Monthly Archives: January 2015

pfSense on a WatchGuard Firebox

pfsense

 

I was searching for a new gateway box for my home network and a friend gave me an old Watchguard Firebox Edge x1250e to play.

 

20150109_195346

Unfortunately the factory software that came with the box was old and not so feature-rich but reading trough the interwebs I discovered that you can install pfSense on it.

So I preceded in doing so, with bonus geek points that it involved opening the box, updating the BIOS (with some hoops), the works. In the process I upgraded the RAM to 2Gb (from 512Mb) and the CF card to 4Gb (from 512Mb). Here is laying for the operation, with the innards wide open:

20150109_200010

Everything worked perfectly, I even managed to make good use of the LCD output (via the LCDproc package), and now I have a nice firewall at the gate 🙂

I only need to get a hold of a L-shaped power cord because a standard cable is protruding too much out of the back and I have issues mounting it into the rack.

20150109_204640

The last gripe I still have with it is that I need to figure out how to convince the software to forward the igmp messages trough the VPN. But I like a good challenge.

Later edit: It seems that you need to be more specific than “permit ip any any” to convince pf to let the multicast packets trough. It needs “permit ip any any and also packets with ip options set”.

Later edit 2: It seems that “poor man’s error correction” (aka TCP) is actually working. I no longer have stutters in the multicast IPTV streams. (old solution: PIM over GRE, new solution: OpenVPN with TCP transport, this was actually why I was searching for a new box in the first place). Yay!