Disclaimer: I am by no mean a professional. I am just doing this for fun and enjoy learning along the way (I probably still don’t know anything 🤣). These are not meant as a guide and should not be treated as such. What I am showing you here is what I did, and it worked for me and my situation but might not apply to you. Your result could be very different from mine. Heck, I could be doing or saying something entirely wrong since I’m still considering myself a newbie (Hence the name of my site “noob to networking” 😉). Please don’t take a random person’s words on the internet too seriously, and again, ALWAYS and I mean always do your own research (Well, take this one seriously, though).
Another week another post, I guess. I been very busy with the move and hardly have any times to write, but well, since I did set out to do this challenge, I guess I need to keep it up until the very end 🤷♂️. As I mentioned before, I recently moved into a new place, and what is better than a fresh start to design the new home network? I talked about how I decided to get a 10GbE switch to make my backbone LAN network 10GbE capable. So let’s talk about it, shall we?
What is the internet?
First, I’m sure everyone here already understands the typical home network setup. You subscribed to the internet service provider in the area, and they let you access the internet. Simple enough, right? So how does it work anyway? To put it simply, the internet is just pretty much a bunch of computers connected to each other 🤷♂️ some computers offer services (we called them servers) and computers using the services (which are called clients). So when you are trying to access a website or read this post, you are the client trying to ask the computer hosting the website or my website in particular to serve you the information. Imagine everyone on the internet has an ID where the information will be sent and received from, not unlike in the 90 where mail is a thing, and you will have to know the sender’s home address to be able to send and receive mail from them. The internet worked on the same principle, just a lot faster (a whole lot faster, in fact). Your ID on the internet is the equivalent of the home address, and we use IP (Internet Protocol) address to identify you.
Public IP vs Private IP
There are two types of IP address, private and public. So what is the difference between them? Well, one is public, and one is private, duh 😂. All jokes aside, the public IP is the address assigned to you when you subscribe to the internet service provider (ISP), and that is your ID where you will be using on the internet. Everything that you look at on the internet will show your IP that you are assigned, so they know you are the one requesting the services and communicating with you and not your neighbor 😛. The only issue with public IP is that there is a limited number of them, and the ISP usually only gives you maybe one or two. I’m not sure if it was just me, but I have a lot more than one or two devices that need internet access, and yes, you will need an IP address if you wish to access the internet because if you don’t then, they won’t know where to send the information to, right? Even if you order a pizza, you will need to give them your address to deliver, so this is no exception.
Back to topic, limited public IP address what now? Well, you make more, of course, but how? Simple. Why not just make everything coming from the same address. I mean, it worked just like a mailing address. Your home address can be used by your sister, parents, and your friends if they happen to come by. So we have a private IP address; this IP address is what we call a local address; like inside a household, everyone has a name and a room (this is metaphorical, does not reflect that everyone has their own room). Still, yea, let’s just say in the home, everyone has a corner and a room to call their own, and that is where you will be able to find them. So the mail comes to your home address to your brother. Your mom picked up the mail, saw the name go to your brother’s room, and delivered his mail. Just like that, you can see how everything works now, right? The Local area network (LAN) included all your devices in your home, and each one of them was assigned a private IP. When they want to send or receive messages from the internet, they will send them to a router. The router will then take the messages and forward them to the designated computer on the internet or Wide Area Network (WAN) using the public IP address. When the servers receive the requests, they know who is asking and respond to the message. The message comes back to the router,
What is Pfsense?
Now you see how vital a router is? They are doing all the heavy lifting of bridging between the LAN and WAN, the private/local network, and the public/internet. You also heard how dangerous the internet could be once everyone gets a hold of your address, they can attack you. Hence, the router, other than the task of translating requests of LAN to WAN, also needs to put up a defense against bad actors and malicious requests, which is what we call a firewall. A firewall is simply a set of rules to ensure that reasonable requests come through and bad/malicious requests are blocked before they can harm the local network. PFsense is software (or an operating system) that handles this task. In short, Pfsense is a firewall that handles the routing tasks for the local traffic to make sure everything is working as intended and local network devices are secured from threats outside the local network.
Why Pfsense?
I’m sure for an average person, buying a router/Wi-Fi combo for their home network would be the go-to choice due to the simplicity and ease of use. However, for me, who are concerned about security for my home networking (well, I made a lot of security mistakes too), those routers are not secured enough. There have been multiple reports of vulnerabilities that hackers and bad actors could exploit to breach your defense and let yourself and your network wide open for anyone to be able to attack. Plus, the operating system installed on those devices is very basic, and there are not many options and customization you can do to have complete control of your network. Not to mention how I was obsessed with computer specification, and it bothered me a little. I understand you don’t need a crazy powerful computer for the router, but I couldn’t help myself from going overboard 😅. Pfsense is one of the solutions I found. I can have a decent computer acting as my home network router/firewall, and the specification will be great because I picked a computer myself. Pfsense will just going to be the operating system of said computer. Pfsense is very powerful because it gives you so much control over your network and how you want everything to behave and the best of all is that it is FREE and open source. You can pretty much download and install it on any computer, so if you managed to snag a cheap computer (like I did), you could have a powerful router with just a fraction of the cost 😉 a very tempting option isn’t it.
Well, that all the time I have to write this week. Next week part 2 will be the process of installing Pfsense. It is a straightforward process, but I did say I will try to document the process, didn’t I? I suppose I have to hold on to my words until next week.
-Laz