Firewall with pfsense on a thin client

Thin Client Apr 21, 2020

This being the 1st post, I thought that I should begin with the firewall since it occupies a central position in the network and it is the enabler of a multitude of tasks that otherwise are impossible to accomplish.

At the beginning of 2020, when the need for a firewall was becoming a necessity, I started looking around for a solution. Netgate’s pfsense jumped from the crowd as it was free, well covered in tutorials and how-tos and proven to be one of the best options on the market.

Now that the software was selected, a machine to run things up was needed. Since I have a gigabit fiber connection at home, I wanted something that will not bottleneck the throughput of the network. Searching on eBay for cheap computers that are up to the task, I found a lot of references to a thin client machine from Fujitsu, namely the Futro series. I settled for the S900 model, as it has some impressive power for the size and very frugal in electricity consumption. Yes, about electricity: it consumes 14W on full load. That's about €15/year running 24/7!

So I bought a Fujitsu Futro S900 AMD G-T56N 1,65GHz 4GB Thin Client from eBay at €25. No hard drive included, but Amazon was selling a TCSUNBOW mSATA Mini PCIe 32GB Series SSD Solid State Drive at €14. Besides the storage, the firewall machine needs additional network ports since it has only one gigabit RJ45 on the mainboard. There's a PCI slot on Futro's motherboard but since it's a slim case, a riser card (736TR3230K100) should be used to add a network PCI card. Go for a dual-port NIC, you never know what the future brings.

Futro S900 with riser and NIC
All the hardware needed
pfsense running on Fujitsu Futro S900

So here it is, pfsense installed from a USB key to the mSata drive. Booting from USB required pressing F12 when starting up the computer to select the boot media.

[May 5th, 2020 Update]

As you can see in the screenshot above, the maximum speed that the S900 is capable is 250 Mbps download and 280 Mbps upload. I have no idea why this happens, see that the CPU is at 50%. There are no packages installed to interfere with the throughput. The NIC used is an Intel Pro/1000 MT Server on PCI slot. So if your Internet connection speed is faster than 250 Mbps, don't use this thin client for your pfsense build.
Here is Tom Lawrence showing you how to install and configure pfsense.

Who better than Tom Lawrence to explain the inner workings of pfsense in his videos! Because now that the system works you have a lot of work to do in pfsense to configure the firewall rules, install some nice to have plugins and the fun begins!

To sum it all up, the hardware cost was €50 (plus an intel dual-port NIC that I already had) and it's running at €15/year, in silence! That's some old 2011 hardware put to good use, don't you think?

[Update May 5th, 2020]

Time flies, and so did the S900. I replaced it with the HP T730, you know, because of the need for speed. Here's the post for the new pfsense machine.

Tags

Radu

Since there's no place like 127.0.0.1, I try my best to keep it up to date and add network services using various (mostly old and cheap) network devices.