G-morning,
The opnsense firewall/router was built on an 'old' Mini-PC Intel Atom 1.8GHz 2GB mobo with a Compact Disk of all things but anything with at least 2 nics will be fine. This particular one had 4 nics. I got it for $20 on ebay. Maybe a NUC?
I tried many firewalls and opnsense 'just fit' for me. It puts the /var/logs, etc into ram so it doesn't eat up the file system. It was easy for me to setup.
Yes, OpenWRT can do alot of stuff. I installed a vpn on it so all the traffic going out from it is 'protected' I have been using pihole for many years and love it.
Yes, each layer can do NAT/PAT if needed. I was just showing some possibilities for the OT.
Not to complicate it but I use each section as like a check valve. More protected as it goes deeper. I keep guests and Iot (actually don't use them) at the upper level between the radio modem and the firewall. I don't care what DNS they use or ads they see. My personal network is after the Openwrt router. A poor man's divided network.
See
https://www.grc.com/nat/nat.htm
Steve Litt has some good information on his website for a 'straight BSD' firewall. Just make sure the system and var logs go into ram. I kept having issues until I figured that out on the other firewalls.
I am by no means a network guru, just a hobbyist. My original idea was to be able to change ISP without changing anything on my network. I add things a little at a time.
The wife streams her TV, I have security cameras, an NAS (Truenas core 13) on a separate section and everything purrs along at whopping 4.27Mbps from the ISP.
Other Interesting article:
https://cryptsus.com/blog/edge-openbsd-pf-firewall-securing-the-first-gate-of-your-network.html
Hope this helps
Cheers!
Sent with Proton Mail secure email.
------- Original Message -------
On Wednesday, July 12th, 2023 at 9:57 PM, capercally.bleery670@??? <capercally.bleery670@???> wrote:
> On Thu, Jul 13, 2023 at 12:56:48AM +0000, Charles via Dng wrote:
>
> > My setup = radio modem > opensense firewall > Pihole > Open-WRT
> > router > LAN
>
>
> What hardware for opensense?
>
> I have considered it but on the freebsd lists I have read some
> reports that indicated I'd need a fairly modern amd64 - there is
> some kernel flag needed for running on older ones and opensense
> just disables it IIRC.
>
> The one amd64 system I can spare right now is maybe 12 years old.
>
> Does each of the systems in your setup do an additional NAT/PAT level?
> That would be scary.
>
> --
> Ian
> _______________________________________________
> Dng mailing list
> Dng@???
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng