I’ve been using PfSense since about 2008. I first started running it on an old junk Pentium III desktop that I threw 2 PCI NICs into giving me something much more capable than my Westell DSL modem combo. Together with a 16 port switch I got from Penn State’s Lion Surplus my family’s home network was upgraded.


Today I’m still running PfSense and after several iterations of hacked together hardware (including a wall mounted version) I’ve finally purchased a dedicated appliance via eBay. I purchased a re-purposed Riverbed Steelhead (pictured below) which originally was a load balancer appliance. It’s got 2 usable NICs and 2 more that used to be failover ports which are seemingly locked down by the firmware (and on my ToDo list to unlock). So far it’s been much more friendly for power usage than my old inefficient PC style solutions.


riverbed-image


Some people might call it overkill, but with the scale of homelab applications I’ve got running it’s necessary. At the moment I use:

  • +IP Blocklists (China & Russia)
  • +Snort (Passive ATM, collecting data to gather trends)
  • +DHCP
  • +DNS (with forwarders to my AD DNS zones)
  • +TFTP (for PXE booting)
  • +HAProxy (handles most inbound traffic requests)
  • +OpenVPN Server
    • +Mobile Clients
    • +Site-to-Site between my dad’s house
  • +Bandwidth monitoring


So far those are the services that I have full in place, but that’s just the beginning. In the next few months I hope to have implemented CARP Redundancy by adding a second virtualized PfSense instance, segmented VLANs, and increated intrusion detection complete with dashboards! Maybe throw in some Ubiquity gear and I’ll be setup better than most small businesses ;)