Skip to main content

pfSense - Router OS

I recently started evaluating load-balancing solutions for our small office.  Verizon seems to never have a clue, and loves to spontaneously shut accounts down for no good reason, and without warning.  For any of your Verizon DSL or FiOS users -- beware!

I have begun evaluating a hardware device called the HotBrick LB-2 which supposedly is designed specifically for taking two WANs and load balancing traffic (with failover).  Exactly what I want. While looking at prices, I came across discussion of an open source project called pfSense.

Now normally I will consider open source for applications I can customize, but I never really considered running something like this in place of our router or firewall.

Documentation is scarce, but I have been discovering some impressive things about pfSense:

  • It is based on m0n0wall -- an excellent BSD router OS with a web management interface
  • It can be run off a Live CD !!!
  • You can set it up to run in production off the live CD and save your changes to a USB key (no hard drive!!!)
  • It has built in support for load balancing WANs
  • It has built in QoS (Quality of Service) weighting, and it works for VOIP (Voice over IP)
All of these things add up to something that is a lot less scary... sort of...

I am impressed enough that I will being a new project on the side (yeah, that means it will take a while) to setup a pfSense box for our office.  I expect my specific challenges will be around configuring the DMZ for our servers, which use static IPs on ONE of our WANs.  Once its load balanced, hopefully incoming traffic will go to the right place for the DMS, and outgoing (and VOIP phones) will be load balanced both ways.

Popular posts from this blog

Installing python 3.4.x on OSX El Capitan

I love "brew" package manager, but sometimes being too progressive breaks things.  I have several python apps that I maintain that get deployed to AWS using Elastic Beanstalk.  AWS eb can deploy with python 2.7 or 3.4.  Any recent 'brew install python3" will get 3.5.1. #annoying

Making Macbook Air with 128GB SSD usable with Bootcamp

I recently got a new Macbook Air 11" (the 2012 version) and loaded it with goodies like 8GB ram and 2GHz Core i7.  What I DIDN'T upgrade was the internal SSD.  My config came with 128GB SSD and I refused to pay $300+ to upgrade it to 256GB.  Yeah I know, some call me cheap, but SSds cost $75-$150 for 240GB, so adding another 128GB for $300 seemed way too steep for me.  I figured "ok, I'm going to make 128G work!"

Here is the story of how that went...

Getting Started with OpenVAS on CentOS - an open source vulnerability scanner

The Open Vulnerability Assessment System (OpenVAS) is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. (Taken from the OpenVAS website, which is at )

This blog entry will introduce OpenVAS version 3.1, walk through installation on CentOS and is intended as a "getting started" guide. I'll also do a guide for installing on Ubuntu later.