Almost Made a Less Power Hungry NAS

[Ericloewe]

If you start using pfSense, set your Asus router to Access Point mode. It'll automatically disable all sorts of network management stuff (like DHCP and NAT) and the WAN port can be used as an uplink, instead of going to waste.

The combination works perfectly and is the ideal solution for most power users - pfSense's flexibility and the Asus router's excellent WiFi.

 

[joeschmuck]

I ended up removing my router entirely which means no wireless for now. I'm a bit overwhelmed by all the settings and such of pfSense. More reading to do. Lots more.

I have a few other routers I can fall back on to make as an access point so I'm not committed to pfSense just yet.

 

[Ericloewe]

I ended up removing my router entirely which means no wireless for now. I'm a bit overwhelmed by all the settings and such of pfSense. More reading to do. Lots more.

That's how I felt. It has a steeper learning curve than FreeNAS, especially if you're not experienced with firewall configuration.

 

[pirateghost]

I find sophos to be a much better fit in my home environment. I have a 12 year old boy, and need proper filtering, which sophos utm provides.

 

[gpsguy]

Since you have the horsepower, you might want to look at Sophos (formerly Astaro) UTM Home Edition (free for home use). It's more than just a firewall, it's a UTM (unified thread management) and provides features like firewall, vpn, content filtering, antivirus, antispam, intrusion protection, ... Like FreeNAS they have a community based forum that provides great support for those without support. Or for those with paid support, one can often glean helpful information about the product.

While it doesn't need the hardware in your test rig, it won't run (very well) on say an old Atom CPU with 2GB RAM. I am using it for two businesses and pay $$$'s for hardware, software, and support.

The "free" version is identical, but the major limitation is 50 protected IP addresses. Note, one of the businesses used to pay ~$1600/yearly [USD] for a 50 IP software license with fewer (licensed) features than what was included in the free version. Because they are a business, they needed to pay for a license.

@pirateghost also uses the product.

I have read up on pfSense and I have my FreeNAS test computer, it's a bit overkill but it's in my computer room collecting dust while ...

Note: I'm not a dealer for the product, just a happy customer.

 

[gpsguy]

I got interrupted while composing my message - I didn't see your message, until I posed mine.

I find sophos to be a much better fit in my home environment.

 

[pirateghost]

Since you have the horsepower, you might want to look at Sophos (formerly Astaro) UTM Home Edition (free for home use). It's more than just a firewall, it's a UTM (unified thread management) and provides features like firewall, vpn, content filtering, antivirus, antispam, intrusion protection, ... Like FreeNAS they have a community based forum that provides great support for those without support. Or for those with paid support, one can often glean helpful information about the product.

While it doesn't need the hardware in your test rig, it won't run (very well) on say an old Atom CPU with 2GB RAM. I am using it for two businesses and pay $$$'s for hardware, software, and support.

The "free" version is identical, but the major limitation is 50 protected IP addresses. Note, one of the businesses used to pay ~$1600/yearly [USD] for a 50 IP software license with fewer (licensed) features than what was included in the free version. Because they are a business, they needed to pay for a license.

@pirateghost also uses the product.



Note: I'm not a dealer for the product, just a happy customer.

I found an HP thin client on eBay that a lot of people are using for pfsense boxes. It has an extended case with a riser card already in it. $50 for the thin client, threw in a pcie 4 port Intel nic, and made a custom cable to run a laptop hard drive. It has an atom n280, and 2gb ram. It is definitely slower than my previous setup (i3, 4gb ram), but it works well with my 100mb internet connection (only thing I can't run is the intrusion prevention). Not a bad deal for the money. It was just an experiment, and has been running for a week now.


Link for anyone looking for low power pfsense box or if you want to convert it to run utm.

http://pages.ebay.com/link/?nav=item.view&id=161743200276&alt=web

 

[Jailer]

I'm currently running an old Pentium 4 2.4Ghz and Epox motherboard with 1GB of RAM. My internet connection is quite slow 4.5/1.5 so my hardware needs are modest. I also run Snort and pfblockerNG and it doesn't even stress this box at all.

I'm planning on a new build for a longer term solution based around a Supermicro J1900 board for the very same reasons you considered a new freenas box; power consumption. But the difference in power savings for me should make the new box pay for itself in a few years time and will last me for a long time to come. That and I want something with a smaller footprint and no fans. I'm getting crotchety in my old age and noise is one thing that seems to be more annoying as I get older so anything I can do to eliminate it is a bonus.

If you haven't already I'd ditch the Rpi idea. You won't be able to pass enough bandwidth to make it a worth while project. If you already have one then by all means try it and see but I wouldn't suggest purchasing one just for this idea alone. There's a 4 page Pi2 thread over at the pfsense forums that you might want to take a look at if you're still considering this.

https://forum.pfsense.org/index.php?topic=87983.0

 

[Jailer]

I found an HP thin client on eBay that a lot of people are using for pfsense boxes. It has an extended case with a riser card already in it. $50 for the thin client, threw in a pcie 4 port Intel nic, and made a custom cable to run a laptop hard drive. It has an atom n280, and 2gb ram. It is definitely slower than my previous setup (i3, 4gb ram), but it works well with my 100mb internet connection (only thing I can't run is the intrusion prevention). Not a bad deal for the money. It was just an experiment, and has been running for a week now.


Link for anyone looking for low power pfsense box or if you want to convert it to run utm.

http://pages.ebay.com/link/?nav=item.view&id=161743200276&alt=web

Those thin client machines make great, cheap pfsense boxes and shouldn't pull too much juice either.

ETA: The only downside i see with them is no 64 bit support. 32 bit support in pfsense will come to an end at some point and likely in the not too distant future.

 

[pirateghost]

Those thin client machines make great, cheap pfsense boxes and shouldn't pull too much juice either.

I think it is something silly low like 12w with the compact flash. With a small laptop hard drive, I would expect more, but it is fanless and silent (which is why I was trying to replace my old build, the PSU and the CPU fans were wicked loud)

 

[diedrichg]

Link for anyone looking for low power pfsense box or if you want to convert it to run utm.

http://pages.ebay.com/link/?nav=item.view&id=161743200276&alt=web

Thanks for the link! The more you guys talk about pfSense, the more I want to build one.

That thin client looks great for $50, far cry from the $400 I thought I might have to spend. A few questions though...

1. Can you bring the RAM up to 4GB?
2. Would this hardware be able to run VPN? I travel for work and being able to access my server and HTPC are essential.
3. How do you serve the LAN without ports?

 

[pirateghost]

Thanks for the link! The more you guys talk about pfSense, the more I want to build one.

That thin client looks great for $50, far cry from the $400 I thought I might have to spend. A few questions though...

1. Can you bring the RAM up to 4GB?
2. Would this hardware be able to run VPN? I travel for work and being able to access my server and HTPC are essential.
3. How do you serve the LAN without ports?

1. Yes. It will handle 4gb that I know of, maybe 8

2. Don't see why not. I run sophos utm with full VPN capabilities

3. It comes with a riser card. I added a 4 port Intel nic that I already had. You only need 2 ports for a router/firewall though...

 

[Jailer]

Thanks for the link! The more you guys talk about pfSense, the more I want to build one.

That thin client looks great for $50, far cry from the $400 I thought I might have to spend. A few questions though...

1. Can you bring the RAM up to 4GB?
2. Would this hardware be able to run VPN? I travel for work and being able to access my server and HTPC are essential.
3. How do you serve the LAN without ports?

Whats nice about pfsense is package options to greatly expand its capabilities beyond just a firewall and frequent updates. Most consumer routers dont see many updates at all unless they are capable of running Ddwrt or other modified firmware.

 

[gpsguy]

In addition to what pirateghost has said, sophos offers several VPN options. I've used the traditional SSL VPN, L2TP (for iPad access), and in recent years started using HTML5. The latter doesn't need a client, just a supported browser.

 

[joeschmuck]

Hey folks, I like all the firewall type talk here. I will have to check into the other product sophos as well.

I will build some device, possibly reuse an older laptop if I can and make this happen. My father will be moving in with my family in the near months, and my son and his family will be moving in for a few months while he gets out of the Army. It's gonna be a full house but more importantly it will be hell on my network. My father is always calling me about another virus he magically got and that I need to remotely log in and fix it for him. The son and his family, well who knows what will happen there. I had planned to run separate networks (I have two WAN IP's), one for my normal home network and then a second for everyone else but that will not be foolproof so I am really liking this pfSense thing and as I said, I'll look into sophos as well. I'm very willing to run a higher powered computer (I have several) if I must but I'd rather see what this laptop can handle. Now I need to go find the USB-Ethernet adapter in the basement and see if it still works (hope it's 100Mbit too).

I do not need VPN or anything fancy, I thing a firewall with intrusion protection is perfect, and I have no problems with a reasonable paid service for updated vulnerable IPs.

 

[pirateghost]

Sophos sounds perfect for you. An AV/web filter/anti-malware on the border is the perfect fit.

 

[BigDave]

Edit:
Duplicate answer, sorry

 

[Jailer]

Actually, separate subnets are what you are looking for. Keep one subnet for your home network and a separate subnet for all your guests. You'll need a vlan capable switch and/or multiple NIC's for separate local network allocation. I'd go with a good managed switch with vlan capabilities to keep the guest network separate for now and it leaves you options for future expansion.

pfsense or sophos will be capable of handling what you want, you just need to decide what you want to go with.

 

[joeschmuck]

I have been running separate LANs on two different subnets (I have two wireless routers running) in order to keep things separate. I will be trying sophos as pfSense is much more complicated and appears to be a networking Gurus dream, not mine.

The only limitation I could find with sophos was 50 IP addresses to be served up but I am no where close to 50 IPs, I might have 16 on a bad day and that is quite a lot. The system requirements seem to be fairly light but also not very clear, especially on the website. I think it's a dual core 2GHz x64 CPU with 2GB RAM (4 GB preferred), and 120GB hard drive. I have a few laptop SATA hard drives, one 240GB and one 500GB, both like new and came out of laptops I installed SSDs into right away. I just need a bit more hardware.

So I looked into using my old laptop and it's just too old. It runs a VIA C7-M 2GHz CPU w/1GB of RAM. I like the fact that it's free and low power but the x86 CPU and low RAM may put it right out of being able to operate, none the less I will still give it a shot in the morning and maybe it will work just fine as a starter system. I'll likely end up placing it on my test rig because I do want web filtering turned on.

Now I'm drooling over building a new small computer to act as my firewall to run sophos. Time to plan something that can take it without breaking the bank.

 

[pirateghost]

Just an FYI about the 50 IP limit:
It only applies to devices getting their DHCP from the Sophos box. If you run DHCP service elsewhere on your network, you should not see any IP addresses in use.
Another way to get around this is to use the UTM in a transparent bridge between your current router and the rest of your network.