Now, Open Source software has been running on routers for quite sometime, however most routers like the Linksys WRT54GL have limited resources. They have limited ram, limited CPU and limited on board storage. This limits greatly what can be done with the router software wise. So, eventually, you run up against a wall with what you can do with the router. Even if you can get the software setup on the router, sometimes it seems like it’s just slow or you wish it was just faster than it is now. David Samms and New World Data Systems based here in Gahanna, a Columbus, OH suburb, aim to change that.
PC Engines is the maker of the ALIX system board this router is based on. Now, as a hacker, you can still buy one of these boards on your own and then figure out how to get some software installed on it like Linux or FreeBSD, but for small companies, non profits and others who have to have a reliable router/firewall and don’t have the time to setup a ALIX board, they usually go to a Linksys or Dlink or something similar . There’s nothing wrong with a Linksys or Dlink, but what if you wanted your router to do more? If you have a WRT54GL, then you can, however those are getting harder to find and even then, they are limited. New World Data Systems has now taken the ALIX 2c1 board and put it in an enclosure with a 802.11g wireless card, a 40 GB hard disk and installed pfSense. The pfSense software is a fork of the m0n0wall. M0n0wall is based on FreeBSD. The pfSense project has taken m0n0wall and added a port of OpenBSD’s packet filter and many other features that are not a part of m0n0wall. What does this mean to you and me? A pfSense based router is probably one of the most powerful and secure routers a small business can use.
As you can see, this router is about the size of most routers made by the big companies.
Here’s a big reason the router is as powerful as it is. This is the 40 GB hard disk used for on board storage.
This is the heart of the router, the ALIX board. The white thing in the middle is the WiFi card.
This is the back of the router. You have a RS232 that you can actually use for booting the router if you want to. Then you have 3 Ethernet jacks and the wireless antenna. The left hand Ethernet jack is for the DMZ port, the middle jack is where you’d hook your Cable Modem or DSL router and then the jack closest to the antenna is where you’d hook a desktop, or another router. You will need to do this if you have more than one non WiFi computer hooked to your network. Note: When you do hook up a switch and the switch has a DHCP server, make sure to turn it off and use the DHCP server built in to pfSense.
Now that you’ve seen the hardware, I’ll cover just some of the features of pfSense as there are way too many to list in this article. The ones I am going to mention are the ones that go beyond the basic home router/firewall. The ones that make pfSense and ALIX better than the ole Linksys I have now retired on my home network.
My favorite feature also happens to be the most sneakiest feature. That would be IMSpector. IMSpector stands for Instant Messenger inspector. IMSpector can log IM’s and messages from the following systems: MSN, ICQ/AIM, Yahoo and even IRC. IMSpector saves all of the IM’s to a text file on the router. It can also insert these IM’s into a mysql database. The router can also run the database. IMSpector can also filter inbound IM’s for language. You can select what you filter by using SSH to get to the router and editing a file called badwords.txt located in /usr/local/etc/imspector/. Now editing this file probably isn’t for the faint of heart as you must use vi. If your not a UNIX geek this isn’t for you, but the default list is likely sufficient for most installations.
My next favorite feature is the one you first see when you log into the router. That’s the dashboard. New as of version 1.2-RC4, which is what New World will be shipping on their routers, the dashboard is the main status page for pfSense. You can add many widgets to the page.
Here we have the main System Information widget and a interface widget and the interface statistic widget.
Now I have added a Traffic Graph widget. These graphs update as your bandwidth usage goes up and down. Handy if you have people on your network that use Bit Torrent. Using results from these graphs, you could also use pfSense to throttle the IP’s on your network that use the most bandwidth via the built in Traffic Shaper feature on pfSense.
Also, you may schedule firewall rules. So you can change your firewall setup automatically. That way you can give machines varying amount of access as the day goes on.
Next up, more pretty pictures!
This is the RRD Graphing feature of pfSense, specifically the quality tab. If I had a ISP outage in the last day, it would show up on this tab. There are also traffic graphs, graphs showing how many packets per second passing through the router and queues.
Also, a nice feature of pfSense is it has the open source proxy server named squid installed. Squid can help you save bandwidth by caching pages you frequently visit. This will help you better utilize your internet connection. Squid also enables you to use squidGuard which for those who have children on their network, can be use to filter your internet connection. SquidGuard will use one of the many freely available blacklists to help keep your network free of questionable content.
Another graphing feature is bandwidth. This provides some similar graphs, but can break it down by IP.
You can also enable the captive portal to have a setup on your wireless network similar to what Tmobile or even your place of employment may have.
There are so many features of pfSense that I can’t cover them all here. There in lays a problem. Is this a router that you can give your mom or dad to use? Well, if they don;t have to configure it, yes! Otherwise, you better have a geek available to set this up. I see this router being used in small businesses, churches and non-profit agencies. These are places where they may want or need the additional power that ALIX+pfsense can give them. Also, New World Data Systems offers commercial support contracts for pfSense and the ALIX Router in case your business needs professional assistance with configuring the router. However, since all software that the ALIX router uses is Open Source, there’s a wealth of information on the internet for those who have tech savvy.
The ALIX Based, LX800-40 and LX800 Router is available today from New World Data Systems.
MSRP: With Hard Disk No Wireless(LX800-40) $250, With Flash Memory No Wireless (LX800) $185, With Hard Disk and WiFi $285(what I tested), With Flash and Wifi $215
What I Like: The ALIX router comes with pfSense, but your not limited to it. You can install m0n0wall and even Linux on the router. It’s a very powerful board and pfSense is the right choice for this device and it’s what I will continue to use on it. You can also patch this as bug fixes come out.
What Needs Improvement: Overall, the only thing I see that needs improvement is more ethernet ports. You need an to add on to this if you have anything beyond ONE PC. Most commercial routers have at least four LAN ports. This is mostly an issue for home users.
Comments Before Crash: