Hiya, looking the a firewall for my homelab, mostly to experiment but also for a added layer of security. There are just two of us in this household with a few laptops, phones and my servers, so nothing much. Therefore looking for something affordable and not “overkill”.

Anyone got any recommendations for this? Also how do you run your opensense/pfsense instance?

Appreciate any tips!

  • yannic@lemmy.ca
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    13 hours ago

    You don’t mention your throughput requirements. How fast is your internet connection? Will you be a VPN server and/or VPN client? A reverse proxy? All that adds overhead but really not that much compared to other services. It just changes your requirements as to how many years obsolete your hardware can be.

    Generally, whatever desktops or laptops businesses are throwing out in the trash will be more than enough.

    If you have a managed network switch or one that can do VLANs, a router on a stick will work fine, especially if your Internet connection isn’t more than half the speed of your server’s network card. A repurposed laptop is perfect for this, because it has a built-in UPS and console!

    I’ve got a 13-year-old server handling my 300Mbps internet connection, Wireguard, reverse proxy, and other stuff. It used to handle a backup internet connection, too. It’s regrettably on pfSense and I’m trying to migrate it to opnSense but my setup isn’t exactly by the book. I put stuff that’s supposed to go out over VPN on a separate VLAN and I give them a separate OpnSense router running in a VM so there’s much less chance of leakage.

    One thing I did learn the hard way is that a lot of consumer “smart” devices wrongly assume to be on the same broadcast domain as any servers, clients, or peers they talk to, so even with avahi handling relaying between VLANs, they won’t work. It’s annoying having to move your dishwasher off the IoT VLAN just to make it work.