www.homeseer.com    
 

Go Back   HomeSeer Message Board > General Home Automation > General Home Automation Hardware Discussion > Personal Computers

Personal Computers Discussion area for NON-HomeSeer related discussions on personal computers, hardware and operating systems.

Reply
 
Thread Tools Display Modes
  #81  
Old July 18th, 2017, 10:26 AM
jim@beersman.com jim@beersman.com is offline
Seer
 
Join Date: Jul 2013
Location: Missouri
Posts: 26
Add me to the list
Reply With Quote
  #82  
Old July 18th, 2017, 06:15 PM
cjin cjin is offline
Seer Deluxe
 
Join Date: Oct 2011
Location: new york
Posts: 170
Pete, please add me to the list as well. Thanks. With pfsense would one still need anti virus software on the desktop?
Reply With Quote
  #83  
Old July 18th, 2017, 06:34 PM
ckellyusa's Avatar
ckellyusa ckellyusa is offline
Seer Deluxe
 
Join Date: Aug 2014
Location: DFW
Posts: 148
Pete, add me to the list too please!
Reply With Quote
  #84  
Old July 18th, 2017, 07:48 PM
Pete's Avatar
Pete Pete is offline
OverSeer
 
Join Date: Jan 2001
Location: House
Posts: 15,263
Will do cjin and ckellyusa.

With pfsense would one still need anti virus software on the desktop?

PFSense plugin ClamAV protects the entrance of the Internet to your computers.

PFSense would be a replacement for your currently utilized combo box (except for the wireless pieces). Well on steroids. If you are currently using an ISP provided modem, switch, router, access point, firewall; you can continue to utilize it and put PFSense between it and your homenet (creating a bridge on one port or putting the port utilized in a DMZ).

Here my Comcast Motorola SB6141 connects to incoming cable. It has a USB port and Gb network port on it. The SB6141 connects to the WAN port on the PFSense box. The LAN port on the PFSense box connects to one managed 24 port switch.

You can configure the LAN port in to multiple VLANs such that you could virtual LANs and physically separate LANs.

With such an arrangement you can build a CCTV LAN either as a VLAN or physically separate network. With this you can configure a pin hole from your main lan to your CCTV lan to manage your cameras. There is a lot of flexibility with multiple network ports and using PFSense.

That said it will not protect your computer from a USB stick if it is infected.

I keep MS Essentials running on the older Windows computers. I do not do much at all with the Linux based computers relating to AV.

Here are some packages available for PFSense. These are adds sort of like plugins for PFSense. They are all free.
Attached Images
      
__________________
- Pete

Automator

HS3 Pro & Lite Edition Beta 3.0.0.435

HS3 Wintel Touch | Ubuntu 16.04 64 bit | Oracle Windows Virtual Box ==> for Wintel only SAPI and HS3 plugins | Speech - Microsoft SAPI - Neospeech - Amazon Echo | Hardware | Haswell Intel iSeries 3 - 16Gb | Pine64 - 2Gb computers | Openpeak Intel Atom SoC tabletop touchscreens (15 HS tabletop tablets) | Touchscreens - Windows embedded POE connected |Light switches - X10,UPB, ZWave and Zigbee | Firewall - PFSense - 2 WAN plus 4 LAN interfaces | Network - Gb managed switches / POE WAP(s) | CCTV - Zoneminder IPHD cams - variety | Audio - Russound - AB8SS | Security - Leviton HAI Omni Pro 2 | Weather - Davis Vantage Vue - MeteoStick - WeeWx | 1-Wire - AAG, Midon and HB | OWFS - Mosquitto - Node Red - Python - RPi Stretch - OpenWRT
Reply With Quote
  #85  
Old July 18th, 2017, 08:00 PM
Pete's Avatar
Pete Pete is offline
OverSeer
 
Join Date: Jan 2001
Location: House
Posts: 15,263
more PFSense plugins.
Attached Images
 
Reply With Quote
  #86  
Old July 18th, 2017, 08:32 PM
logbuilder logbuilder is online now
Seer Master
 
Join Date: Nov 2016
Location: Pacific North West
Posts: 676
Here is what appears to be a very active pfSense forum. Hopefully it will be a good resource as some of us get up to speed on a new product.

https://forum.pfsense.org/index.php
Reply With Quote
  #87  
Old July 18th, 2017, 08:47 PM
rmasonjr's Avatar
rmasonjr rmasonjr is online now
OverSeer
 
Join Date: May 2001
Location: Brookhaven, MS USA
Posts: 6,487
Would there be any interest in a pfSense plugin?

If so, I think I'll throw my hat in the ring to develop...
__________________

HS3Pro Running on a Raspberry Pi2 (Raspbian)
64 Z-Wave Nodes, 162 Events, 293 Devices
UPB modules via OMNI plugin/panel
Plugins: Z-Wave, BLRF, OMNI, HSTouch, weatherXML, EasyTrigger
HSTouch Clients: 3 Android, 1 Joggler
Reply With Quote
  #88  
Old July 18th, 2017, 09:49 PM
Rvtravlr's Avatar
Rvtravlr Rvtravlr is offline
Seer Deluxe
 
Join Date: Aug 2013
Location: Reno, Nevada
Posts: 476
Pete,

I've been trying to understand the advantages of having my IP cameras on a VLan. Can you or Randy chime in?

We have 7 cameras running with BI.

Thanks,
__________________
Michael

HS3 Pro 3.0.0.435 | 819 devices | 373 events | OpenSprinkler | BLShutdown | EasyTrigger | NetCAM | Harmony Hub | Sonos | SDJ-Health | BLUPS | PHLocation | BLBackup | BLLock | Z-Wave | weatherXML | Pushover 3P | Blue-Iris |
Reply With Quote
  #89  
Old July 18th, 2017, 09:50 PM
Rvtravlr's Avatar
Rvtravlr Rvtravlr is offline
Seer Deluxe
 
Join Date: Aug 2013
Location: Reno, Nevada
Posts: 476
Quote:
Originally Posted by rmasonjr View Post
Would there be any interest in a pfSense plugin?

If so, I think I'll throw my hat in the ring to develop...
Yaaahhh!
Reply With Quote
  #90  
Old July 18th, 2017, 10:34 PM
waynehead99 waynehead99 is offline
Super Seer
 
Join Date: May 2015
Location: Colorado
Posts: 1,982
Quote:
Originally Posted by Rvtravlr View Post
Pete,



I've been trying to understand the advantages of having my IP cameras on a VLan. Can you or Randy chime in?



We have 7 cameras running with BI.



Thanks,


I have my cams on their own vlan for security reasons. Cams are really chatty and like to call home, and home is generally China. I don't trust that. Also cams are one of the more easier devices to hack into to do bad things, or get the video feed. My camera vlan is completely shut down to everything, except one port opened to my main vlan. I view my cameras remotely using HSTouch as a proxy.

I maintain 3 different vlans currently. One main one for me and my stuff, one for the cameras, and one for guest. The guest one only had access to the internet, nothing else. I also put my iOT devices I have (echos) on the guest network. They get hacked for some reason, I am still safer VS leaving them on the main.
Reply With Quote
  #91  
Old July 18th, 2017, 11:01 PM
Pete's Avatar
Pete Pete is offline
OverSeer
 
Join Date: Jan 2001
Location: House
Posts: 15,263
With 4 ports on the firewall you can also separate the camera network physically without using a VLAN. Same too if you want a guest wireless network.

As Wayne99 mentions above doing the VLAN / autonomous network thing provides a bit more security.

Thank you Rob.
Reply With Quote
  #92  
Old July 19th, 2017, 06:03 AM
Blade's Avatar
Blade Blade is offline
OverSeer
 
Join Date: Aug 2003
Location: Ontario Canada
Posts: 7,417
Please count me in Pete.

I have no idea on how to setup pfsense (not even sure I know everything it can do) but it seems like a good thing to have for security at home.
BTW, what are people using to see all of the traffic on their network like cameras calling home, etc?

I currently have fiber directly to my house so no modem just a fiber box. I use an ASUS RT-N66U router. I have 2 TPlink 16 port switches. I use a Netgear AC1900 Nighthawk for my wifi. I have POE Hikvision cameras as well.

Hopefully there is a setup guide somewhere on how to set it up with all this the best way. I would just like to protect my network the best I can.

Thanks
__________________
Cheers,
Bob
Web site | Help Desk | Feature Requests | Message Board
Reply With Quote
  #93  
Old July 19th, 2017, 08:17 AM
Pete's Avatar
Pete Pete is offline
OverSeer
 
Join Date: Jan 2001
Location: House
Posts: 15,263
PFSense is very easy to test.

That said I am starting a how to guide in the help section. There is are links above to a You Tube set of PFSense instructional videos above which were suggested by LogBuilder.

If you have a spare PC around with two network cards just use the USB stick live boot / installation of PFSense on your home network. Shut off DHCP and you can play around with the menus and gui.
Reply With Quote
  #94  
Old July 19th, 2017, 09:58 AM
Monk's Avatar
Monk Monk is offline
Seer Master
 
Join Date: Jan 2009
Location: USA
Posts: 860
Quote:
Originally Posted by Pete View Post
PFSense is very easy to test.

That said I am starting a how to guide in the help section. There is are links above to a You Tube set of PFSense instructional videos above which were suggested by LogBuilder.

If you have a spare PC around with two network cards just use the USB stick live boot / installation of PFSense on your home network. Shut off DHCP and you can play around with the menus and gui.
Sounds like fun.
Please add me to your list - I'll take one.
Reply With Quote
  #95  
Old July 19th, 2017, 10:04 AM
waynehead99 waynehead99 is offline
Super Seer
 
Join Date: May 2015
Location: Colorado
Posts: 1,982
Quote:
Originally Posted by Blade View Post
Please count me in Pete.



I have no idea on how to setup pfsense (not even sure I know everything it can do) but it seems like a good thing to have for security at home.

BTW, what are people using to see all of the traffic on their network like cameras calling home, etc?



I currently have fiber directly to my house so no modem just a fiber box. I use an ASUS RT-N66U router. I have 2 TPlink 16 port switches. I use a Netgear AC1900 Nighthawk for my wifi. I have POE Hikvision cameras as well.



Hopefully there is a setup guide somewhere on how to set it up with all this the best way. I would just like to protect my network the best I can.



Thanks


Hey Bob, currently I am using a ubiquti edgerouter that I am wanting to replace with pfsense. Nothing wrong with it just outgrowing what it can do. It has pocket counts for each node. I then do wireshark traces (need a managed switch with a mirrored port on your internet connection to do this) to see what traffic is going where.
Reply With Quote
  #96  
Old July 19th, 2017, 02:23 PM
Pete's Avatar
Pete Pete is offline
OverSeer
 
Join Date: Jan 2001
Location: House
Posts: 15,263
Please note that is group purchase is relating to a hardware router device with 4 NIC ports on it. I am trying to do a best buy for the buck here for a nano ITX based appliance of sorts.
Reply With Quote
  #97  
Old July 19th, 2017, 04:25 PM
jim@beersman.com jim@beersman.com is offline
Seer
 
Join Date: Jul 2013
Location: Missouri
Posts: 26
Pete, I notice that the pfsense folks are saying that version 2.5 will require a processor that supports AES-NI. Are you factoring that capability into the specs for this box?
Reply With Quote
  #98  
Old July 19th, 2017, 04:56 PM
Pete's Avatar
Pete Pete is offline
OverSeer
 
Join Date: Jan 2001
Location: House
Posts: 15,263
Right now the commonly utilized CPU in the above look at what is out there relating to nano ITX is an Intel J1900. It is cheaper now and very plentyful.

Intel® Celeron® Processor J1900
2M Cache, up to 2.42 GHz


AND now we are seeing ARM CPUs that also support AES-NI.

I am looking and this will be a price thing especially for a $100 target price goal.

Guessing when PFSense version 2.5 will appear is still a big guess and could be maybe two years up.

Read about it here on the PFSense Forum.

Topic: pfSense 2.5 will only work with AES-NI capable CPUs (Read 9985 times)


and here:

pfSense 2.5 and AES-NI

Are you factoring that capability into the specs for this box?

I am trying...that said everything that looks like the above hardware is using an Intel J1900 that I have found.

BTW relating to ARM cpus the following support AES-NI.

Allwinner:

A10, A20, A30, A31, A80, A83T, H3 and A64 using Security System

Broadcom:

BCM5801/BCM5805/BCM5820 using Security Processor

Tinker toy playing right now is with a micro firewall with a Mediatek MT7620A. Thinking it supports TrueCrypt and that supports AES-NI.

Netgate sells an arm based firewall for $149.

Name:  armfirewall.jpg
Views: 151
Size:  19.8 KB



You asked, we delivered. The new Netgate® SG-1000 microFirewall is a cost-effective, state-of-the-art, ARM®-based, pfSense® Security Gateway appliance. The SG-1000 comes with dual 1Gbps Ethernet ports, enabling maximum throughput exceeding 100Mbps[1]. The ARM Cortex®-A8 in the TI AM3552 SoC and DDR3L RAM combine to facilitate low-power consumption while maintaining performance. The SG-1000 comes in a lightweight and durable anodized aluminum case. It’s credit-card sized form-factor allows it to be easily tucked away, but you’ll be proud to show it off.

The Netgate SG-1000 microFirewall is an inexpensive platform, purpose-built to run pfSense software and can be deployed in many environments: Multi-dwelling units (MDU) such as apartments and dorm rooms, commercial-control applications (SCADA), as well as more traditional small office, home office deployments, or anywhere that security is needed. The SG-1000 is also the ideal security gateway for the Internet of Things (IoT). IoT applications include many remote monitoring applications for smart home/smart cities, commercial automation, energy management, agricultural, and health care. All of these can be deployed with best-in-class network security, safeguarding network connected devices. The Netgate SG-1000 microFirewall is a cost-effective solution to protect devices on your network at the point of connection.

The Netgate SG-1000 microFirewall is better than a build-it-yourself firewall solution. We’ve bundled a year of pfSense Gold; our services bundle that adds auto-config backup, monthly hangouts, and more. Attempting to DIY on something as important as protecting your network can be a risky, time consuming, and expensive process. Get the power and flexibility of pfSense software, the world’s most popular open-source firewall, as a pre-integrated appliance that is robust and ready to go out of the box, all at a low price.

The MikroTik QCA9531 uses a Qualcom single core 850 Mhz CPU with 64Mb of Ram and a propietary in firmware firewall.

I am looking for a multicore cpu with a base ram of 8Gb...plenty to be able to run added service, logging, et al and AES-NI.

Well and PFSense runs on Intel, AMD and ARM CPUs today.

Here is a picture of an ARM based appliance that could be utilized (with with 4 network ports).

Name:  arm1.jpg
Views: 149
Size:  30.6 KB

  • NXP i.MX7 CPU, dual-core Cortex-A7 1GHz
  • Up to 2GB DDR3 and 32GB eMMC
  • 3G/LTE modem, WiFi a/b/g/n, BT 4.1 and ZigBee
  • 2x 1000Mbps Ethernet, 4x USB2, RS485, RS232
  • Support for PoE powered mode

Here is one with a Intel Celeron Processor 3215U (2M Cache, 1.70 GHz, Broadwell) CPU. It is a bit bigger than my target mini pc firewall box.

Name:  celeron.jpg
Views: 149
Size:  45.5 KB

Last edited by Pete; July 19th, 2017 at 05:39 PM.
Reply With Quote
  #99  
Old July 19th, 2017, 05:33 PM
cheeryfool's Avatar
cheeryfool cheeryfool is offline
Super Seer
 
Join Date: Apr 2008
Location: Jersey Shore
Posts: 1,738
For those on FiOS...

I just found this write-up, which seems to address how to use PFSense in front of your Verizon equipment AND preserve all the FiOS services: https://nguvu.org/pfsense/verizon/pfsense-verizon/
__________________
cheeryfool
Reply With Quote
  #100  
Old July 19th, 2017, 06:46 PM
Pete's Avatar
Pete Pete is offline
OverSeer
 
Join Date: Jan 2001
Location: House
Posts: 15,263
Very nice James.

Here Verizon had just connected the old coax to the ONT and feed it to the Verizon combo box. It was many years ago and I did have cat5e going to the old Verizon telephone box outside. So here left the televisions / DVR stb's connected to one network that used coaxial cables to the STBs (motorola did have RJ45 ports at that one the boxes) and put connected one verizon NIC port on a DMZ and connected that port to the firewall.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Using UltraLog3 HSPI Syslog with pfSense Firewall 2.3 Ultrajones UltraLog HSPI 0 February 21st, 2015 06:36 PM
PFSense VPN Tunnel Use Pete How-To's 0 August 21st, 2014 07:09 AM
TI203-RS232 group purchase (Aus TI103) Jumpyj HomeSeer X10 Plug-in 0 December 18th, 2013 05:54 PM
Potential Purchase Interest sckoman ISY Plug-in Beta (3P) 0 December 26th, 2008 05:44 PM
Louisville Group Interest fireball LUG General Discussion 17 February 27th, 2005 02:36 PM


All times are GMT -4. The time now is 03:27 PM.


Copyright HomeSeer Technologies, LLC