- One WiFi Access Point (WAP) running 802.11 b/g
- A Linux server acting as firewall / file share / backup storage
- A few laptops
- A few tablets/phones
- A few other PCs
When I set this all up a few years ago I kept it very simple. The Linux server is the gateway device with routing / filtering / NAT and other features. The WAP is part of the internal network running in WPS/PSK mode with a very long and randomly generated password.
After I move, I want to accomplish a few things:
- Use a refurb or low-power PC to run just the firewall / VPN
- Put the WiFi access point on a separate NIC
- Possibly run a DMZ
- Provide limited guest WiFi
- Evaluate pfSense instead of Linux+Shorewall
To do all that, I need a minimum of four network ports for perfect security or something with two ports if I use VLANs (not as safe, more difficult to configure and get right).
I've done some looking around and while a low-power 25-35W compact PC for the firewall would be nice, it would cost me around $600. Maybe $400-$500 if I shop around. There are also the really tiny units that will run monowall (m0n0wall), but those are also $200-$300 for something that will handle the faster WiFi / FIOS / cable modems. Plus it can be difficult to find something with four network ports.
Firewalls don't need a lot of CPU power, but a dual/quad CPU Intel Atom isn't enough. An i5/i7 would likely be complete overkill, even for 802.11ac / 802.11n or gigabit traffic. The older Pentium / Celeron / Core Duo are probably a bit on the slow side. The AMD Phenoms or Athlon64 chips are probably okay.
So what I've settled on is a refurbished PC that is at least a Core 2 Duo (2 cores) with 4GB of RAM, along with a refurbished NIC. The pfSense distro only needs a handful of gigabytes to install, so any unit with at least 40GB of space will be plenty. The base units can be picked up for as little as $50-$125 for the base computer, and add-in NIC cards are $10-$40 depending on what you use. If the box dies, I get another and move the drive over. If one of the NICs fry, I can pickup another NIC. Power requirements will probably be around 80W to 120W.
For the smaller sized PCs, you might only have 1-2 expansion slots which means you'll need a multi-port NIC. The cost of the dual-port NICs is likely to be more then what you pay for the base PC. I've seen dual-port refurbished NICs for as low as $50, but paying $100-$150 is more likely. However, good NICs tend to work fine for close to a decade, and it can be moved from PC to PC.
Firewalls don't need a lot of CPU power, but a dual/quad CPU Intel Atom isn't enough. An i5/i7 would likely be complete overkill, even for 802.11ac / 802.11n or gigabit traffic. The older Pentium / Celeron / Core Duo are probably a bit on the slow side. The AMD Phenoms or Athlon64 chips are probably okay.
So what I've settled on is a refurbished PC that is at least a Core 2 Duo (2 cores) with 4GB of RAM, along with a refurbished NIC. The pfSense distro only needs a handful of gigabytes to install, so any unit with at least 40GB of space will be plenty. The base units can be picked up for as little as $50-$125 for the base computer, and add-in NIC cards are $10-$40 depending on what you use. If the box dies, I get another and move the drive over. If one of the NICs fry, I can pickup another NIC. Power requirements will probably be around 80W to 120W.
For the smaller sized PCs, you might only have 1-2 expansion slots which means you'll need a multi-port NIC. The cost of the dual-port NICs is likely to be more then what you pay for the base PC. I've seen dual-port refurbished NICs for as low as $50, but paying $100-$150 is more likely. However, good NICs tend to work fine for close to a decade, and it can be moved from PC to PC.
Posts
No comments:
Post a Comment