Jan 312018
 
May 2017 – Project Firewall
Over the winter, I grabbed a lower end CPU off of a “Slickdeal” with the intention that I would build a firewall to filter content at home. The Intel G4560 CPU seemed like a good chip with more than enough power for a firewall appliance.  When I started to look at software solutions for the firewall, I determined that Untangle seemed like it had the features and simplicity that I wanted.

 

Untangle Grphs

 

When I picked the remaining hardware for my Untangle firewall, I wanted as small a footprint as possible.  Having previously built a micro-itx system for my Hackintosh, I decided I wanted this system to be as small as possible.  After some research, here is the component list that I ultimately decided to use:

 

The very first time I fired up the system, nothing happened.  Being my first time building such a low powered system (80 watts!), I immediately suspected that the problem was with the power supply.  I ordered a different pico power supply at 160 watts from Amazon, and a few days later I was back where I started.  Turns out that the BIOS revision of the motherboard did not support the G4560 CPU.  $10 and a few days later, I had a new BIOS chip.
 

Loading Untangle was a breeze.  Setup was easy, and everything worked great. Everyone was happy, except the kids – they could no longer get online after lights out.

 

Untangle Firewall

By July, though, the box was having so many errors on the LAN NIC that I had to power cycle the firewall every few days.  The ASRock motherboard was equipped with two NICs.  One was a RealTEK chipset, and the other was an Intel chipset.  I naturally assumed that there would be no problem with either of these due to the fact that they were two recognizable chipset manufacturers with good reputations.  Unfortunately, The Intel i219-V NIC on the Asrock motherboard had the tendency to disconnect and stay disconnected.  Further research seemed to indicate that this particular Intel NIC was a piece of shit.  This didn’t bode well for a firewall. I had to add an external USB NIC.  Of course, USB NICs are not supported by Untangle… Go figure!  Luckily, another user had previously figured out how to get a USB NIC working on Untangle here: Untangle with ASIX-based (AX88179) USB 3.0 Gigabit dongle.

 

Fast forward seven months, and an automatic update killed the USB NIC support, rendering my firewall useless.
I picked up a Linksys WRT1900ACS and loaded Untangle on that.  It’s much less powerful than my previous setup, and doesn’t include all the same Untangle modules (no antivirus, no anti spam, etc), but I don’t use them anyway.  I did notice that 5GHz wifi does not perform as well as it did on my Asus RT-AC86U.

 

Untangle WRT-1900ACS
UPDATE 20180130
I just had my first negative experience with Untangle on the WRT1900ACS.  I was connected in remotely, and decided to rename the wireless network adapters to more suitable names.  I made the adjustment and clicked, ‘save’ and now I am waiting for someone at home to hard boot the device.  So far, I much prefer the original setup, especially where the Linksys unit lacks the RAM to run all of the modules.  I might try and modify the case of the original firewall appliance to accommodate a low profile PCIe NIC, but I’m going to wait and see how reliable the Linksys unit is for a time.  After all, I’m not convinced that the spam/virus modules are important given my mail server is in house, and I don’t run any Windows systems.

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">

(required)

(required)