Almost Made a Less Power Hungry NAS

[gpsguy]

pirateghost is running it with 2GB on his test box. For the latest 9.x versions, I'd rather have a base of 4GB. The software continues to evolve, adding new features and fixing bugs. I've probably been using it for at least 5 years (I started with v 7.0).

 

[pirateghost]

pirateghost is running it with 2GB on his test box. For the latest 9.x versions, I'd rather have a base of 4GB. The software continues to evolve, adding new features and fixing bugs. I've probably been using it for at least 5 years (I started with v 7.0).

yes, it does do much better on my i3/4gb ram build vs the thin client I have it on now.

 

[joeschmuck]

How about this laptop as an example... It has an internal Intel NIC, 2.4GHz Core 2 Duo, 4GB RAM, 160GB Hard Drive. Turn off the WiFi and I think it's a reasonable piece of hardware to run a firewall. I'd appreciate any opinions on that.

 

[pirateghost]

How about this laptop as an example... It has an internal Intel NIC, 2.4GHz Core 2 Duo, 4GB RAM, 160GB Hard Drive. Turn off the WiFi and I think it's a reasonable piece of hardware to run a firewall. I'd appreciate any opinions on that.

Personally, I could never ever think to use a laptop for my router/firewall. My biggest concern is a USB-ethernet. I would rather pick up an old optiplex 960 and a low profile nic (the intel quads fit in the SFF optiplex boxes if you remove the bracket from them)

 

[gpsguy]

pirateghost is on the ball tonight. scratch that reply.

I really wish Intel would release a NUC with 2 onboard NIC's.

 

[pirateghost]

pirateghost is on the ball tonight. scratch that reply.

I really wish Intel would release a NUC with 2 onboard NIC's.

Would love a NUC with multiple NICs.

Routers and firewalls are where I have spent a good portion of my time playing for the last couple of years. I have been using Sophos (used to be Astaro) since around 2009ish(?), but have tried to duplicate its functionality many times over the years. I have played/tested every option for a router/firewall system out there (linux/bsd based distros, home rolled, etc)

 

[joeschmuck]

I'm thinking about giving my USB to NIC adapter a try on my test rig to see how it works, or even if it works. If it works then the laptop idea is possible. I could also look into PCMCIA or PCIExpress adapters but first I'll give the items I have on hand a test.

As for using another full sized computer, I have those and they are taking up too much room and power. I'd love to take my FreeNAS computer and add sophos to it. Sure, I could run ESXi and things would likely work just fine, but I'd need to do more research into it and buy another NIC card with 2 or 4 ports. Actually, I'd probably buy a 4 port card so I only have one add-on card installed into the system. That would mean I'd have to add one more hard drive and I'm out of SATA ports. Looking like the laptop idea is more attractive right now. I'll test it out tomorrow, getting late and I like getting up early (I never sleep in, the dog wakes me up to go outside and do her business).

Can sophos do it's entire job using a single Ethernet port? It's not like my internet speed is very grand, 20Mbps maximum download speed, 3Mbps upload speed. All internal routing wouldn't go through the sophos box but rather directly to each system like my main computer to my FreeNAS for a backup. That is why I have wired Gigabit throughout bu the WAN side is slow.

 

[pirateghost]

Can sophos do it's entire job using a single Ethernet port? It's not like my internet speed is very grand, 20Mbps maximum download speed, 3Mbps upload speed. All internal routing wouldn't go through the sophos box but rather directly to each system like my main computer to my FreeNAS for a backup. That is why I have wired Gigabit throughout bu the WAN side is slow.

it can only work on a single port if you utilize VLANs. you need to pass traffic THROUGH the device (either in bridge mode or router mode it doesn't matter, you need 2 'NICs' even if they are VLANs). Your switch on your LAN side would take care of internal traffic, but you need to route out somewhere, and you cant really do that on one nic.

 

[joeschmuck]

I heard pfSense can do this type of traffic routing and I'm not really keen on that idea, just thought I'd ask about it.

Now I'm looking at some other single board celeron computers. I think it will cost more to build one of these than using a laptop. I'll report how my experiment works tomorrow.
Is there any easy bandwidth test to do to see how it's working? I'm thinking DSL Speed Test but I don't know if that really means anything, it's not like I will have a lot of different IP addresses trying to get into my system while I'm running the test.

 

[pirateghost]

standard speed tests only verify you can get your internet speeds. really the test is enable IPS, web filter, and firewall rules, then run some testing.

 

[joeschmuck]

That is what I was thinking. I'll just not sure what those tests are but I'll do some Google searches, I'm certain I will find them. Maybe the trick is to try to ping some Chinese government site and then I'll get hit hard ;)

 

[pirateghost]

That is what I was thinking. I'll just not sure what those tests are but I'll do some Google searches, I'm certain I will find them. Maybe the trick is to try to ping some Chinese government site and then I'll get hit hard ;)

LOL. I wouldn't worry too much about how well it stands hits from the outside. It is unlikely anything will hit you that hard.

 

[diedrichg]

My father is always calling me about another virus he magically got and that I need to remotely log in and fix it for him.

My typical setup to prevent bugs is:
*Firefox or Chrome with Do Not Track opt out enabled in settings
*Adblock Plus add-on
*Avast! Antivirus
*ZoneLabs ZoneAlarm Free Firewall(they have a toolbar that is not optional to not install but it is easily uninstalled from the programs menu) Comodo Free Firewall is another option but is a little noisy with pop-ups for the novice use.
*Spywareblaster (adds blocked sites to the hosts file
*Spybot Search And Destroy v1.6 (also adds blocked sites to the hosts file. Versions 2.x I consider bloatware.) Can also scan for malware.
*Malwarebytes Antimalware Free (scan for malware only)

If you want a paid option, Bitdefender Internet Security Antivirus/Firewall combo - after searching for coupons such as back to school discounts, you can get a pretty good deal. I ended up getting 2 years for the price of 1 and it can be installed on 3 clients. It replaced Avast, ZoneAlarm and required I uninstalled Spybot but I put it back on so that I could keep the hosts file up to date. I believe it required Spybot to be uninstalled because v2.x runs in the background and is a conflict... But v1.6 does not run in the background and therefore not a conflict.

That's it. That's all I run and I don't get any nasties on my Windows installations, and I visit some pretty shady corners of the interwebs.

 

[joeschmuck]

You know, I've been using Norton Internet Security for years now and never had an issue, but then again I'm a bit mindful of what I do. Been using it on my wife and daughters computer as well and haven't had an issue there either. I just installed it on my fathers laptop and crossing my fingers it will do the job.

I have Sophos running now on a separate subnet where I can use my VM to play with it and see what I need to do to configure it properly. So far I've only reset it to defaults once. I have noticed that when I go to www.msn.com that it doesn't always show all the images and I have to refresh the page. There must be something I need to change and I'm sure I'll figure it out. I have it blocking all countries but USA. seems nice. I'll have to see what the logs end up saying.

 

[gpsguy]

You can peruse the log files from the webgui, or configure SSH (with a password for loginuser and root) and look at /var/log/http.log [for today's history].

Historical http data can be found under /var/log/http/2015 ... (i think that's the path).

 

[joeschmuck]

I'm using the GUI right now and setting up things to block like pckeeper dot com. My dad loves to click on those type of warning messages. I can't begin to tell you how many times he's called the toll free number and let someone remotely control and install software on his machine, then ask for almost $300. The last one said he wasn't selling it but pointed him to an Ebay offering for anti-everything ware for the low low cost of $285. What a rip off.

I really like the country blocker, it seems to work well and is something my normal router definitely does not have. I think it could take me a month to set this thing up well.

 

[pirateghost]

Also, the home sophos utm comes with 10-12 free licenses for sophos anti virus. If you use web filtering, the web filtering policy will follow the user on their laptop. Meaning they can travel anywhere and still be filtered just like being at home.

 

[joeschmuck]

Well that is good to know. I think I have that setup properly. Soon I want to place this on my main network to collect some data from family usage (a.k.a. The complaint department) to see what shakes from the trees. The only thing holding me back right this second is I don't really feel like reconfiguring a wireless router to an AP. I'm feeling like it's lunch time instead, then maybe setting up the AP.

 

[pirateghost]

Lunch is always better than messing with an AP

 

[Jailer]

The only thing holding me back right this second is I don't really feel like reconfiguring a wireless router to an AP. I'm feeling like it's lunch time instead, then maybe setting up the AP.

That part is simple. Turn off DHCP on the router and give it a static IP. Plug your network cable into a LAN port and you now have an access point.