Custom pfSense Router Firewall - Building, Installation, and Configuration
Вставка
- Опубліковано 28 лип 2024
- Featured Products: (affiliate links)
X10SDV Motherboard... ebay.us/TVC9Yx
CSE-505-203B Case... ebay.us/LiiKAo
IO Shield for Case... ebay.us/HUCRse
128GB NVME Drive... ebay.us/gcRABs
8GB DDR4 Memory... ebay.us/8f7v5z
Building a pfSense router and firewall using a Supermicro X10SDV motherboard in a CSE-505-203B chassis. This firewall features a 4 core Xeon D-1521 processor with plenty of power for routing and hopefully intrusion detection/prevention. This board also features a pair of 10GbE ports for all your connectivity needs.
Chapters:
00:00 Introduction
00:16 Motherboard Overview
03:00 System Assembly
05:37 pfSense USB Installer
06:38 BIOS Setting Changes
07:40 pfSense Installation
09:10 Interfaces Setup
11:34 pfSense Setup Wizard
12:37 Setting Changes
Contact Info:
Business email is lithiumsolardiy@gmail.com. I am not available for personal project questions or consultation.
Disclaimers and Statements:
► I receive a small commission on purchases made using my affiliated links shared the video description and comments section. The views and opinions expressed here are my own, unbiased, and not influenced by this commission in any way. - Наука та технологія
X10SDV Motherboard... ebay.us/TVC9Yx
CSE-505-203B Case... ebay.us/LiiKAo
IO Shield for Case... ebay.us/HUCRse (affiliate links)
Please let me know what you think of this build and if there's anything you would do differently! :)
Great video. Thank you. I used the motherboard you recommended, an 8 GB ECC RAM stick, and a Samsung EVO 890 M2 SSD in the CSE-504-203B chassis. At idle my pfSense firewall uses 18 W. I'll now set up Suricata following your video on that.
I really appreciate that you get to the point and edit heavily to make the video concise and reasonably brief. I also appreciate that you show the occasional mistake as I'm likely to make that mistake too and now know how to recover from it.
Awesome build! Hope to see your channel grow with success.
Omg I have been wanting to do this exact thing but had hard time finding the right hardware. Thank you for making this video and linking to the exact hardware! However that is really expensive board and case! Would like to see a more budget friendly build.
Nice Video!!!!
Very very good!
nice build you give a good idea for my clients!
Grettings from Mexico!
This is just what I want to do. Hope I can find some parts
Had issues but ended up being a firmware issue, luckily I got 2 of the motherboards and sending the one back. Up and running pretty good now.
Thanks! This was super helpful.
Good video sir !
Thanks!
I just deployed a Juniper MX480 router, working on bringing up some BGP sessions. Not at the homelab, but maybe I'll set up a GRE tunnel at home and route some IPv4/IPv6 to my house and then I can use my own IP's. :) I wonder if Pfsense can do GRE tunnels.
Excellent guide to get up and running. I have been worried about my ivy bridge CPUs hosting the router as I think those can be fuzzed now from WAN side and it's very much time for a newer lower wattage router build. Will we get more pfsense videos?
Thank you sir and yes, more on the way. VLANs will be this week. I'm not sure how exciting that will be, but it's a topic I want to cover. Hopefully Suricata next week - that's where the fun will be that prompted this whole build. I've been spending a LOT of time with it - it's crazy addictive (more than Chia!).
guess the 10gbe makes the 250$ board worth it... sort of, def think the dq77kb is still the top performing board for pfsense/opnsense, sure it's got a 4x pcie slot, but you can get an x550-t2 for like 80$ and with a 17w tdp xeon, she handles it all plus more
I don't necessarily disagree. I am a tad disappointed with the power consumption of this, though I do like that it has IPMI. I think I can do better and likely will try another build here in the next few months. The X550's are kick-ass cards too, I'm running a few of them and they would be perfect for a pfsense build.
Would love to see what the power consumption is over a good length of time (perhaps a few days).
Sorry, I meant to cover that and forgot... it sits idle at 30W. With normal home network load, it's around 33W. With Suricata running, it's around 38W - a little higher than expected but still pretty good.
@@HomeSysAdmin thanks! Just was going to ask this question.
30W idle seems a lot for this system (I was expecting 15-20W). Do you think it's an overhead from IPMI and relatively old platform?
@@dimav83 It is quite a bit higher than I was expect as well. From researching online, it sounds like the IPMI consumes about 10W in itself and there's no way to disable it on this particular board (I'm not sure I'd want to either).
@@HomeSysAdmin Brief research shows that 10GbE chip that this motherboard has uses circa 10-15W. Which, together with IPMI, explains the power consumption.
Anyway - thanks for the video. Really nice case!
@@dimav83 Interesting, where did you find that? I'd be interested in reading up more on it.
great
I'm doing something similar but they are not super micro, can I do the same settings in the bios? I think my MB is intel
Link for the ram broke in your description
I know what I'm doing today!
A blue mini video perhaps?
Moar mini build videos???
Is there a PFsense Binary that could be installed on a old eero pro 6 MESH Router?
How much headroom is left on this, I have 8gig up/down here, and id like to virtualize pfsense/truenas for a few drives, and maybe a few extra vm's. looking for a good solution and prefer to stay low power, electric is expensive ^_^
Hi, just curious, how is the noise level of this? When running normally, does it get loud? did you eventually add extra fans? Thanks
It's not very loud at all while running normally. It is getting a bit warm so I'll be adding a small fan just to get air moving through the chassis. It's sitting around 56C which isn't overly bad but is a bit higher than I'd like for normal operation.
@@HomeSysAdmin Thanks for the reply, yea, i really like the idea of diy this host, my only concern is the my network cabinet is kinda sit very close to me, I tried to go fanless as much as possible. Thanks for the info man.
My main question would be how much you spent on that build. I'm very interested in that chassis and a motherboard that'll give me around 2 SFP+ 10Gb ports & at least one baseT port greater than 1Gb (can be 2.5, 5, or even 10 Gb), so I'm looking at a system such as the SuperMicro SuperServer 5019D-4C-FN8TP, but its approx. $1000 price tag seems a bit steep (I also wouldn't have much use for the 4 extra 1Gb baseT ports). Thanks!
The total cost came in right around $525. You can probably knock $100 off if you can find a used case. I spent more than I should have on the case because I really liked the front-facing design. And yes, the models with SFP+ ports are around 2-3x the price unfortunately.
@@HomeSysAdmin Thanks for the info, very useful! I love that case, indeed, so I'd probably go for it regardless of the cost. So I guess I'd just have to find the correct motherboard for the networking that I want, to see if I can get that price tag below the $1K mark. I just thought of going for the SuperMicro build because, as confirmed by Serve The Home, it boasts some pretty high quality (and certainly higher than what I could put together, e.g. cable management). But, on the other hand, buying it pre-built certainly takes away a good deal of fun ;)
@@HomeSysAdmin @jmpalacios I followed a similar build that was with 32 GB 2133HZ ECC RDIMMs for $505 US before tax. Only thing used was the motherboard I from Ebay which was $250.
@@engineerallthings hi , What memory model did you put in it? I want to build one with 32GB ram ecc
15:00 could it be that you missed to enable PowerD? If this isn't enabled, your CPU will likely run at max clockspeed the entire time :)
did ever got the chance to add fans?
Yes, I added a small 1U fan from an old Supermicro chassis.
Gotha space ila nu polambadha da
any reason for the free pfsense over the fre opnsense? just personal experience?
Simply because there's no reason to look it when it's a fork/copy of pfSense and there's nothing wrong with pfSense.
Used to be big on pfSense, until they went all corporate, and I switched to the new OpenSource project (fork). It also offers me more of what I actually need/want, like it's built in Geo IP lists for blocking unwanted countries, etc. That was a little more of a pain, though possible, on pfSense. I host services and it's nice to easily block those pesky intruders from scanning my IPs. Also I prefer it's UI (and lack of nagging support/licensing... *cough*). Nothing 'wrong' with pfSense, OPNSense is just better, in my option.
You mention there is another motherboard that has more then 2 10gb 10baseT ports, do you have a model number? I need 2 WANs and at least 1 LAN port on my motherboard. Get video!!
There are other versions of the X10SDV that have additonal 1Gb ports. There aren't any with more than 2x 10Gb ports. If you need more than 2x 10Gb, you could add with a pcie card.
@@HomeSysAdmin I found the X10SDV-4C-TLN4F which contains 2 extra 1gb ports. Thanks again!
is there an App for pfSense or is it possible to remote in to it to configure or change settings.
Please see this article regarding remote access...
docs.netgate.com/pfsense/en/latest/recipes/remote-firewall-administration.html
@@HomeSysAdmin thanks I'll check it out
Is this good for 10G network?
I'm not sure how close you can get to full 10gig. If you're just doing basic rules/routing, I would expect to see full throughput. If you're doing a lot of switching, probably not. If you're doing a lot of IDS/IPS - definitely not.
I'll benchmark it if I can find a way to do it properly. My home internet connection is only 200mbps though.
@@HomeSysAdmin it’s for basic rules but won’t passing 10g through the firewall slow it down to the speed of the firewall lan speed?
Curious why pf, not open sense?
I don't have a reason beyond wanting to use pfSense. Is there a reason I should have used Open Sense instead? Something it does differently/better?
@@HomeSysAdmin I went on then pf. When I was done with the pf install they wanted feedback. That pissed me off. I didn't have It configured so I went back to open sense and never looked back.
But if you have the money bump the RAM up to 32GB or 64GB and get an extra stable Firewall.
How will that make it extra stable? There is still 10GB free of the 16GB that I installed. That's more than half.
@@HomeSysAdmin I am running a Linux based system and with 16GB it locked up regularly but when I put 32GB of RAM in the problem went away.
@@DAVIDGREGORYKERR What memory model did you put in it? I want to put 32gb ram ECC.
You skipped over the tedious part about the psu only being 20 pin
I had read somewhere on the Supermicro website that it was acceptable to use the 20-pin connector for this particular board. That's what I did and it has been working fine. I cannot recall where exactly I read that though - it's been a while...
Yea I ended up doing the same and it worked out but I had found your video first and was hoping to see you address that since its one of the items that had me scratching my head at first ha. @@HomeSysAdmin
@HomeSysAdmin it's in the mobo manual