConnerVT said: You should ask over on the pfsense forum. The typical pfsense/OPNsense configuration is as a router/firewall device. You can likely use it with only the intrusion protection filtering, but will require more than the basic install and configuration (which you get from the many tutorials out there). I agree with JonathanM. I use one of the Chinese 4-port systems with OPNsense on my network. No complaints on my end, and the quality of the units seem to have improved some since they hit the market a couple of years ago. Many thanks, I'll do just that. 👍 Quote Link to comment
ChatNoir Posted October 19, 2023 Share Posted October 19, 2023 Plenty of tests and comparison of those units on Servethehome (both website et Youtube channel). 1 Quote Link to comment
dopeytree Posted October 21, 2023 Share Posted October 21, 2023 (edited) I was running pfsense on this old box off ebay: https://www.jetwaycomputer.com/NF9HG.html But it was using alot of cpu when doing heavy downloads so have just upgraded to an n100 box of aliexpress. Went with the cheapest I could find that had 4x 2.5Gb ports & 8GB ram & SSD installed. Was about £130. This was the one: https://www.aliexpress.us/item/1005005136885269.html?spm=a2g0o.order_list.order_list_main.10.c4881802j864Ar&gatewayAdapt=4itemAdapt I run PFblockerNG (ip list block) to cut down most of the noise. Then ONLY allow a custom port for plex. Have plex require SSL. Maybe also run suricatta again on pfsense. To be honest you could almost use one as a low power unraid server by using an m.2 to sata converter. Would need to run out the case tho.. Somewhere in here is a thread about some hardened custom samba settings: Quote server min protocol = SMB3_11 client ipc min protocol = SMB3_11 server signing = mandatory client NTLMv2 auth = yes restrict anonymous = 2 null passwords = no raw NTLMv2 auth = no smb encrypt = required client signing = required client ipc signing = required client smb encrypt = required server smb encrypt = required Edited October 21, 2023 by dopeytree 1 Quote Link to comment
ytddewqf Posted October 21, 2023 Author Share Posted October 21, 2023 1 minute ago, dopeytree said: I was running pfsense on this old box off ebay: https://www.jetwaycomputer.com/NF9HG.html But it was using alot of cpu when doing heavy downloads so have just upgraded to an n100 box of aliexpress. Went with the cheapest I could find that had 4x 2.5Gb ports & 8GB ram & SSD installed. Was about £130. This was the one: https://www.aliexpress.us/item/1005005136885269.html?spm=a2g0o.order_list.order_list_main.10.c4881802j864Ar&gatewayAdapt=4itemAdapt To be honest you could almost use one as a low power unraid server by using an m.2 to sata converter. Would need to run out the case tho.. Many thanks for your advice, I'll give that link a look.👍 Quote Link to comment
dopeytree Posted October 21, 2023 Share Posted October 21, 2023 Just read the last bit of your question. It would be a better setup to run it straight out of the ISP router. But you can run in your way it just might be a bit harder to setup if you want to access it on your local network which is now your WAN. What I did is ask ISP to put a DMZ on for pfsense box. then I use the pfsense box as my main router with normal cheap network switches for extra ports. I keep my unraid sever on a separate port so different subnet so can have extra firewall rules or vlans. It's a bit of a rabit hole. You can also run Tailscale on the router so you have remote access to the whole network. 1 Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.