pfSense is an awesome project for the home tech enthusiast. It’s much more powerful than any Asus, Apple, Google, or Linksys router. While it’s true that those routers are built for the general consumer, with easy setup and minimal administration, pfSense takes those types of routers to the next level.
pfSense is a firewall/router that is jam-packed with features. There's too many great features to list in a summary. In two years of using pfSense, it's needed one reboot to function correctly. It's not the easiest router in the world to configure unless you're a network administrator, as it's designed for enterprise more so than a home network. So be prepared to do some learning. pfSense has a large user base and an active forum. Most features are well-documented on pfSense's website. You have the option to purchase a technical support plan for $99, otherwise, it's completely free!
Why consider pfSense?
First, before I begin touting the features of pfSense that you simply can’t find in most home routers, let’s discuss the disadvantages of pfSense and why it might not be the router of choice for you.
1) Price. This may or may not be a factor if you have an old PC lying around. If you want to buy a new PC, you’re probably going to exceed the $100-200 that you would spend on a big-box store router . For a mini-ATX motherboard with a fanless CPU, hard drive, and a case, I spent close to $375. You can also buy directly from the pfSense Store, but again you’ll be shelling out $300 for their cheapest model. However, pfSense- which is based on FreeBSD- is absolutely free to download and use.
2) Administration. Again, this may or may not be a factor. If you don’t want any of the frills of pfSense then this router can be just as easy to administrate as any other home router. In fact, most people could install pfSense, throw it on their network, and be done with it. It’ll just work. However, if you want to use add-ons or download software updates, it’s like any other operating system, there may be hiccups that arise every once in a while.
The advantages? The biggest for me…it’s the last router I’ll ever need. The software is updated frequently and the developers are always looking for ways to make things work faster, better, and more securely. Here are some more advantages:
1) Flexibility. You can set your network up the way YOU need it, not the way a manufacturer thought you might like it. For instance, a problem I ran into with the Apple Airport Extreme was with the DHCP reservation limit of 25. We have about 50 online devices in our household, and that just wasn’t cutting it. For access control, the Airport Extreme was limited to MAC filtering. With pfSense, I can assign each device a static mapping based on MAC address or hostname, group those devices together using aliases (think kid’s iPod, Nintendo 3DS , and laptop), and limit network access during their homework period or bedtime. This greatly reduces the administrative burden.
2) Static mappings. This is pretty much a static IP address, but it’s assigned by the DHCP server. This means I don’t need to go to each device to configure a static IP. I prefer static IP addresses for certain devices for different reasons. For the kids, this allows me a way to monitor their online activity using NxFilter (by intercepting DNS requests) and also to prevent access during certain times of the day or week. Additionally, I have a number of IP cameras on the network, and my Blue Iris camera server that they record to needs to know their addresses. I do use a DHCP range, but mostly for “smart” devices, such as our SmartThings hub, and also as a guest network for visitors.
3) Add-ons. pfSense, a Linux variant, appropriately calls these packages. There are a number of available, useful packages such as Squid proxy server, SoftFlowd network analyzer for data redirection, and OpenVPN client export for setting up your Windows, Android, or Apple VPN client.
4) Traffic shaper. Have a teenager that likes to bog down your network streaming music and videos? This is the solution.
5) Statistics. If you have an ISP that has a data cap (here’s looking at you Comcast) and you are worried about going over your monthly cap, pfSense gives you a ton of information that you can use to track your usage.
6) Scheduling. Whereas most routers give you relatively few options as far as when to enforce access rules, pfSense gives you a lot more flexibility. Again, let’s take the Airport Extreme for example. With that router, I could limit access during specific times for each day of the week (Monday through Sunday), during the weekdays (M – F), or during the weekends (Saturday & Sunday). While this is fine in most cases, with pfSense I can take my kids’ school schedule and enter it for the entire year so I don’t have to worry about editing schedules for those days! You can read more about using pfSense schedules here.
So let’s get started. This tutorial installs pfSense in a virtual machine for illustrative purposes, but the steps are exactly the same for actual hardware. The version being installed is pfSense 2.3. pfSense requires a minimum of 2 available Ethernet ports (one for WAN, one for LAN). You can follow the slideshow below to install your new router:
Slideshow- Tap or click to view
The hardware- building your own
I decided to start with a Mini-Box M250 Mini-ATX case simply because it was small (about the size of a hardback Stephen King novel) and I liked the design. I also wanted to keep the noise down and needed a well-ventilated case that would adequately support a fanless CPU. This was a great choice, and at the current price of $50, it’s a steal.
I added a Jetway NF9HG-2930 Mini-ATX motherboard, mostly due to the 4 Gigabit network ports to include the possibility for future expansion. The Intel Celeron N2930 provides a clock speed of 1.83 GHz, with boosts up to 2.16 GHz. This was my first time using a processor with a heat sink that I didn’t have to install. I was a little worried about that but it worked out ok. Additionally, the power supply is built into the motherboard so you won’t need to install an external one. I didn’t really know what to expect as far as memory went, and 8 GB of Crucial memory was probably a little overkill. 4 GB would be plenty for pfSense. All that’s left to do is slap a hard drive in. I went with a Sandisk 120GB SSD and haven’t had any problems yet.
The entire build consists of opening the case up, mounting the motherboard, and installing the RAM and hard drive. Much simpler than building a high-end gaming PC.
This build gets you a pfSense router comparable to this one from the pfSense store that costs $500.
- Read more about how to get rid of pfSense DNS rebinding warning
- Read more about how to forward ports with pfSense
- Read more about how to set up pfSense schedules
- Read more about Windows Home Server 2011
- Read more about Kodi
- Read more about Plex
- Read more about NxFilter