I have been having some performance issues with my home firewall. Last year I upgraded my networking to use a Cisco e3000 running tomato firmware. This configuration worked well when I paired it with an airport extreme to be the dedicated wireless access point. I had moved to a dedicated wireless AP as we added more wireless devices in the house. This also allowed for my wireless repeater/bridge in the office to have better connections.
Previously in 2009 I had used just a netgear router with DDWRT. This was quickly overpowered by the number of connections I have in my home. I did a quick inventory yesterday to see what the kind of numbers were were talking about. There are about 16 devices using my wireless:
- 2 Nintendo DS
- 2 tablets (ipad, etc..)
- 3 iPhones
- Tivo
- Windows Media center
- 2 wireless cameras
- wireless printer
- 3 Laptops
- Wii
To help with this issue I decided to build a more robust firewall router. This would allow me to shape traffic better and add some QOS rules. I tried a few versions of firewalls.
- Pfsense – http://www.pfsense.org/
- ipcop - http://www.ipcop.org/
- untangled – http://www.untangle.com/
- m0n0wall – http://m0n0.ch/wall/
- smoothwall – http://www.smoothwall.org/
My original intent was to build a low power dedicated server for routing and firewall. I chose an atom processer mini-itx board. I’ll share the hardware info in another post. I thought for sure that I was going to use smoothwall. I had some experience with it in the past. Unfortunately I decided against it in the end. I gave each a shot to be in stalled. Overall, the untangled had the easiest install but I really never got it working. It could have been that I configured the system behind my existing network, but I did not have a good experience once it was setup.
As I said earlier I had intended to use smoothwall. The install did not go well initially. I did not have a CD-ROM on my new system, so I tried to do a usb boot. smoothwall somehow did not install properly. I ended up getting a usb Cd-rom to do the install only to find out that one of the nic cards was not recognized. I decided after that to give monowall a shot. I got half-way through the monowall install and my Cd-Rom failed. I was frustrated enough that I just decided to throw another package on it to try.
I installed pfsense and have not looked back. It is a BSD based application and has been working perfectly. I added a few packages to the system. Ntop – to monitor bandwidth and systems. SQUID proxy for proxying and tracking all web usage.
Overall, the usage of opendns and the proxy has significantly increased web performance at our house.