Building your own hardware firewall

  • Thread starter Thread starter Harrison
  • Start date Start date
  • Replies Replies 6
  • Views Views 219
Harrison

Harrison

Member
Joined
Dec 1, 2007
Posts
10,149
Country
UK
Region
West Sussex
Has anyone tried this?

I've have spare PCs and hardware lying around all the time. I built a Linux based nas using one a while back and often use older hardware as Linux test servers. However compared to dedicated hardware using a pc means a lot higher electricity use.

This got me thinking about the current range of small computers today such as the Raspberry Pi. So I did some digging and it looks fairly easy to use a Pi as a hardware firewall, utilising Cent OS. You could even make it a full router with gateway and dns if you wanted.

Very tempted as I would prefer a dedicated hardware firewall so I would ditch needing a software one of every computer.

So has anyone here tried?

The only limitations are the Pi's single lan port, but others have used a usb to lan adapter to add a second. The other limitation is total bandwidth. If your connection is under 100Mbps then it will be fine, but anything over and the Pi, with its 100Mbit ethernet and USB2 ports will bottleneck a faster connection.

Sent from my SM-G900F using Tapatalk
 
Making a hardware firewall from spare parts is not in most case energy efficient. A mini itx board with a 4 cores Intel atom (you can try an older 2 cores one) with 2GB of RAM is a good choice and I think that two good Ethernet cards (Intel chipset based - not those Realtek ones) is a must. First I don't think that Pi will be able to handle a medium high traffic on a NX distro and second a 100Mbit will not be enough (try to think how you will manage it as headless system through LAN while on heavy load - a firewall admin account have to be responsive at anytime). Maybe a cluster of two Pine64 with 1Gb LAn and 2GB RAM as a RISC system could do the job, however software for this board in most case is still in many cases on advanced beta.
 
Last edited:
It would only be for a home network so network traffic and load wouldn't be that great. I've read a lot of people using Pi's for this purpose just fine.

They are not expensive so when I have some time to play around I might test one out just to see.

Sent from my SM-G900F using Tapatalk
 
Yes probably, all depends on traffic and bandwidth of the WAN. Assuming you want to put only WAN behind firewall. Sometimes home networks are generating more WAN traffic than a small 10 users company. Think about lags, jitter and all connection stability parameters etc. Anyway as you wrote try and see in your free time.
 
I would suggest to take a look at dists like DD-WRT, OpenWRT and run it on a router which has the specs you need. The hardware is quite cheap and is optimized for router usage usually with dual ethernet and wifi AP. It will use a lot less power than even a small PC and has ample power for most home users.

I have a TP-Link TL-WR1043ND rev. 3.0 running OpenWRT which is running quite nicely with dual GB Ethernet ports. The price is not much higher than a Pi 3, but a lot cheaper considering you do not need any accessory hardware. The CPU can saturate my 100Mbps Internet speed without problems even though I have quite a number of filters applied in the firewall.
 
Last edited:
+1 for Mikrotik. Very plug n play and easy to use while being very professionally made.
 
You must log in or register to reply here.

Similar threads

Harrison
  • Locked
RPi4 hardware firewall
Replies
4
Views
187
Sardine
Sardine
H
Building own graphics card for Amiga (GBA1000 Graka)
Replies
10
Views
9K
hese
H
Back
Top Bottom