PierrevHeumen
Posts: 1
Joined: Fri Jun 09, 2017 12:39 pm

Use Pi as Firewall

Fri Jun 09, 2017 12:46 pm

I'am very new of using a Raspberry Pi, last weekend i installed Pi-Hole on the one i have at home and that is working great. But can i use the same (or other Pi) as a Firewall

epoch1970
Posts: 3781
Joined: Thu May 05, 2016 9:33 am
Location: Paris, France

Re: Use Pi as Firewall

Sat Jun 10, 2017 10:13 am

A Pi can work as a firewall, only not too fast. With Linux you can use iptables or any package built upon that.
AFAIK BSD hardware support for Pi 3 is not complete but I believe one day you'll be able to install something like OPNSense for Pi and get an awesome perimeter firewall for your devices network.

Performance: I would say Pi 3 can switch between networks at about 30mbps sustained. It is IO bound, not CPU bound (at all). As usual wifi performance will be lower than Ethernet.
So you can consider it has wire speed performance if the Pi switches traffic to/form an average speed DSL link, or to/from a small net of low-power devices. If you want it to switch between 2 100mpbs or giga LANs, you will be disappointed; look for specialized hardware instead.
"S'il n'y a pas de solution, c'est qu'il n'y a pas de problème." Les Shadoks, J. Rouxel

tarjei99
Posts: 6
Joined: Wed Aug 23, 2017 3:14 pm

Re: Use Pi as Firewall

Fri Aug 25, 2017 7:29 am

You can try downloading FreeBSD for the RPI3 or RPI2 from http://www.raspbsd.org/.

You could try to install either opnSense or pfSense on that. It might be convoluted. Including having to rename kernels before rebooting after installing. pfSense uses parts from HardenedBSD to harden the kernel. I'm unsure what opnSense does.

It might not be easy until either of these supports the RPI officially with an image.

jahboater
Posts: 4762
Joined: Wed Feb 04, 2015 6:38 pm

Re: Use Pi as Firewall

Fri Aug 25, 2017 7:44 am

epoch1970 wrote:
Sat Jun 10, 2017 10:13 am
Performance: I would say Pi 3 can switch between networks at about 30mbps sustained. It is IO bound, not CPU bound (at all). As usual wifi performance will be lower than Ethernet.
And use a USB ethernet adapter which will give over 3x performance compared to the ethernet port which should give around 95Mbits/sec with iperf.

Code: Select all

$ iperf -c pi
------------------------------------------------------------
Client connecting to pi, TCP port 5001
TCP window size: 85.0 KByte (default)
------------------------------------------------------------
[  3] local 192.168.0.5 port 38516 connected with 192.168.0.80 port 5001
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0-10.0 sec   380 MBytes   318 Mbits/sec
$

epretorious
Posts: 10
Joined: Mon Mar 13, 2017 1:45 am
Location: Portland, Oregon
Contact: Website Twitter

Re: Use Pi as Firewall

Mon Feb 25, 2019 9:43 pm

tarjei99 wrote:
Fri Aug 25, 2017 7:29 am
You can try downloading FreeBSD for the RPI3 or RPI2 from http://www.raspbsd.org/.
FreeBSD-12-RELEASE supports the Raspberry Pi.You can download it from the FreeBSD repositories:

RPi B
https://download.freebsd.org/ftp/releas ... AGES/12.0/
RPi 2
https://download.freebsd.org/ftp/releas ... AGES/12.0/
RPi 3
https://download.freebsd.org/ftp/releas ... AGES/12.0/
tarjei99 wrote:
Fri Aug 25, 2017 7:29 am
You could try to install either opnSense or pfSense on that. It might be convoluted. Including having to rename kernels before rebooting after installing. pfSense uses parts from HardenedBSD to harden the kernel. I'm unsure what opnSense does.
OpenWRT also supports RPi - It supports RPi several of the different Pi models:

https://openwrt.org/toh/raspberry_pi_fo ... spberry_pi

HTH,
Eric Pretorious,
Portland, Oregon

epretorious
Posts: 10
Joined: Mon Mar 13, 2017 1:45 am
Location: Portland, Oregon
Contact: Website Twitter

Re: Use Pi as Firewall

Mon Feb 25, 2019 9:52 pm

jahboater wrote:
Fri Aug 25, 2017 7:44 am
...use a USB ethernet adapter which will give over 3x performance compared to the ethernet port which should give around 95Mbits/sec with iperf.
Thanks, Jeremy!

I'm curious about your results:
  • IIUC: The on-board FastEthernet NIC is connected via the USB bus. Why would a USB-Ethernet adapter provide better throughput than the on-board NIC?
  • Is there a particular adapter that works better than the others?
TIA,
Eric Pretorious,
Portland, Oregon

fruitoftheloom
Posts: 20902
Joined: Tue Mar 25, 2014 12:40 pm
Location: Delightful Dorset

Re: Use Pi as Firewall

Mon Feb 25, 2019 10:25 pm

epretorious wrote:
Mon Feb 25, 2019 9:52 pm
jahboater wrote:
Fri Aug 25, 2017 7:44 am
...use a USB ethernet adapter which will give over 3x performance compared to the ethernet port which should give around 95Mbits/sec with iperf.
Thanks, Jeremy!

I'm curious about your results:
  • IIUC: The on-board FastEthernet NIC is connected via the USB bus. Why would a USB-Ethernet adapter provide better throughput than the on-board NIC?
  • Is there a particular adapter that works better than the others?
TIA,
Eric Pretorious,
Portland, Oregon

The post you are responding to is out of date as we now have a 3B+, but for various test results see:

https://www.jeffgeerling.com/blogs/jeff ... networking
Retired disgracefully.....

Return to “Beginners”