Can I repurpose an outdated gaming machine to be a home networking firewall with Linux and pfSense

[DubberDewski]

So I wanted to turn an old computer into firewall hardware. Could I use the input connection on the motherboard to utilize the hardware on the computer and output on a PCIE NIC to my router while running pfSense on Linux? or would it be better to sell my computer and get an open platform device to manage it? I don't use it and the socket isn't upgradable. I would have to replace the whole computer for more modern performance but it still handles r6s on ultrawide monitor and medium high settings 1080p.

AM3+ FX 6 core 3.9ghz 6350
16gb of G.Skill Ribjaws DDR3 memory
120gb SSD for OS and immediate games (currently, might update to NVMe)
Asus GTX 770 2gb
1tb of HDD
750w PSU
Asus Sabertooth 990fx (Realtek RTL8111F 1000 Mbit Support for IPMI: No)

 

[DubberDewski]

I have a feeling I can, but I guess I'm asking the networking vets to explain if it would add too much latency on my home network to be worth it, when I could just sell the computer and get a small configurable option that is made specifically for being a firewall. The specs don't seem to be too different compared to the open source and AIO options the have out there and I think it would be cool to use my old computer as a fun and useful appliance to protect my internet. But if it is just better to sell it to someone who wants to use it normally and get my own firewall hardware, then the advice is welcome!

 

[Tech9]

sell my computer and get an open platform device

Sell or recycle this old computer and get a low power x86 appliance. You may burn the same amount of money in electricity only with this monster. Not to mention the size, weight, fan noise and dust accumulation. Most of it inside is not needed for home pfSense gateway/firewall application.

 

[DubberDewski]

Sell or recycle this old computer and get a low power x86 appliance. You may burn the same amount of money in electricity only with this monster. Not to mention the size, weight, fan noise and dust accumulation. Most of it inside is not needed for home pfSense gateway/firewall application.

Thank you! Yeah, it does make more sense just to opt for something more energy efficient. I'll probably just go with a Protectli Vault or a Netgate 1100 after selling computer and monitor separately.

 

[Tech9]

Keep in mind whatever you use as AP has to support VLANs. Otherwise you won't be able to get simple Guest Network on it. I guess "to my router" means you plan AIO home router as AP. Most don't have user configurable VLANs, you may need 3rd party firmware on it. Better option is proper business class AP with native VLAN support.

 

[DubberDewski]

My TP-Link Archer AXE7800 has an option for IPTV/VLAN. The menu includes IGMP Proxy, IGMP Snooping, IGMP Version, and Wireless Multicast Forwarding. Would I still be able to use it?

 

[Tech9]

No, this is different. IPTV/VLAN is on the WAN side when the ISP has special configuration requirements. This router is good as AIO device for home use. What do you expect to get from additional gateway/firewall in front of it? If you have no experience with pfSense - it will take quite some time to get familiar with it. It's an entire OS with hundreds of options and above average networking knowledge is required to set it up and configure according to your needs.

 

[DubberDewski]

I've taken an interest in networking and want to start small by adding a firewall to my home network. I know you could always just use anti virus or install vpn on everything. There definitely needs a lot of networking knowledge to successfully and thoroughly use all of pfSense and get all of the features it can offer within a home/consumer level network. Enterprise would be wicked! I figured it would be a good idea to throw it out on here to get sensible feedback and I'm glad I did!

 

[Tech9]

Your home router has a built-in firewall. It drops all unsolicited inbound connections by default. You don't need VPN nor Anti-Virus on your gateway. Commercial VPNs don't increase security and packet inspection doesn't see anything SSL encrypted. Home routers offer enough protection for the intended use. Your router has built-in HomeShield option and even though Pro plan is offered as subscription service - it may actually come cheaper than Protectli or Netgate appliance for the entire life of your router.

AXE7800 Tri-Band Wi-Fi 6E Router

Enjoy Wi-Fi 6E connectivity for every device with the tri-band Wi-Fi 6E router Archer AXE95.

www.tp-link.com

TP-Link

HomeShield

www.tp-link.com

I see HomeShield Pro subscription is about $4.60/month with 12-month plan. HomeShield Basic is free.

 

[Maverick009]

If you do not mind getting your hands a little dirty, a basic setup of Pfsense will be fine and you can learn more as you use it towards a daily driver. Just be prepared a little for tech troubleshooting with trial and error.

As for hardware you can go a couple different routes.

1st option - a prebuilt appliance which is good for something already built and configured to the appliance specs. Quick to start with. Cons - Little to no upgrade path and other possible limitations based on network needs.

2nd option - Custom build a Pfsense server. This is something I did and now do not regret it. Pros - You know exactly what is in the hardware and you have room to expand the hardware. Cons - Possibly a slightly higher power bump based on configuration and a little higher entry price (Not always the case though). Other than that, not much.

As for your wireless router, if looking to keep expenses down at start, you can set it into AP mode and plug it up. You can always upgrade to a dedicated Pro AP/Business class AP at any time.

Just to give an example below is my network specs.

Pfsense Firewall - Custom Built Rackmount server running an AMD Ryzen 5700G 8C/16T APU (Video onboard for further cost savings and keeps a PCI-e slot open that would otherwise be used for a graphics card), Asrock B550M Steel Series Motherboard 16GB DDR4-3200Mhz Dual-Channel Memory, 512GB M.2 SSD Drive with ZFS file format, 450W or 550W PSU (cannot remember), 2.5G Port Onboard supplied by motherboard, Intel I350-T4 Quad Gigabit card and Intel X540-T2 Dual 10G card.

1Gb 28 Port TP-Link T1600G Managed switch

2.5G 5 Port + 10G SPF+ 2 Port multigig switch

Asus ROG GT-AX11000 Router running in AP mode.

That is the main heart of my network. I have multiple devices connected with my main gaming PC getting a 2.5G connection and my gaming and media server getting a dedicated 10G connection through the multigig switch. The other 10G connection on the switch connects directly into the 10G port on the X540 card with the other port being used by the Cable modem. I have 2 1G ports of the I350-T4 card running into the 28P 1G Switch. A little more sophisticated setup but you really can build your network just about any way you want customized to your living style and price willing to spend.

 

[DubberDewski]

I actually have an Ubiquiti AP that I've used for a long time. But it's old and a less capable model.

The router actually has an impressive wifi connection. I've seen a video about repurposing routers as AP and then switch for everything else.

I still live with my Parents so I don't plan anything crazy of course until I move out. I might convert the old computer to be a simple game and/or media server. Just between a couple of friends or something. Upgrade later on when I have the space, need, and money for it!

For a firewall, im not entirely sure. The router's software is pretty nice for my laptop, but the VPN and firewall is across all devices individually which makes it ridiculous to download and set up for my parents too. It would be nice to have a simple firewall and VPN setup hooked up hardwired before it even gets to my LAN. So if I do move out, I can just leave it there and they can enjoy those benefits as well.