Re: A FreeBSD-based Router

Reply: paul beard : "Re: A FreeBSD-based Router"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Martin McCormick <martin.m_at_suddenlink.net>
Date: Sat, 05 Apr 2025 21:43:00 UTC
Thanks to everyone who has replied.  This is the sort of
information I was hoping for and the idea of an appliance-like
approach is attractive.  I am an amateur radio operator and some
of the gear we use consists of Raspberry Pi's and so-called
top-hats which are circuit boards that run software written for
the application such as a hotspot or a hotspot that converts one
digital voice protocol in to another but one can run in to
trouble with perfectly good new equipment in which somebody buys
or tries to use a Raspberry Pi of the wrong hardware revision or
some other esoteric detail like that and ends up with a lot of
nothing after wasting a huge amount of time and resources/money
making this discovery.

	Maybe I am a bit lazy, but I feel better about getting
something like the distributions you describe, here because I am
not interested in reinventing the wheel, just getting one that is
more comfortable to use and probably has more up-to-date security
features as well.

	Some years ago, I saw a log of an attack directed at one
of the computers where I worked and the intruder knew just what
to send to the login process and he was in in the blink of an eye
with a root kit.  All he did was setup an IRC chat on that system
and he was discovered almost immediately but we were just lucky
that time.

	I run fail2ban on my out-facing Linux box and it is
amazing to see traffic from all over the world mostly using
scripts trying to gnaw their way in as root or test or something
similar and, fortunately, not getting in but it's just a reminder
that the morons really are out there, pounding away from
somewhere on Earth 24/7.

	Anyway, thanks again.

Martin

Juan Manuel Palacios <jmpalacios@gmail.com> writes:
> Other than talking about the appropriate hardware for the task at hand, I 
> find it rather odd that no one has yet mentioned either the pfSense or 
> OPNsense distributions. They’re both router-oriented, FreeBSD-based, 
> web-administered, text-based-managed, and, above all, extremely versatile.
> 
> Mind you, I’m not talking to any degree against rolling out raw FreeBSD 
> plus packages plus some orchestration solution to manage changes, I 
> absolutely love that approach. But if what you want is a turn-key, 
> ready-made solution to provide router-related functionality to your home 
> network, then either of those two more than fit the bill.
> 
> I’ve been running pfSense here at home for the last… what, 6 years 
> already? And it’s been rock solid! And on that router I run a DCHP 
> server, DHCP6, radvd, unbound, HAProxy with a few ACME certificates, 
> OpenVPN, a whole bunch of VLANs, plus of course pf with a bunch of rules 
> for each of those VLANs, and probably other things I might be forgetting.
> 
> Furthermore, that pfSense router runs in a VM, sitting atop a Supermicro 
> MOBO & a not super powerful Intel CPU, leveraging PCI passthrough for 
> three NICs, and sometimes I just get bored at having almost nothing to 
> worry about because it just works 24/7/365 without skipping a bit.
> 
> Again, other than discussing what would be the appropriate hardware for 
> your setup, an appliance-like solution like that is definitely what I’d 
> recommend.
> 
> HTH!