pfSense Box Setup for Home or Small Office

A piece of hardware that is often overlooked in many homes and businesses is the the “edge device” or often just called a router. Many Internet providers will supply their own edge device. This is the first line of defense from those that would do you harm from the Internet to your home or business. I look at it as your first line of security to protect yet give you access to the machines or devices on your network.

I have two reasons for setting up a pfSense box. Since I have heard great things about it, I wanted to try it for myself on my own network to give me confidence to set it up for use in a small office setting. Nothing too large, just a moderate size.


I had to start with an adequate piece of hardware to run pfSense. Since it requires a 64 bit system, I am using one of my newly inherited Dell Optiplex 745 machines. As far as specifications go, it is at the bottom end of the recommended specifications to run pfSense but the plan for this isn’t anything real intense.

Specs That Matter

  • CPU Intel Core 2 Duo 6300 @ 1.86Ghz
  • 2.0 GB of DDR2 SDRAM
  • 160 GiB HDD


Since this machine only comes equipped with a single Ethernet port, I had to purchase a half-height Gigabit Ethernet adapter to put in the one available PCI slot in this machine. The slot will only accept a PCI or PCI-X card which was actually more difficult to find than I originally anticipated. Full height, easy, half height, not so much.

ethernet card 1 gb

This particular unit came with two plate options. Changing out the plate consisted of removing two screw, separating the plate from the card and replacing it with the other plate. There wasn’t a bit of complexity to it.


The machine has one PCI slot in it but there was a card with a COM port and PS/2 port on a card attached via ribbon cable to the main board that had to be removed first. I inserted the card, started it up and jumped in the BIOS to make sure it was recognized.

ethernet registered in pci slot

Since it was recognized, I was ready to move on to the software portion of this little tech adventure.

There really wasn’t much to do in configuring the hardware. The only major change I made to the configuration, outside of adding the second Ethernet card was to ensure that the machine would boot upon being powered. This is assuming that should the machine loses power due to power failure, it will boot upon power being restored.

Downloading the Software

From the pfSense download page I chose the AMD64 memstick version to put on a Dell Optiplex 745. It should be noted that the memstick version cannot be written using SUSE Studio Imagewriter. For more information on writing images:

Conduct Checksum on the Downloaded Image

Since the the time of installation, the version I downloaded to install was: pfSense-CE-memstick-2.4.4-RELEASE-p1-amd64.img.gz. The key point here is it is the amd64 version to correspond with my hardware.

Next I downloaded the corresponding sha256 file from here so that I could do the appropriate checksum action and ensure that it is a good download. I have noticed on most sites, it seems as though that is just an expected understanding without much explanation, outside of the openSUSE download page, that is.

I Put the downloads in the same folder and ran this:

sha246sum -c  pfSense-CE-memstick-2.4.4-RELEASE-p1-amd64.img.gz.sha256

The response was:

pfSense-CE-memstick-2.4.4-RELEASE-p1-amd64.img.gz: OK

Which means that it was good to go. I haven’t seen anything other than OK so I couldn’t tell you what it’s like to not have an OK. Then either your image or the sha256 is not right and need to be downloaded again.

Writing to USB Drive

The instructions recommended erasing the disk partition table before writing. I haven’t done this step before writing to a flash drive but who am I to argue with the developers?

sudo dd if=/dev/zero of=/dev/sdX bs=1M count=1

In my case, the drive is sdd, be very, VERY careful to not wipe out any of your other drives so pay close attention to what you are doing. To find out what the device name is of your USB drive, insert the drive into a USB port and run in terminal


Look for the latest entry corresponding to the USB device you just plugged in. It should read /dev/sdb or something of that nature. If you are unsure, ask somebody. There are plenty of helpful folks out there. Feel free to contact me directly and I’ll do my best to help you out.

The next thing to do is to install the image onto the USB drive.

sudo gzip -dc ./pfSense-CE-memstick-2.4.4-RELEASE-p1-amd64.img.gz | sudo dd of=/dev/sdX bs=1M

Replace /dev/sdX with the appropriate drive identification. Also note the version of pfSense is a moving target, so an exact copy from above is probably not going to be valid for long.


The installation is very straight forward on pfSense. Just like any Linux distribution, once you have it on the USB media, and the machine boots from the drive, follow the directions. In this case, I am getting a warning about my system battery voltage which I will address later. Once it boots into a nice ASCII art menu, select 1 to Boot Multi User, which is default.

On a kind of funny note, the legal notice, pfSense is a federally registered trademark of Electric Sheep Fencing LLC.” I’d like the background story on that LLC name. After you accept you are given 3 options. Install being the key option here.

Next you will set the keymap and you will be asked how you would like to partition your disk. I chose to use the Guided Disk Setup because it’s my first time and this is a reasonable course of action.

Since I have no reason to use the disk for anything but pfSense, it was reasonable to select to use the entire disk. Graciously, you are warned that this will erase the disk and wants a confirmation to proceed.

Next you are asked for the partition scheme of which I chose MBR as this is “Bootable on most x86 systems. You are then given another opportunity to review the disk setup and make any modificaitons. Since I have no experience with pfSense and altering any preferences. I left the defaults be.

Once you select Finish you are given one final warning to Commit with a clear warning of your actions.

The installation will proceed, first, “fetching” the distribution files than extracting them.

After the installation is complete you are asked if you want to make any further changes, the selection defaulted to No so I just proceeded from there and rebooted.

I was again reminded about my low voltage system battery before the boot screen to which the default works perfectly.

The boot process is much like what I am used to seeing in Linux so it was interesting to watch and see the slightly different syntax.

On the initial boot, you are given a series of questions to define the interfaces. One which faces the scary internet (WAN), and the other that faces the internal network (LAN). The first question is to set up VLANs, I have no need for such a thing so I entered, N.

Next I selected the interface I wanted to be the WAN. Since I know the hardware I installed, I selected the appropriate NIC. Ultimately, it doesn’t really matter on this setup. If I had more than one NIC for the LAN, that would change things.

Next, I set up the LAN and confirmed the configuration.

When that is complete, it will write the configuration to disk.

When the configuration was completed, I decided I wanted to change the LAN side IP address. This can be done by selecting 2. You are then asked which interface you want to configure, in my case, the LAN is option 2.

I set the IP address then the subnet mask per my network preference.

I didn’t set an IPv6 address because… why? Then the DHCP Range. In my case to 150 DHCP addresses is more than enough for my purposes… for now.

pfSense will ask if you want to reroute the webConfigurator protocol, which YES to that seems like the most reasonable answer. Then you will be dumped back into the main menu.

I reset the Admin password for the webConfigurator, mostly because I didn’t remember setting it to begin with and wanted to get into it.

pfSense-37-Reset webConfigurator Password

My first order of business when logging in to the web configuration utility was to change the theme to a dark theme. I just don’t care for how light the default theme is. Of course, this is just my personal preference.

pfSense-41-Dark Theme

That’s it, you now have a functional pfSense box, but there was one more bit if business in order to be satisfied with the system. Local DNS name resolution.

Configuring DNS

A feature that is absolutely required for me is the ability to have local hostname resolution within my network. All my machines are named something I can remember so I can easily access them ussing SSH for remote access or file transfer. It is not quite as straight forward to do in pfSense as it is with DD-WRT but here are the resources I used to figure it out:

There was some fiddling to get it to go but here are the take aways:

pfSense-40-Disable DNS Forwarder

On the General Setup page, you have to Uncheck Disable DNS Forwarder. Save your changes. Then navigate to Services > DNS Forwarder.

pfSense-39-DNS Forwarder

There you need to Enable DNS forwarder and Register DHCP leases in DNS Forwarder. Be sure to save the changes. If not you will have to repeat your steps.

I was able to test that the local DNS name resolution worked as I would expect and was thrilled that something I touched actually worked and without banging my head against the wall.

pfSense-38-Testing Network

Adding a Wireless Access Point

A working edge device is great but who wires anything up these days? I had to put in a wireless access point. I took the previous edge device my Linksys E2000 and set the device to DHCP Forward to the IP address of the pfSense box. I plugged the ethernet port from the switch into one of the LAN (not the WAN) port of the E2000 and it worked as expected. You can turn the WAN port to be on the same VLAN within the Linksys E2000 but that is a discussion for another blathering or you can search that one out yourself.

Final Thoughts

pfSense is a really quite easy to set up and use. I will say,the hardest part of the project is writing the installation media. I have power cycled and added other users as administrators and it all works fantastically well. This truly is a fine BSD based operating system distribution.

If you have home or office networking requirements that a consumer grade edge device cannot handle, this is a low cost way of implementing one. I didn’t end up using this device for my house. After using it, I saw a greater need for this to be at my church and I ended up using IPFire for home, which is also quite good but I think in many ways, pfSense is a more polished and professional product and possibly better suited for a larger environment. I am not a network professional so take that opinion for what it’s worth.

This project has spurred on a few other future projects for the network in which it sits. More to come on that.

Further Reading

Flashing Linksys E2000 Router with DD-WRT

IPFire | Open Source, Linux based, Firewall, Install and Configuration


Network Diagramming with LibreOffice Draw on openSUSE

So, the title could be “Network Diagramming with LibreOffice Draw on whatever operating system” but since I use openSUSE primarily, there you go. I know it works on openSUSE, I can’t say for sure if it will work for you. Chances are it will.

The Problem

I spent some time last week making improvements to the network at my church this isn’t my first project there that is computer related. I also recently set up a Dell Inspiron as a Low Budget Multimedia Machine with openSUSE Leap and a RaspberryPi for slideshow announcements. The big irritation with doing any tech projects has been the network. It has been a smattering of routers in an ad-hoc manor. In fixing this, I needed a way to document it properly.

I looked at few pieces of software but didn’t like either the price or the operating system selection. Then I thought… LibreOffice Draw… I know that I can make boxes and connecting lines. Maybe there are some images I can find?

The Solution

The goal here is to make me less important in this project and try to get others on board so that, should I get hit by the proverbial bus, someone else is going to have to take control and need to know what is where and how to access it.

Searching around the World Wide Web, I found this shape gallery from that has the images I need to put together a basic network diagram to show how things are laid out. At the bottom of the page, I selected VRTnetworkequipment_1.2.0-oo.oxt LibreOffice. Your version may vary, especially if you aren’t using openSUSE.

Installing this gallery of images is trivial, locate the download and open it with LibreOffice.

VRT Network Equipment OXT.png

The filetype should already be associated. Select okay to confirm installation and you are done.

I made a simple diagram to communicate the layout of the network, it is a rough drawing and I don’t really know what I am doing but it is a simple visual that is a “good start”.

LMCC Network Diagram-01.png

I at lest now have a basic visual as a frame of reference, and in the Lean Product Development, world a visual reference helps to identify Knowledge Gaps.

What I like

I didn’t have to go out and buy new software. I simply had to download an add-on to existing software, LibreOffice Draw. Adding the graphic components to LibreOffice was simple, download and run to install.

Using LibreOffice Draw is intuitive. It’s all drag and drop. You find the image you want that is now installed, click and drag it onto the

What I Don’t Like

There isn’t a text box immediately below or beside that is tied to the image for description of the component. It’s not a big deal as click-dragging to create a selection box around the objects to move them multiple items around works just as well. This is just being picky, really.

How It’s Working Out

I was able to create a “Phase 1” of the network plan and begin a course of action for the “Phase 2” of the network upgrades. Using Draw helps me to be able to communicate with the real network professional, my brother-in-law, so that we are aligned on where network is at, and where it needs to go. The next phases are almost entirely over my head but I will gladly help document what is done using this tool and others.

Final Thoughts

I spent a lot of time looking for software solutions, played with one other but realized that LibreOffice Draw can do the job quite nicely at the price I can afford. It is a testament to the LibreOffice Project and all the work that has gone into it. It reminds me that I should donate to the project to do my part to help keep it going.

Further Reading Site

LibreOffice Site

LibreOffice Network Gallary Images from

IPFire | Open Source, Linux based, Firewall, Install and Configuration


I started searching for an edge device solution for my home I could put on x86 hardware after my Linksys E2000 started giving me problems. Initially, I was going with pfSense and set a machine up for that purpose but I came upon 7 32bit Dell Optiplex GX620 machine so I looked for a suitable solution. I wanted to make one of these an edge device. After all, they have more horsepower than any consumer based MIPS or ARM Router / Firewalls. After some searching, testing, more searching and testing, my solution is IPFire. IPFire, in short, could be considered the Linux version of the FreeBSD based pfSense. An Open Source firewall based on Linux that is easy to use, high performant and extensible which makes it usable to a large audience.

The documentation on this project needs some help, it took me some trial and error along with muddling my way through areas I didn’t fully understand to get it set up exactly as I want. Also note, immediately before starting this IPFire project, I set up a pfSense box so my expectations were now set. This is not a comparison to pfSense; that is another project of which is in progress.

This will hopefully help bridge some of the knowledge gaps you may have should you decide to try IPFire and an example of what works for me.


To begin the process, I downloaded the IPfire from here:

Should you be viewing this at a much later date, as in after a new version release click here and select Download from the menu.

I chose the flash image, I could have used the ISO, if I would have removed the drive and written the image directly to that drive. I think I may end up using this method for a future project. More on that later.

To match my hardware situation, I downloaded the 32 bit version of the Flash Image

Once downloaded I verified the image checksum

sha256sum ipfire-2.21.2gb-ext4.i586-full-core126.img.xz

Which gave me the output

0f8dc980103c733c7e236967ed35a3ce5cf847448f2b4e7c848220b334fddd38 ipfire-2.21.2gb-ext4.i586-full-core126.img.xz

Next I extracted the archive.

tar -xf ipfire-2.21.2gb-ext4.i586-full-core126.img.xz

In order to write the image to the flash drive, I had to check to see what drive I used the dd command as I would have done with pfSense. The instructions for installation where a little light and perhaps I need to help out with it.

In order to flash it to the drive, I first checked to ensure that I wrote it to the correct drive, I plugged in the drive and ran in terminal.


In the last few lines, I was able to identify the drive.


Once extracted, I installed it, using

sudo dd if=ipfire-2.21.2gb-ext4.i586-full-core126.img of=/dev/sdd bs=16k

In only a few moments, the drive was ready for me to begin the installation.

Hardware Setup

ipfire hardware testingUsing 32bit Dell Optiplex GX620, I added an additional Ethernet Card. All I had on hand was a 100 Mbps device. The built in Ethernet Interface is a 1 Gbps so I decided to make that my internal side and the 100 Mbps NIC the external facing side as my max speed is around 60 Mbps.

My modem did make it known that it was not connected to a Gigabit device but until my speeds increase beyond 100 Mbps, I have no intention on changing it out.

The other work this computer needed was a new clock battery a CR2032 lithium button cell. I learned that the Dell Optiplex GX620 will not even boot with a dead clock battery

I had to make a few changes in the BIOS. One is to boot on AC restore so that should I lose power, it would boot as soon as power is restored.


The installation is fairly straight forward, so long as you have a basic understanding of what you want from your Local Area Network. Once your hardware is set, basically any computer with two NICs. The installation can commence.

Just a note, there is a mixture of camera photos of actual installation and VM installation. I should probably invest in a capture card at some point.

ipfire-01-1-boot screen

The first step is to install the Firewall Solution. You start with your language selection than to start installation.

You have one option on each of the next two screens, to agree to the license agreement and to delete all the data. Pictured below is the “VBOX” hard disk but I had a similar situation with the actual hardware.

In this process, you really only have one decision to make, to choose your file system. I chose ext4, because I know it is well tested and since it was first on the list, I wanted to start there.

After the system is installed you need to reboot to begin the configuration process.


This is a very minimal Linux distribution… is it s a distribution? I don’t know if you call it that but it is a desktop-less interface so there is not much to install.

Basic Configuration

After the installation you have to complete the basic configuration. What took me a bit to understand was some of the IPFire-isms. For my two NIC setup, there is the Red and Green networks. More on that in a bit.

To start off, set your keyboard and Timezone.

Then your machine Hostname and Domain name.

You will have to set your root and admin passwords. From my experience in using it, the root user is for anything you do in the terminal and the admin is for the web interface. I am not able to ssh using the admin, nor am I able to log into the web interface with root.

The Network configuration menu portion of the install was a bit confusing for me at first. Here is where you must understand what the Red and Green networks do. If I had more than 2 NICs I would have played with the other settings.

The next section is the Drivers and card assignments. It is here that you will decide what NIC is Green and Red.

First I set the Green Network hardware. In my case, I wanted to use the Gigabit NIC on my internal network with my slower 100 Megabit NIC facing the modem to the Internet. This card is not going to be my bottle neck, my provider is still the bottle neck.

ipfire-14-card assignments

The Address settings will define the properties of your NICs.

I started with the Green interface, my internal network. I set the IP address and Network mask here.

The final bit to the Address settings is the Red interface, facing the Internet. My provider requires I set up my device to receive a DHCP address.

The last step is the DNS and Gateway settings. The only setting I filled in was the Primary DNS. Which, to my understanding, needs to be set for local hostname resolution. My primary DNS server is also the address of the IPFire device.

The last step is to Configure the DHCP server. In my case, I set the DHCP range from to My domain name, which was given earlier, was set already filled in.

That is it. Once rebooted, I could now further refine the configuration through the web interface.

First Run and Testing

The Web interface is quite straight forward. It will take some time of clicking around to become acquainted with all the options and once you think you have figured it out, you will find that you forgot where you just found the options you wanted. Not due to any lack of organization but rather due to the great number of options.

ipfire-25-system home

There are many, many, many features to highlight with IPFire. I will just show the bits that I find interesting. Even though I have 17 devices connected in my network with quite a few intrusion detection rules. The 16 year old 32 bit CPU doesn’t seem to be under any kind of stress.

ipfire-26-cpu graph

It is also worth noting that

ipfire-27-memory graphipfire-28-network utilization

Local Name Resolution

My most important feature of a Firewall, Router, etc system is that I have local name resolution. I spend a lot of time in the terminal and I also use Secure Shell for file transferring so it is important that I can address my computers by hostname and not have to figure out what the IP address is. Here is how you do it.

Under DHCP Configuration, ensure that the Primary DNS is set to the the the IPFire device… which is also your DHCP Server as well. It must also be noted that it did take a little while for IPFire to build the IP Tables for me to address the computers by hostname.

ipfire-29-dhcp configuration

DHCP Forwarding from the Access Point

I had no intention of discarding the Linksys E2000 that had been faithfully running my home network. I have chosen to keep it on the wireless as an Access Point.

This was done by setting the Access Point IP, Netmask and the DCHP Type is DHCP Forwarder to the address of the IPFire machine.

linksys e2000 network setup

That was literally all I had to do and my network was functioning the same as before but more efficiently. Interestingly, if I plug into the AP Ethernet Ports, it acts as a switch or wired access point. Very handy.

Intrusion Detection System

The features that I wasn’t looking for that made me pretty excited was this system of rules you can activate to harden your firewall.

For more inormation about it, you can navigate here and read away.

ipfire-30-intrusion detection system 1

There are some options as to which rule sets you choose. You can go with community rules or registered rules. I chose the Community Rules. I don’t know yet if they are working as expected but I’m sure I’ll find out soon enough.

ipfire-30-intrusion detection system 2

Future Project

Though I don’t have any performance issues with this aged 32 bit hardware, my only issue is the age of the SATA drive sitting in its bowels. It has passed the SMART test but I want to replace it with an SSD before it fails. It will also be interesting to see if I can properly backup all my settings and restore the configurations to the new drive when I make the upgrade.

For now, I am satisfied with my network as it is but I am also considering getting another NIC upon which to put all of my IoT devices. I generally distrust IoT and segregation is good for these useful yet potentially troublesome machines.

Final Thoughts

Looking back, I started to have problems with my Linksys E2000 in early fall of 2018. I wasn’t sure of the trigger but the router eventually required an intervention shortly before Thanksgiving. Things seemed fine for a while until I added my Kitchen Command Center in December. I would periodically have buffering and network slow downs. I was especially noticeable when I had guests. Running CAT5 to several machines did help somewhat but it pretty obvious the router was operating at levels slightly beyond it’s capability. The router’s average load was high, and that poor little device was doing just a bit too much. Firewall, router, DHCP Server, DNS Server and wireless access point was just a bit too much for that MIPS16 powered device. I didn’t eliminate this router, I reduced its responsibilities to just being an Access Point and now my home network functions fantastically well.

This was a very satisfying project worth every penny I spent on it… which was about 1 gallon of diesel to pick up the hardware. I am not a network guy but I can muddle my way through. If I have made any obviously egregious errors, feel free to let me know by commenting or sending me an email so that I can learn a little and not steer anyone else wrong.

Further Reading Home General Intent

pfSense Project

Flashing Linksys E2000 Router with DD-WRT

Flashing Linksys E2000 Router with DD-WRT

No Network.png

When it comes to home networking, I have lost some “Geek Points” in the last few years. In general, I don’t find all the bits that go into networking all that interesting, I know the basics, have had my network doing what I want it to do and have basically neglected it for some time. If I need real help I will lean on my brother in-law to help me sort out the netmasks or routing tables or whatever else by which I am less excited. To the level I have come to understand I have gotten what I needed working so why think about it… That was until my router, already running DD-WRT, started to give me some problems.

Using I was only getting 12 Mbps on the Wireless and around 70 Mbps on the wired Ethernet. This was becoming increasingly annoying as most of my work requires reliable internet connection so I started running CAT5 to each computer in my SuperCubicle plus one extra for a future project.

Productivity had been restored, so long as I was wired. Then one morning the wireless just stopped altogether. The wired Ethernet was still routing but the traffic on the wireless just stopped routing traffic all together.


Linksys E2000.png
Linksys E2000

Not a very complex network and would have been something great 8 years ago for a home network but today, the idiom “long in the tooth” would be an understatement. I have a DOCSIS 3 Modem, which is new and trouble free that is connected to a Linksys E2000 router running DD-WRT. Attached to that is a Linksys 16-port EZXS16W switch. From that switch there are about 10 ports used up.


Linksys EZXS16W
Linksys EZXS16W 16-Port Switch

In order to bring the wirless back up, I tried to adjust some of the settings and nothing seemed to save. It was like it was working and not working in the same stroke. Rebooting the router didn’t change anything, it was still in a kind of undead state. I was unsuccessful with everything I tried. I saw only one option, factory reset the router and upgrade the firmware.

Firmware Flashing Complications

Using the DD-WRT Router Database I searched for the Linksys E2000 and downloaded the latest “Mega” firmware. Based on my understanding and referencing the wiki page, I just needed to update the firmware with the latest “Mega”. I did the initial attempt at flashing the firmware with the Falkon browser, it didn’t take. I got the “Flash Failed” error. I did it again but disabling the Ad Blocker thinking that might have been the problem but it still didn’t work. I tried Firefox and the Konqueror browser. All failed.

I downloaded the “Big” version and tried it again but with no success. What finally worked was upgrading with the DD-WRT: Factory Flash dd-wrt.v24-37305_NEWD-2_K2.6_mini-e2000.bin (at the time of writing, November 2018).

This flash was successful a since I didn’t need any of those extended features, the Mini was plenty good for what I need to do with it, at least for the short term.

Features I use

I don’t have a whole lot of requirements for my router at this time. What is important to me are the following features less common in typical consumer wireless router / switch / firewall / gateways:


DNSmasq is a local DNS server. It will resolve all host names known to the router from dhcp (dynamic and static) as well as forwarding and caching DNS entries from remote DNS servers. Local DNS enables DHCP clients on the LAN to resolve static and dynamic DHCP hostnames. This is especially important when communicating with computers through the terminal or doing SFTP transfers. Rather than typing out the IP address, I can just type the computer’s hostname.

DHCP Static Lease

I have a few devices on my network that it is important that the IP address doesn’t change, specifically my HP OfficeJet All-In-One printer and my server.


I like to set a LAN domain, not really a necessity but I like to have one for fun and fashion.

Next Steps

My home network hardware is aging and needs several upgrades. I think I am going to start with a pfSense Box probably use some sort of older x86 machine with a couple NICs, use the current router as a Wireless Access Point then look at changing out my 16-port switch to some sort of Gigabit Switch with about the same number of ports. Judging by my cursory review of the setup and features, I will have to make a significant time investment.

Network Cable Nest.jpg

Final Thoughts

It is remarkable how quickly one’s morning priorities can change when the network becomes largely inoperable. It is also remarkable how quickly it seems like your network components age when you are not thinking about it.

This little “breakdown” has inspired me to begin making the changes to my network. Future blatherings to come from this as I make the upgrades and figure out what works best for my home network.

Further Reading

Linksys E2000 DD-WRT Wiki page