how to use pfsense to protect a linux laptop

Discussion in 'all things UNIX' started by lurningcerv, May 31, 2014.

Thread Status:
Not open for further replies.
  1. lurningcerv

    lurningcerv Registered Member

    Joined:
    Dec 27, 2011
    Posts:
    87
    I'm looking for a firewall to protect a linux laptop that normally connects to the net through a wireless lan that is controlled by a router. I did not set up the router, but I believe it runs linux. The pfsense website says it is based on OpenBSD, so can I run it in my configuration? If so, how?

    If not, does anyone have any recommendations for a firewall? My laptop is dual boot W7/Ubuntu 12.04 LTS.
     
  2. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,599
    Your post is kind of open ended. What the router is running won't make much difference, especially since it sounds like you don't control it at the Admin level.

    I also use a laptop on linux. I played with pfsense on my laptop but did not have very good experience. Mirimir will likely find this thread and he and I have gone after my laptop with pfsense. Its true its BSD but really to get the value you need dedicated physical hardware which your laptop almost certainly does not have.

    Turning this around though. I am having super luck and solid results running ufw for my firewall. I was "taken back" by command line initially but now I find its really intuitive. You can also go with GUFW depending upon your needs, which you have not spelled out yet. UFW is already on your 12.04 LTS system unless you removed it intentionally.

    Just to give you an idea for what I do. I allow ONLY my vpn providers dns through, firewall block any IP not a designated entry IP for my vpn, restrict any and all internet traffic to the tun0, and default block all incoming and outgoing traffic outside of those parameters. Once you get it down its child's play and yet so powerful.

    So that would be my suggestion for you. It would really help us to give you a steer by knowing what you need to block other than obviously general "bad stuff" while you surf. Linux is almost immune to most of the windows stuff anyway.
     
  3. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    Just to be clear, pfSense is an OS, based on OpenBSD, and not a firewall program. You could run it on the router, or as a VirtualBox VM on your laptop.

    What make/model is the LAN router/firewall? There are pfSense versions for many sorts of hardware. What's the CPU? How much disk or flash storage? How much RAM? pfSense needs less than 500 MB storage, and about 500 MB RAM. It's not very CPU intensive, unless you're running a VPN with over 50 Mbps traffic and/or extreme crypto. It is somewhat picky about NICs. It works best with Intel and Broadcom, and is iffy with some Realtec. And better NICs offload less to CPU.

    You can also run a pfSense VM on your laptop. Basically, you bridge the pfSense WAN adapter to the host NIC, and attach a host-only adapter to the pfSense LAN adapter. Then you set up routing and firewall rules in the host to force all traffic through the host-only adapter, and so through the pfSense VM.
     
  4. lurningcerv

    lurningcerv Registered Member

    Joined:
    Dec 27, 2011
    Posts:
    87
    My router is a Hitron Technologies BVW-3653. I uploaded some specs I got from the online manual, but I see nothing about an OS, CPU, or RAM . . . so far. As you can see, it has a "stateful inspection firewall and intrusion inspection system". Maybe I can make use of that in the near term. I also have a number of old computers in the basement back in the states. When I get back there maybe I can use one of them. I also have at least one old laptop here where I'm located now. It's an Averatec with I think 512MB RAM and I think a 120GB hard drive. It heats up very fast so it may not be able to be always running. The ones I have in the states are newer.
    Some of the firewalls for Linux appear to be able to run from a flash drive. hitron manual snip, bvw-3653 overview.PNG hitron manual snip, bvw-3653 key features.PNG hitron manual snip, bvw-3653 key features 2.PNG
     
  5. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    I've searched some about OpenWrt and DD-Wrt for this device, and find nothing except for questions and requests. But there are several low-cost wireless routers that work well with either or both.

    One of your old PCs is probably adequate for pfSense. And then you could use the BVW-3653 as a wireless AP.
     
Loading...
Thread Status:
Not open for further replies.