checkout AnsibleFest ------- red.ht/networkchuck AnsibleFest is a free virtual and immersive experience that brings the entire global automation community together to connect communities and spark collaboration. Typically an in-person event, AnsibleFest was changed to a virtual experience last year due to the pandemic. A virtual environment allows for a larger attendance and expands the conversations to people around the world. EXTENDED VERSION (VLANs and NordVPN): ntck.co/3jXJUqJ LINKS --------------------------------------------------- pfSense Download: www.pfsense.org/download/ PIA on pfSense Official Guide: ntck.co/3tBrvmX turn your old router into an access point: ntck.co/38U2l9J What you (might) need: --------------------------------------------------- Protectli pfSense Router: geni.us/ghLjK (affiliate) NetGate pfSense Appliance: geni.us/CKLzn (affiliate) Switch (supports vlans): geni.us/sympWI (affiliate) 🔥🔥Join the NetworkChuck membership: ntck.co/Premium
I'm wondering if you can install pfSense on a dual ethernet minicomputer. I was looking into making a Perimeter mini server. I guess my issue is throughput for a dual minicomputer. I don't want it to slow down my network too much.
Tom your videos are why I decided to jump in the deep end and start playing with PfSense. Chuck, your videos are why I am studying the CCNA course JUST to administer my HOME NETWORK. LOL. Love your videos!!!!! Thank you.
Dude you are a blast to watch. I have been in Cyber forever and it's rare to come across someone that is both smart and able to communicate in a way folks can digest.
Your content and enthusiasm in creating that content has tremendously motivated me to pursue my dream of working in IT. Because of you, I signed up for an IT degree program, paid for by my employer, and I am hard at work at that as well as working towards IT certifications. Thank you for your dedication!
jokes on you but i'm on my phone...cruising through my data plan... *sees video playing in fucking ultra high 2460p60... *one minute later, suddenly sms from my carrier provider starting with "you have ut..." oh, man...
"The ability to have fun with your network which is AWESOME" - Talk about the ultimate stay single for life statement lol (Great video -will look into)
Love the use of the pen on these fast moving tutorials. So much easier to follow. On some of the others (from others) the screen flips to the next before the viewer sees what was clicked (what the hell did he just do? - Rewind!). A great way to add value to your videos! I'm sold. Thank You.
I've been getting so mad at my Netgear router and so pissed off that I couldn't get my speed or connection issues fixed. Thinking it was my ISP and causing hell with them for months. When I watched your video it hit me, "oh I am the problem". I got myself everything you told me to get (choose a different ap). Everything worked. Literally everything. In one day! I got the speed I wanted, IoT connection issues were gone, and I am the happiest dude in the universe! Thank you for making networking so much fun! I appreciate everything u do!!!!
So you understand the lingo and this still happens?! Lol...Jesus then ppl like me who would always have to do some research after watching any of his videos just to understand what type of hardware/device is that he's describing for 20 mins
Great work. I loved pfSense: I decided to replace an old Gentoo that I could barely administer with pfSense... In my job... With no experience in pfSense... Only following the documentation in 2014 and worked great. After I finish my house, I will replace the router with a tiny pfSense. Thanks for your video, it was really fun to watch you. Best regards from Argentina.
My friend I wish I would have had you as a teach back in college man. You explained this in the most simplest of terms and how everything works at operational levels. I even have mine set up with port forwards for remote access. Best day ever on configuring a pfsense router. Actually my first time ever too. You are the best! I'll be checking out more of what you have on here over time during my intervals of non interruption from everyone wanting help with IT or physical labor lol
The best teachers aren't the best because they know it well. They're the best because they can explain what they do know in simple terms. If you can't explain it to a five year old for them to understand, you're not a good teacher. Chuck is great because he can do it. Love ya, Chuck.
Thank you for clarifying how things actually connect from a hardware sense. Feels like so many helpful nerds assume I’m already a master of the fundamentals but that means there are less opportunities to actually learn the fundamentals lol. I found this super helpful
My girlfriend was mad several times when I was playing with that new toy and overdid it :D... Redundancy and night shift are good thing. Gotta have that coffee!
I really appreciate this channel. The education you recieve and the fact that it's free. Most of all, I love his teaching style i.e. enthusiastic, he loves what he does and it comes across. So many teaches are jaded and act like government employees, meaning it's just a job. I don't take this channel for granted and I'm grateful for it. On a different but not unrelated topic, he makes that coffeee look so good, that I had to go this site and order some for myself.
Agreed, but at the same time, he needs to be to keep the channel going as it's a fun "job" that generates a good chunk of $$ and I bet he gets a ton of freebies along the way.
I just want to say that RUclips technical presenters could learn a lot from you. I love the other sources for deep-tech to be sure, but in comparison to even the "best", I think the balance you have found between providing concise information and the pace of your delivery is excellent, compared to the glacial pace at which most other "tutorial" videos provide their material, excellent as they may be otherwise. I also love the fact that I must pause/repeat during your presentations, rather than wait around for the next connecting concept to emerge from some irrelevant tangent that so many other channels seem to fall into as they attempt to have their material more easily "absorbed". Your delivery is fast, relevant, direct, and structured to be easily comprehensible to beginners, while being an excellent resource for FAST reference by more experienced students of the material, all while remaining very personable. People who do not produce for you will never know the creative process behind videos like yours, with endless decisions to be made about how to structure and present their chosen topic, so I applaud your choices, including the occasional "coffee breaks" and humorous B-rolls that do not interrupt the pacing in any real way. Anyway, thanks; not just for the materials being presented, but for your fast, concise method of video presentation. All training videos should study your method.
Oh My God Chunk, your content is better than my teacher's courses,I wish that my teachers teach like you and make the student love and fall in love with IT. All me respect to you...
Ha, why do you think actual experience is better? It's cause the world's teaching structure is corrupt and their job isn't to teach but program you for their agenda. Not the actual teachers but they better do what they're told or ........ you know
He doesn’t teach with scaffolding or adaptability that allows for advance users or users with learning disabilities. He doesn’t use ASL or allow for non-English speakers and is going way too fast for most students. He lacks training in asking the right questions to young people like what do they think will happen next. He lacks collaboration techniques and is missing visual learning cues. He is not allowing for users who only learn through hands on training because this is just a one-dimensional video. He is not using any Quad D action verbs like evaluate, compose, justify, predict, or invent.
@@kasomoru6 He doesn’t teach with scaffolding or adaptability that allows for advance users or users with learning disabilities. He doesn’t use ASL or allow for non-English speakers and is going way too fast for most students. He lacks training in asking the right questions to young people like what do they think will happen next. He lacks collaboration techniques and is missing visual learning cues. He is not allowing for users who only learn through hands on training because this is just a one-dimensional video. He is not using any Quad D action verbs like evaluate, compose, justify, predict, or invent.
@@ljara3384 It is a video. If it covers things faster than you like you can put it on 1/2 speed or rewatch it a bunch of times. It is the same concept as reading the textbook multiple times until you get it. The video has closed captions which should be plenty for people who are hearing impaired. Especially when they can rewind and replay the video freely. Even assuming there are things he could explain better or in a different way, they may have been glossed over as they are not core to the video. Or they could be topics better suited to a stand alone video or video series. You may not even be his intended audience for the video. Also, key to learning with some kind of hindering disability or impairment is first learning the ways you learn best and then adapting the curriculum to better suit your learning style. It is nice when the teacher does that perfectly for you, but it is not realistic to expect every teacher to do so. You can take the information here and work out your own way of practicing it to perfection that suits your learning style. Perhaps by trying it yourself alongside a pfsense book or with the pfsense online wiki open. It is harder and takes longer, but sometimes that is just what you have to do. I know. I have several learning disabilities / impairments.
teachers have a hard time teaching to everyone. when I was in school, I was always way ahead of the teacher. it's not that the teacher didn't have skill, he knew what I was doing and gave me high marks for it. but in his lecture and curriculum he has to teach people who don't know this stuff. I saw that in my career often. it's one thing to know how to do all this stuff, it's a whole other beast to try to explain it in a way that makes sense to someone who is just getting started. Thing is, nobody every taught me, I was interested and learned how to figure it out. Back in the days of IRC, i was an @ in many channels, because I was engaged, and actively willing to learn. Not because I expected to be taught.
You sir are the teacher I never had in school; you make learning so much fun and simple. I’m going to get on this right now as I use UniFi access points for my wifi as well. Thank you so much
@@leborhal7450 Generation has anything to do with passion. Either they have it or they don't. Blame _____ generation all your want but there are terrible uninspired people in every generation.
I just finished the Google IT Support Cert networking section. I fell in love with it. I can't believe it only took a week and almost everything you did makes sense to me. Like 100%. I'm so buying the exact setup, and will follow along. Then, I promise I will get into trouble lol. Wish me luck. Excellent content. I was thrown off by the guy fawks mask, so glad I clicked on your vids. Great content man
@@freedompioneer4311 I did 3 of the courses in a week. I have a technical background, so I knew some of it. Been programming for 6~ years and always have been a computer nerd
I've been using pfsense for awhile. Idk. Most people may be better off with a generic router. A non-technical user can get oneself in trouble pretty quick, which is then really frustrating when all they want is to browse social media. For folks who like to tweak and upgrade performance, oh no doubt, it's great.
@@Pikachulover1735 if you wanna have a really good router which gets automatically daily updates then buy Turris Omnia 2GB. It's much more user-friendly and also open source.
Agree. Pfsense is a ton of work even if you know networking. There's a big time learning curve, and that doesn't even include learning all the packages. But once you get the hang of it, it's a sick firewall that is free.
His love for coffee, coupled with playing the video at 2x, is awesome! Moreover, nice to see Lawrence Systems chiming in on someone else's video. I like seeing multiple channels checking out and supporting others.
Firstly LOVE your channel. Secondly, thanks to you my home is now protected by pfsense. I converted an old core i5 8gb ram workstation, added an extra lan card for $15, now all my home internet runs through it. Runs pfblocker and SNORT like a breeze. Amazing at all the stuff it detects and blocks. Feels like i have the safest home network in my city.
Just set my pfsense router using the appliances you recommended. Everything is running like a breeze! I appreciate this tutorial video very much thank you!
Great video! One thing I want to add is that I looked into devices like protectli, but you'll trade that nice, small size, for performance. For about the same price, you could get a mini or micro PC that is a good bit more powerful and has better cooling. I ended up with a new Mobo, slightly older i5, 8GB of RAM, threw in an SSD hard drive I had laying around and it blows those mini routers out of the water. I run a point to point VPN, and initially my PFSense box was running a weaker processor and the usage sat around 30-40% at all times. The mid consumer tier intels (older and newer) and some AMDs have built in encryption capabilities that PFSense can use for things like VPN. I bought an i5 off of eBay for about $50 and now my usage rarely goes above 10%. I really have liked PFSense with Unifi access points.
@@matthiaswarlop2316 Either get a motherboard with 2 ethernet ports or add a pcie card. Maybe even a card with multiple ports so I can make a DMZ or something.
Thank you for this video! I recently purchased the Protectli Vault (8gb ram, 120mSATA) and I was a bit lost in the understanding pfsense. You made it not only easier to understand but did it with great humor! If I had you as a network instructor it wouldn't even feel like school. Thanks again!
I just did the same. I have not fully set it up yet. I'd love to share my network diagram and get insight into subnets, vlans, wifi and I may need to replace one or more of my switches. Would love to know what other people's home networks look like and how they set things up.
She wanted to make her Boyfriend go through a VPN , while attributing it a fixed IP, but not allowing it to have an IPV6 (as it's the most used platform to cheat, right?) , or she just felt spied on by ISPs with you...I guess ? :D
We are live. Just did a huge network switch. Hitting 1.4 gbps now thanks to this video. 2.5gbe ports on the appliance. A lot more to learn now. Very exciting. thanks so much!!!!
Hi @NetworkChuck Awesome what you do BTW! What would be very interesting is to go into the details of IPv6 on pfSense (some hints there.. Prefix delegation, Security topics, what should be allowed per default, how to keep track of all the devices, how to allow for certain ports, etc.). In my eyes, this can get very messy really fast.
Great video!! As an old Cisco Pix, Checkpoint Firewall, BayNetworks Networking & Security Engineer, I’m blown away by what pfsense can do these days. I’m long been retired but in the tail end of my career years I was working with pfsense in about 2007 -2009. There were two other products named Untangle & I can’t remember the other name I had worked on for some time testing which were pretty solid at that time also. Now, I no longer get involved much with networking even as hobby but I do occasionally browse to see where things are at like tonight and I’m glad I did. You might have just inspired me to to build a little cube and dump pfsense on it to play with at home. Thank you for this fantastic chock full of info and demonstration. I owe you a cup of joe. 🤟
Great video and walkthrough, wish I had you as my IT instructor you explain things very well! Can’t wait to try this! Enjoyed your enthusiasm and energy!
I'd also love to see info on vlans and external APs & their IPs Thinking of trying to set them up for it (not that I have too many as of yet) and another for 10g network (unless this is supposed to he done different, then maybe a video on that) using the zyxel APs and switches I have.
Great video. Wanted to mention, since you mentioned pfsense can be installed on a virtual machine, I have my pfsense router installed on a virtual machine running on an ESX host and I ran through the config provided by NordVPN, before I saw this video, and I noticed that my traffic would randomly stop routing through the VPN. NordVPN support said they don't support routing traffic through a virtual deployment of pfsense, only hardware installs.
OpenWRT will run on Raspberry PI and offers very similar features. That's what I have for my router now and it made a huge difference on my home network.
I literally just bought one of these last month and am running PFSense on it! I migrated from using on old beat-up dell optiplex to this, and transition was SUPER EASY
@@James-li8cm Same. Currently rocking the 2016 Optiplex with i5 6500, 8GB, and nvme SSD. Power for days and days, but also takes up a lot of space. Might pickup a small Netgate box and put the Optiplex into duty somewhere else.
Hey Chuck, minimizing the single use USB and use Ventoy, Im going to try to see if i can put Pfsense on it an see if i get boot. Thanks for diversifying your content!
Chuck, I love the enthusiasm, you are great teacher. The only concern I have is about the recent reviews for the recommended devices. A large number of users complaining about overheating and not lasting long. What has been you experience since the launch of this video? I've never been this inspired with network. Thanks for your videos.
NOTE: You may have to power cycle a cable modem since it is only capable of leasing out one IP address, and it was already leased to the previous hardware. Power cycling will clear the lease.
Great video. Long but worth it. Would love to see you do a similar video on OpenWRT running on a Raspberry Pi4 (now supported on the latest version of OpenWRT). PfSense is more polished it seems but for me it's amazing to do similar stuff all on a Pi4.
I set that up myself and it worked for 30 mins then started crashing/bogging right down. Maybe it was a bad SD card though, I imagine it shouldn’t be that unstable
Ordered a full on ACER Aspire TC - Desktop Intel Core i5-12400 2.50GHz 12GB RAM 512GB SSD W11H that I now have to open up and install NIC CISCO INTEL i350 UCSC-PCIE-IRJ45 4x ports RJ45 Low Profle to and a Wireless Access point in order to fully join this pfSense community. Thanks NetworkChuck, you've taught me a lot.
Big fan of PfSense, deployed hundreds of them. Personally I use the Ubiquiti Dreammachine Pro now, cheapest way to get SFP+ connections. If you want next-gen firewall protection with Pfsense, you can setup Suricata on it for even better protection.
Hi Ray Recently I started to learn pfsense, but something seems very strange to me.let me know if something is wrong about my config. OK there's lan1 and lan2 and I've set rules that prevent lan2 from reaching lan1 but allow lan1 to reach lan2,everything's fine until while I'm pinging lan2 from lan1(which is ok) try to ping back lan1 from lan2(which is prevented), it works!!!! Like the gate is open for exiting soldiers and the enemy enters simultaneously😂 is this natural? Is this a bug? Or it's something I'm doing wrong? (To be clear all the rules port and source and destination are on any)
That exact router you had in your thumbnail is a great router for a 2 room apartment. Great coverage, even on the balcony. Switched to DDWRT, payed some 15-20$ 5 years ago. Why would I destroy it? (did subscribe to you because of the enthusiasm about networks you show)
For those who find pfsense a bit complicated, ipfire is a great choice. I been running ipfire for many years and switched to running it on a protecli device a year ago. The bad thing about protecli though is many of their lower end devices (2 ports and 4 ports) have many hardware vulnerabilities due to the old intel chips being used. I have the 2 port version and it is plagued with hardware vulnerabilties. Ipfire has a built in checker to check for hardware vulnerabilities unlike pfsense, which is an awesome feature to inspect the hardware to ensure it is not vulnerable. I am working to look at different hardware since my current protecli i bought a year ago has to many hardware vulnerabilities on it now. If you get protecli, get coreboot bios, since all their stuff is made/flashed in china, but at least with coreboot you get opensource firmware vs who knows what extra stuff is included in the china flashed firmware.
WOW! Thank you so much for this video! I wanted to securely route IoT devices separately from my LAN (and growing computer lab lol), and also have access to VPN, and you showed me how to do it all with 1 appliance! I am a network student right now and all of this has given me so much experience! Cannot thank you enough, brother! The vid is 45 mins, my start to finish setup time with an out of the box Protectli was about 4 hours with troubleshooting and just plain ignorance lol.
Sometimes I really wish I could like your videos more than 1 time. You have a very cool way of explaining Networking concepts/Tech and also simplifying everything. Thank you Network Chuck for all you do for the community
One thing I think is neglected on most networks is the use of traffic shaping. On the network I used to run, I could have a couple machines running torrents full blast with zero slowdown for any of the traffic that needed low latency. Traffic shaping is also a great way to get around buffer bloat effects from ISPs using buffers that are much larger than they have any reason to be. If you can shape the whole network's maximum traffic to 95% of your ISP's maximum bandwidth, then you can prevent traffic coming in from or out to the internet bottlenecking on the ISP side because the buffers are overrun.
@@veneratedmortal4369 Of course pings are a low latency packet (like "small packets") and therefore trapped by the low latency set of rules. Of course they'll be prioritized ahead of everything else classed as regular or bulk.
@@harryjohnson615 Monowall, which isn't even the most advanced install-it-yourself router software, and every other router software worth anything will have the ability to prioritize TCP/ACK packets and ping packets ahead of everything else. And that's on top of any of the other benefits of traffic shaping. If your pings and your TCP ACKs are being prioritised at the same level as web browsing and BitTorrent, then your traffic shaper is not doing its job properly. Any router that does not have those features is a router that needs to be upgraded.
@@killermist You're rather missing the point. Your router's traffic shaping is superceded by your ISP's own traffic shaping policies. You might be able to assign the highest priority to an ICMP request within your network but as soon you try to traverse your ISP's backbone they shape and prioritize the traffic and one of the first things to bite the dust when traffic is heavy are ICMP requests because they are not providing a service. Some internet routers are so harsh they just become black hole routers and NEVER respond to ICMP requests
This is a great tutorial, to the point with no fluff or faffing about, plus chapters to refer back to sections easily! Thank you for all the work you put into your videos 🙂
Hey Chuck - just found your videos and they're great! 1 thing tho - I don't think you need the block rule if the PIA gateway goes down. In my experience, the rule you set to push traffic out the gateway will still kick in try to push out and get stuck... (so no traffic gets to internet).
Thanks for this. Other recommendations (including other comments) are for OPNsense as a fork of pfSense. I'm behind an IPv4 CGNAT, but with a /64 IPv6 static allocation. I'd love to see something from you about IPv6 and DHCP/Static/DDNS.
Hi there Dear Friend, after i went to your Chanel , i can confirm i get more some of your knowledge and skills, you for me is like a mentor. I owe you so much from your teachings. Your one of the bests man here, i Salute you. Greetings from BR. (y)
@Mik Müller well, we cannot even start comparing MikroTik with a home router LOL. It has much more than I need or use but I miss a friendly GUI though.
I used to use refurb dell optiplex's with extra NICs to connect branch offices together. I would have loved to see some kind of comparison between PC vs hardware like you used.
What he used is a pc in a small box. You could easily use an older pc as long as it has a way to add a second network port and a reasonable amount of ram. Even a pc a few years old should be adequate.
Thank you for creating this video! I just setup my pfsense on protectli & PIA VPN. One thing, you blotted out your IP addy with your ISP at the 28:00 mark, but when you showed your screen again at the 28:13 minute, you forgot to blot it out there! Maybe time to get a new IP if your ISP didn't already provide you a new one lol! Cheers for this video and thank you @NetworkChuck!
WTH man I was just getting into pfsense these days and was wondering it would be so nice to have network chuck or David bombal make a video on that Lo and behold ♥️♥️
I enjoy all your content. Especially this video. I used it as a guide to setup my home network firewall. I bought their Netgate device and thank you for the walk through.
Great video. One thing I would love to see (maybe a tip for next video) is how to set it up in a way so you don't bridge the ISP router, so it works as your 1st fw and pfsense is your 2nd fw. Hopefully and theoretically increasing the overall security by introducing different layers. Also bit on zoning (family devices in one zone, NAS in another, your rPi web server in another, etc.) in case the sh** hits the fan, would be lovely.
You don't want to give your ISP the first level firewall, you want that control yourself. If you need two layers, deploy two firewalls yourself. You will also run into double NAT problems if you don't bridge your ISP router/modem. Plus the whole point here is that your outside firewall should be more powerful. You will be bottlenecking your connection if you don't bridge.
Mikrotik it's the fairest firewall does everything a pfsense does and more, an RB750gr3 costs $60, with $200 you buy an RB4011iGS+RM (10xGigabit port router with a Quad-core 1.4Ghz CPU, 1GB RAM, SFP+)
I like the specs but does it have plugins like pfsense have? Such as pfblockers, Suricata? Not DNS base blocker. Also manageble IDP, IPS suricata...? Last time a tried years ago, The OS did not have those plugins and the interface was buggy but it might changed. Right?
@@AFiB1999 Currently Mikrotik does DPI (deep packet inspection), but not use signature-based detection, heuristics or machine learning. Having a built in IPS integrated would be great
Very professional, just a suggestion, when you evoke the technical parts, may you go slower to improve understanding for apprentice like me, thank you very much.
@@jeremiahbullfrog9288 if you want an easy fix I'd get the Vilfo VPN router. In my opinion, Vilfo's OS it's A whole lot easier than pfsense's OS. they have documentation on their website but the setup wizard is practically dummy proof in my opinion
@@jeremiahbullfrog9288 also the performance for my gigabit connection is very good over 250 megabits wired OpenVPN and over 600 megabits per second over wireguard (might be higher as I've been having a hard time maxing it out as downloads complete too fast first world problems lol)
You really got the psych down on how to make sure people with ADHD stay focus with the camera pans, my brain is absorbing all the information and I can't look away from the video
Outstanding video. You teaching style is always on point. Would love to see how you integrate your Ubiquiti/Unifi hardware into the mix. Thinking of moving from the UDM-Pro to a Protectli (already have a FW6E) based PFS setup but not quite sure of the best method for getting it to play nice with my current Unifi setup. Thanks again for your great videos!
I really agree on the need for coffee in the IT-environment... :-) But you should mention to put the USB to boot on the lower USB when using for example the FW4B, as (vendor) protectli also recommends. That will save users some headache, luckily I read before trying, but have seen similar issues for other hardware as well. Despite of that, great tutorial.
This is going to be part of my first feat now that we own a forever home; I want to get this running & figure out Virtualization on TrueNas Scale. Haven't tried myself with a major project since leaving IT in 2k6ish. There's a ton of change, I'm in dire need of major Crash Courses. Keep up the Great Work
If you’re worried about your WAN IP getting out, you need to be a little tighter on your editing. There are still sections where its clearly visible when the dashboards start sliding around
Thanks!! Got my Netgate 6100MAX, working! Sweet! 🙂2 separate PIA VPNs through my QNAP QSW-M2116P managed switch on 3 separate VLANs, for my Synology NAS, APs and rest of network. Thanks Chuck!
The option shown here is actually really cheap for a PfSense router. If you were to build a cheap PC with new components, the most expensive part would be the Network Card which has the network interface for SFP+ or RJ45 (usually), they're usually as expensive as a budget GPU at the moment. Intel network cards are pretty much the best, be they Wi-Fi cards for laptops or ethernet network cards for PC/Servers so if possible, get one of those. Ideally you should get a network card with a minimum of 2 interfaces, one for input (from your ONT) and one for output (which goes in your switch), from your switch you can connect to the internet everything, Smart TVs, Wireless Pots, PCs and so on (depending how you made your network structure around the house/company building). Thing is more than 2x RJ45 or SFP+ ports used at the same time, can overload your router's CPU and the network speed will go down so don't think about replacing the cost for a switch with a multiple port network card, it's not gonna be good. As for the CPU and RAM, well, a Pentium is better than a Celeron and are pretty much the same price so get that (for socket LGA1700, those are the latest gen so it's gonna be perfect) and probably 2 sticks of 4GB RAM are gonna be plenty, 3200 MT/s frequency and 22CL to keep things cheap. Use a mITX motherboard for everything and use the stock cooler, so that everything fits in a Cube Tower case, and you can place the router anywhere, it won't be that big, noisy and ugly sitting somewhere in sight.
I appreciate your enthusiasm very much. You inspire me to want to try this. I have a plex server I setup for my family that I want to be able to access outside the home but I also work from home. I feel pretty good when I ingest tech like this but for some reason networking always intimidates me. I despise my ISP outside of the speeds they provide so to be able to check all these boxes makes me really want to do all of this. It's the doubt that is creeping in that is holding me back lol! #goals
You work from home and can’t setup a plex server for remote access? You must be the IT engineer for a public school ….sounds about right.. can you log into your own router…😂😂😂😂😂 I love the IT guys….lmao….wouldn’t know how to pin out a cat 5 cable ….IT guys…….God help us.
checkout AnsibleFest ------- red.ht/networkchuck
AnsibleFest is a free virtual and immersive experience that brings the entire global automation community together to connect communities and spark collaboration. Typically an in-person event, AnsibleFest was changed to a virtual experience last year due to the pandemic. A virtual environment allows for a larger attendance and expands the conversations to people around the world.
EXTENDED VERSION (VLANs and NordVPN): ntck.co/3jXJUqJ
LINKS
---------------------------------------------------
pfSense Download: www.pfsense.org/download/
PIA on pfSense Official Guide: ntck.co/3tBrvmX
turn your old router into an access point: ntck.co/38U2l9J
What you (might) need:
---------------------------------------------------
Protectli pfSense Router: geni.us/ghLjK (affiliate)
NetGate pfSense Appliance: geni.us/CKLzn (affiliate)
Switch (supports vlans): geni.us/sympWI (affiliate)
🔥🔥Join the NetworkChuck membership: ntck.co/Premium
Hey Chuck can you see if I can set 3wans ports ON the SG-3100?
Sir please check your email
I'm wondering if you can install pfSense on a dual ethernet minicomputer. I was looking into making a Perimeter mini server. I guess my issue is throughput for a dual minicomputer. I don't want it to slow down my network too much.
Is it fine to run firewall on a virtual machine inside hyper-v server if I set wan adapter in a virtual switch as inaccessible by host?
Ok everything its ok but where its conversion from ftp or vdsl connection
Nice work, happy to see some more love out there for pfsense and thanks for the shout out about my pfsense videos.
You and Chuck have helped me become a homelabber and I just wanted to say thank you both for your work.
Thanks Tom for all your tutorials . Pfsense rocks
Tom your videos are why I decided to jump in the deep end and start playing with PfSense.
Chuck, your videos are why I am studying the CCNA course JUST to administer my HOME NETWORK. LOL.
Love your videos!!!!! Thank you.
1 comment .:. 2 pfsense props! Both channels are terrific
The United best teachers! 😋 thank you both!
my router is not insecure you leave him alone
He's trying his best, goddammit!
I don’t know how this can be true if you feel the need to defend him. This is a cap free zone.
@@PhoenixUnlimitedbecause the one that’s insecure is me, not my router😂😂
Mine is insecure and very slow
Dude you are a blast to watch. I have been in Cyber forever and it's rare to come across someone that is both smart and able to communicate in a way folks can digest.
...except for the effeminate manbun, you mean.
Attention spans are shorter than ever.
Your content and enthusiasm in creating that content has tremendously motivated me to pursue my dream of working in IT. Because of you, I signed up for an IT degree program, paid for by my employer, and I am hard at work at that as well as working towards IT certifications. Thank you for your dedication!
Him: Get rid of your router now
Video: stops
I must be tired this made me laugh way harder than it should have
hhhhh
lol ,)
Where did it stop for you? It stopped in the middle of the port forwarding segment. lol
jokes on you but i'm on my phone...cruising through my data plan...
*sees video playing in fucking ultra high 2460p60...
*one minute later, suddenly sms from my carrier provider starting with "you have ut..."
oh, man...
I know close to nothing about networking but your sheer excitement made me watch this lol
Wish I had a friend like this dude, imagine the amount of knowledge he could supply you with.
google and read then you could be that friend to someone else.
He want get rid of router , ??? Hmmmm I c f o s
Do u know what would you get as an answer then? Rtfm
@@sc0or huh?
@@romzeek I’ve tried 3 or 4 times )
Thanks! i am a newbie lots of great info !! organized so a newbie can understand!!
"The ability to have fun with your network which is AWESOME" - Talk about the ultimate stay single for life statement lol (Great video -will look into)
The chicks really dig network fun.
Maybe nothing like router hate hackers from hell to motivate to learn.
It's very manic isn't it
I'm only a level 2 virgin, I can't get into this video
Love the use of the pen on these fast moving tutorials. So much easier to follow. On some of the others (from others) the screen flips to the next before the viewer sees what was clicked (what the hell did he just do? - Rewind!). A great way to add value to your videos! I'm sold. Thank You.
I've been getting so mad at my Netgear router and so pissed off that I couldn't get my speed or connection issues fixed. Thinking it was my ISP and causing hell with them for months. When I watched your video it hit me, "oh I am the problem". I got myself everything you told me to get (choose a different ap). Everything worked. Literally everything. In one day! I got the speed I wanted, IoT connection issues were gone, and I am the happiest dude in the universe! Thank you for making networking so much fun! I appreciate everything u do!!!!
Thanks for your informative videos. Here's a small donation to buy more coffees 😄
"it's slow, it's insecure and it's not very fun" wow I can really relate to my router. Didn't realize we had so much in common 😆
😂😂🤗you are funny only bro
I run alternative firmware. ;-)
Most home routers aren't slow though. They're fast. They're just NAT firewalls, but for what they are being used for, they're fast.
Ooh self burn. Those are rare
What I find amazing, is that while watching videos like these, I follow along just fine.. but when I try to do it myself, my mind goes blank ;)
So you understand the lingo and this still happens?! Lol...Jesus then ppl like me who would always have to do some research after watching any of his videos just to understand what type of hardware/device is that he's describing for 20 mins
Great work. I loved pfSense: I decided to replace an old Gentoo that I could barely administer with pfSense... In my job... With no experience in pfSense... Only following the documentation in 2014 and worked great. After I finish my house, I will replace the router with a tiny pfSense. Thanks for your video, it was really fun to watch you. Best regards from Argentina.
Struggled with setup at first, realized I wasn't squinting enough during coffee breaks.. everything works great now..thanks for the help!
😂😂😂😂
First met PfSense about 10 years ago... It seems the interface and possibilities have evolved a lot ! Great video ;-)
My friend I wish I would have had you as a teach back in college man. You explained this in the most simplest of terms and how everything works at operational levels. I even have mine set up with port forwards for remote access. Best day ever on configuring a pfsense router. Actually my first time ever too. You are the best! I'll be checking out more of what you have on here over time during my intervals of non interruption from everyone wanting help with IT or physical labor lol
Does it give you a better internet connection in terms of gaming?
@@ZAND4TSU the same connection as plugging your router into your pc
The best teachers aren't the best because they know it well. They're the best because they can explain what they do know in simple terms. If you can't explain it to a five year old for them to understand, you're not a good teacher. Chuck is great because he can do it. Love ya, Chuck.
Thank you Jedi for your splendid tutorials and your enthusiasm, which has no equal!
Thank you for clarifying how things actually connect from a hardware sense. Feels like so many helpful nerds assume I’m already a master of the fundamentals but that means there are less opportunities to actually learn the fundamentals lol. I found this super helpful
My girlfriend was mad several times when I was playing with that new toy and overdid it :D... Redundancy and night shift are good thing. Gotta have that coffee!
😳
Never use your GF as a toy
Night shift isn't a good thing..your brain neurons might get increased but doesn't work properly..so early birds are good 🐦
@@zakariahamid1361 why
I really appreciate this channel. The education you recieve and the fact that it's free. Most of all, I love his teaching style i.e. enthusiastic, he loves what he does and it comes across. So many teaches are jaded and act like government employees, meaning it's just a job. I don't take this channel for granted and I'm grateful for it. On a different but not unrelated topic, he makes that coffeee look so good, that I had to go this site and order some for myself.
Totally agreed, he keeps me interesting even when he's talking about topics i'm not that into. He is good.
Agreed, but at the same time, he needs to be to keep the channel going as it's a fun "job" that generates a good chunk of $$ and I bet he gets a ton of freebies along the way.
I just want to say that RUclips technical presenters could learn a lot from you.
I love the other sources for deep-tech to be sure, but in comparison to even the "best", I think the balance you have found between providing concise information and the pace of your delivery is excellent, compared to the glacial pace at which most other "tutorial" videos provide their material, excellent as they may be otherwise.
I also love the fact that I must pause/repeat during your presentations, rather than wait around for the next connecting concept to emerge from some irrelevant tangent that so many other channels seem to fall into as they attempt to have their material more easily "absorbed". Your delivery is fast, relevant, direct, and structured to be easily comprehensible to beginners, while being an excellent resource for FAST reference by more experienced students of the material, all while remaining very personable. People who do not produce for you will never know the creative process behind videos like yours, with endless decisions to be made about how to structure and present their chosen topic, so I applaud your choices, including the occasional "coffee breaks" and humorous B-rolls that do not interrupt the pacing in any real way.
Anyway, thanks; not just for the materials being presented, but for your fast, concise method of video presentation. All training videos should study your method.
chuck, you are one of the very few youtubers in networking that doesnt make me feel like an idiot
Oh My God Chunk, your content is better than my teacher's courses,I wish that my teachers teach like you and make the student love and fall in love with IT.
All me respect to you...
Ha, why do you think actual experience is better?
It's cause the world's teaching structure is corrupt and their job isn't to teach but program you for their agenda.
Not the actual teachers but they better do what they're told or ........ you know
He doesn’t teach with scaffolding or adaptability that allows for advance users or users with learning disabilities. He doesn’t use ASL or allow for non-English speakers and is going way too fast for most students. He lacks training in asking the right questions to young people like what do they think will happen next. He lacks collaboration techniques and is missing visual learning cues. He is not allowing for users who only learn through hands on training because this is just a one-dimensional video. He is not using any Quad D action verbs like evaluate, compose, justify, predict, or invent.
@@kasomoru6 He doesn’t teach with scaffolding or adaptability that allows for advance users or users with learning disabilities. He doesn’t use ASL or allow for non-English speakers and is going way too fast for most students. He lacks training in asking the right questions to young people like what do they think will happen next. He lacks collaboration techniques and is missing visual learning cues. He is not allowing for users who only learn through hands on training because this is just a one-dimensional video. He is not using any Quad D action verbs like evaluate, compose, justify, predict, or invent.
@@ljara3384 It is a video. If it covers things faster than you like you can put it on 1/2 speed or rewatch it a bunch of times. It is the same concept as reading the textbook multiple times until you get it. The video has closed captions which should be plenty for people who are hearing impaired. Especially when they can rewind and replay the video freely. Even assuming there are things he could explain better or in a different way, they may have been glossed over as they are not core to the video. Or they could be topics better suited to a stand alone video or video series. You may not even be his intended audience for the video. Also, key to learning with some kind of hindering disability or impairment is first learning the ways you learn best and then adapting the curriculum to better suit your learning style. It is nice when the teacher does that perfectly for you, but it is not realistic to expect every teacher to do so. You can take the information here and work out your own way of practicing it to perfection that suits your learning style. Perhaps by trying it yourself alongside a pfsense book or with the pfsense online wiki open. It is harder and takes longer, but sometimes that is just what you have to do. I know. I have several learning disabilities / impairments.
teachers have a hard time teaching to everyone. when I was in school, I was always way ahead of the teacher. it's not that the teacher didn't have skill, he knew what I was doing and gave me high marks for it. but in his lecture and curriculum he has to teach people who don't know this stuff. I saw that in my career often. it's one thing to know how to do all this stuff, it's a whole other beast to try to explain it in a way that makes sense to someone who is just getting started. Thing is, nobody every taught me, I was interested and learned how to figure it out. Back in the days of IRC, i was an @ in many channels, because I was engaged, and actively willing to learn. Not because I expected to be taught.
You sir are the teacher I never had in school; you make learning so much fun and simple. I’m going to get on this right now as I use UniFi access points for my wifi as well. Thank you so much
One of the reasons why some millenial with a teaching degree and no passion of a subject will never be as good as someone with passion.
Agree. Showing passion for your subject is square one requirement you rarely see anymore.
@@leborhal7450 Most teachers are boomers, WTF are you even on about ?
& more importantly what does being "Millenial" go to do with it??
@@AcidiFy574 Because he's a jealous ol' boomer ;)
@@leborhal7450 Generation has anything to do with passion. Either they have it or they don't. Blame _____ generation all your want but there are terrible uninspired people in every generation.
I just finished the Google IT Support Cert networking section. I fell in love with it. I can't believe it only took a week and almost everything you did makes sense to me. Like 100%. I'm so buying the exact setup, and will follow along. Then, I promise I will get into trouble lol. Wish me luck. Excellent content. I was thrown off by the guy fawks mask, so glad I clicked on your vids. Great content man
took you only a week to get a Google it support cert?!
@@freedompioneer4311 I did 3 of the courses in a week. I have a technical background, so I knew some of it. Been programming for 6~ years and always have been a computer nerd
I followed the instructions exactly, even took coffee breaks when instructed. Thanks for the great tutorial.
I've been using pfsense for awhile. Idk. Most people may be better off with a generic router. A non-technical user can get oneself in trouble pretty quick, which is then really frustrating when all they want is to browse social media. For folks who like to tweak and upgrade performance, oh no doubt, it's great.
Thanks for the tip, I definitely fall into the non-technical user category
@@Pikachulover1735 if you wanna have a really good router which gets automatically daily updates then buy Turris Omnia 2GB. It's much more user-friendly and also open source.
@@moss460 ooohhhh I'll check that out, thank you very much!
Agree. Pfsense is a ton of work even if you know networking. There's a big time learning curve, and that doesn't even include learning all the packages. But once you get the hang of it, it's a sick firewall that is free.
@@scottluebke5012 I'm sold
His love for coffee, coupled with playing the video at 2x, is awesome! Moreover, nice to see Lawrence Systems chiming in on someone else's video. I like seeing multiple channels checking out and supporting others.
He drink no coffee
Firstly LOVE your channel.
Secondly, thanks to you my home is now protected by pfsense. I converted an old core i5 8gb ram workstation, added an extra lan card for $15, now all my home internet runs through it. Runs pfblocker and SNORT like a breeze. Amazing at all the stuff it detects and blocks. Feels like i have the safest home network in my city.
With 500W power supply? :) It's good to use old stuff, but better to sell it and get a dedicated hardware :D Good job though
@@Deplated yes. since that comment ive upgraded to a new mini PC with 8gb ram & Intel(R) Celeron(R) N5105. Think it only uses 15watts or something.
@@PulsechainProfits sounds good mate!
Just set my pfsense router using the appliances you recommended. Everything is running like a breeze! I appreciate this tutorial video very much thank you!
Great video! One thing I want to add is that I looked into devices like protectli, but you'll trade that nice, small size, for performance. For about the same price, you could get a mini or micro PC that is a good bit more powerful and has better cooling. I ended up with a new Mobo, slightly older i5, 8GB of RAM, threw in an SSD hard drive I had laying around and it blows those mini routers out of the water. I run a point to point VPN, and initially my PFSense box was running a weaker processor and the usage sat around 30-40% at all times. The mid consumer tier intels (older and newer) and some AMDs have built in encryption capabilities that PFSense can use for things like VPN. I bought an i5 off of eBay for about $50 and now my usage rarely goes above 10%. I really have liked PFSense with Unifi access points.
how would you connect the wan and lan ports? would you need a pcie network card?
@@matthiaswarlop2316 Either get a motherboard with 2 ethernet ports or add a pcie card. Maybe even a card with multiple ports so I can make a DMZ or something.
Thank you for this video! I recently purchased the Protectli Vault (8gb ram, 120mSATA) and I was a bit lost in the understanding pfsense. You made it not only easier to understand but did it with great humor! If I had you as a network instructor it wouldn't even feel like school. Thanks again!
I just did the same. I have not fully set it up yet. I'd love to share my network diagram and get insight into subnets, vlans, wifi and I may need to replace one or more of my switches. Would love to know what other people's home networks look like and how they set things up.
What's the purpose of it besides increased security
"get rid of it!
It's slow, insecure and not really fun"
Exactly what my girlfriend said about me😓😅😂
lol
Oof
There there
She wanted to make her Boyfriend go through a VPN , while attributing it a fixed IP, but not allowing it to have an IPV6 (as it's the most used platform to cheat, right?) , or she just felt spied on by ISPs with you...I guess ? :D
@@bobcoco6047 you are a fucking Legend 🤣❤️
We are live. Just did a huge network switch. Hitting 1.4 gbps now thanks to this video. 2.5gbe ports on the appliance. A lot more to learn now. Very exciting. thanks so much!!!!
Bummer with the pfsense plus announcement.
Hi @NetworkChuck
Awesome what you do BTW! What would be very interesting is to go into the details of IPv6 on pfSense (some hints there.. Prefix delegation, Security topics, what should be allowed per default, how to keep track of all the devices, how to allow for certain ports, etc.). In my eyes, this can get very messy really fast.
Great video!! As an old Cisco Pix, Checkpoint Firewall, BayNetworks Networking & Security Engineer, I’m blown away by what pfsense can do these days. I’m long been retired but in the tail end of my career years I was working with pfsense in about 2007 -2009. There were two other products named Untangle & I can’t remember the other name I had worked on for some time testing which were pretty solid at that time also. Now, I no longer get involved much with networking even as hobby but I do occasionally browse to see where things are at like tonight and I’m glad I did. You might have just inspired me to to build a little cube and dump pfsense on it to play with at home. Thank you for this fantastic chock full of info and demonstration. I owe you a cup of joe. 🤟
Great video and walkthrough, wish I had you as my IT instructor you explain things very well! Can’t wait to try this! Enjoyed your enthusiasm and energy!
how cool is it that you’re doing this just when I started to use pfSense at work. your content ROCKS!!
Instructions unclear: I was so quick to burn my terrible router that I did it before he said I could still use it.
Appreciate you doing a supplementary video on VLAN's - particularly with a focus on segregating IOT devices.
Thanks :)
I too would like to see that. Great content as always.
I'd also love to see info on vlans and external APs & their IPs Thinking of trying to set them up for it (not that I have too many as of yet) and another for 10g network (unless this is supposed to he done different, then maybe a video on that) using the zyxel APs and switches I have.
Great video. Wanted to mention, since you mentioned pfsense can be installed on a virtual machine, I have my pfsense router installed on a virtual machine running on an ESX host and I ran through the config provided by NordVPN, before I saw this video, and I noticed that my traffic would randomly stop routing through the VPN. NordVPN support said they don't support routing traffic through a virtual deployment of pfsense, only hardware installs.
Hi NetworkChuck, Ditto. Would like to know more about VLAN's how to configure etc. particularly for segregating IOT devices. Thank you.
Chuck, You are a great teacher. And the love you put into this is amazing. Its effen funnn man.
Keep it up.
and now, coffe brake! Siiiiiip
lol
Lol! That’s funny. I immediately thought installing PF on a raspberry pi and you swiftly answered that question. Great video.
OpenWRT will run on Raspberry PI and offers very similar features. That's what I have for my router now and it made a huge difference on my home network.
Same lol
OpenWRT is also an option as an AP for a old router as well.
I also used OpenWRT, however the configuration is subpar compared to pfsense. Snort does not even have UI.
But he got paid to advertise something which is not free ;)
I just love how your coffee cup just automagically refills mid-video. There's more to that pfsense wizard than you've initially told us, ey😅
I literally just bought one of these last month and am running PFSense on it!
I migrated from using on old beat-up dell optiplex to this, and transition was SUPER EASY
What Network cards had installed to the optiplex?
@@tasostsimpogiannis7682 I bought a "intel" double nic card... the intel brand is important because it plays well with the base OS of pfsense
@@James-li8cm Same. Currently rocking the 2016 Optiplex with i5 6500, 8GB, and nvme SSD. Power for days and days, but also takes up a lot of space. Might pickup a small Netgate box and put the Optiplex into duty somewhere else.
I LOVE IT. I learned tons of things. And now, im gonna research and learn more. Thanks for this great content 😊
😃
Love your videos Chuck. Thanks for helping so many people get into IT.
wow, this video needed another 2 hours worth at least. Thank you for posting this so long ago.
Hey Chuck, minimizing the single use USB and use Ventoy, Im going to try to see if i can put Pfsense on it an see if i get boot. Thanks for diversifying your content!
Chuck, I love the enthusiasm, you are great teacher. The only concern I have is about the recent reviews for the recommended devices. A large number of users complaining about overheating and not lasting long. What has been you experience since the launch of this video? I've never been this inspired with network. Thanks for your videos.
He's in it for the subscribes. Are you surprised he hasn't responded yet?
@@atlantic_love this video was made months ago, he probably just doesnt check this anymore
@@thebossminer9840 Doesn't matter. He's in it for the subscribes. CLICKBAIT
The picture of the TP-Link TL-SG105E that he said is managed literally says "unmanaged" on it. :)
Hehehe, would not have noticed if you didn't mentioned it.
Just finished configurating it thanks to you. Lovely tutorial, professional yet entertaining
Your tutorials are amazing you explain every aspect of it, your a great teacher, thank you very much I learned a lot and still learning!
NOTE: You may have to power cycle a cable modem since it is only capable of leasing out one IP address, and it was already leased to the previous hardware. Power cycling will clear the lease.
Great video. Long but worth it. Would love to see you do a similar video on OpenWRT running on a Raspberry Pi4 (now supported on the latest version of OpenWRT). PfSense is more polished it seems but for me it's amazing to do similar stuff all on a Pi4.
I set that up myself and it worked for 30 mins then started crashing/bogging right down. Maybe it was a bad SD card though, I imagine it shouldn’t be that unstable
Ordered a full on ACER Aspire TC - Desktop Intel Core i5-12400 2.50GHz 12GB RAM 512GB SSD W11H that I now have to open up and install NIC CISCO INTEL i350 UCSC-PCIE-IRJ45 4x ports RJ45 Low Profle to and a Wireless Access point in order to fully join this pfSense community. Thanks NetworkChuck, you've taught me a lot.
Just learned this in school. Great recap here; thanks!
The coffee probably has something to do with the fast pace. 😂
Big fan of PfSense, deployed hundreds of them. Personally I use the Ubiquiti Dreammachine Pro now, cheapest way to get SFP+ connections. If you want next-gen firewall protection with Pfsense, you can setup Suricata on it for even better protection.
Hi Ray
Recently I started to learn pfsense, but something seems very strange to me.let me know if something is wrong about my config. OK there's lan1 and lan2 and I've set rules that prevent lan2 from reaching lan1 but allow lan1 to reach lan2,everything's fine until while I'm pinging lan2 from lan1(which is ok) try to ping back lan1 from lan2(which is prevented), it works!!!! Like the gate is open for exiting soldiers and the enemy enters simultaneously😂 is this natural? Is this a bug? Or it's something I'm doing wrong?
(To be clear all the rules port and source and destination are on any)
@@NL-lp5in
Try to create a "block" rule with protocol "icmp" and "any" with "lan1" as source and "lan2" as destination
Why dream machine pro?
Man you are so fast paced I accidentally clicked another video and could not tell until I looked back at my screen lol
That exact router you had in your thumbnail is a great router for a 2 room apartment. Great coverage, even on the balcony. Switched to DDWRT, payed some 15-20$ 5 years ago. Why would I destroy it? (did subscribe to you because of the enthusiasm about networks you show)
Another upload from our amazing Chuck! Will watch it when I am back home!
For those who find pfsense a bit complicated, ipfire is a great choice. I been running ipfire for many years and switched to running it on a protecli device a year ago. The bad thing about protecli though is many of their lower end devices (2 ports and 4 ports) have many hardware vulnerabilities due to the old intel chips being used. I have the 2 port version and it is plagued with hardware vulnerabilties. Ipfire has a built in checker to check for hardware vulnerabilities unlike pfsense, which is an awesome feature to inspect the hardware to ensure it is not vulnerable. I am working to look at different hardware since my current protecli i bought a year ago has to many hardware vulnerabilities on it now. If you get protecli, get coreboot bios, since all their stuff is made/flashed in china, but at least with coreboot you get opensource firmware vs who knows what extra stuff is included in the china flashed firmware.
@@yigits4031 lol
WOW! Thank you so much for this video! I wanted to securely route IoT devices separately from my LAN (and growing computer lab lol), and also have access to VPN, and you showed me how to do it all with 1 appliance! I am a network student right now and all of this has given me so much experience! Cannot thank you enough, brother! The vid is 45 mins, my start to finish setup time with an out of the box Protectli was about 4 hours with troubleshooting and just plain ignorance lol.
Sometimes I really wish I could like your videos more than 1 time. You have a very cool way of explaining Networking concepts/Tech and also simplifying everything. Thank you Network Chuck for all you do for the community
Just create another RUclips sign in lol
One thing I think is neglected on most networks is the use of traffic shaping. On the network I used to run, I could have a couple machines running torrents full blast with zero slowdown for any of the traffic that needed low latency. Traffic shaping is also a great way to get around buffer bloat effects from ISPs using buffers that are much larger than they have any reason to be. If you can shape the whole network's maximum traffic to 95% of your ISP's maximum bandwidth, then you can prevent traffic coming in from or out to the internet bottlenecking on the ISP side because the buffers are overrun.
To help with ping?
@@veneratedmortal4369 Of course pings are a low latency packet (like "small packets") and therefore trapped by the low latency set of rules. Of course they'll be prioritized ahead of everything else classed as regular or bulk.
@@killermist ICMP packets do not get priority and it's not unusual for routers to just drop them when things get busy
@@harryjohnson615 Monowall, which isn't even the most advanced install-it-yourself router software, and every other router software worth anything will have the ability to prioritize TCP/ACK packets and ping packets ahead of everything else. And that's on top of any of the other benefits of traffic shaping. If your pings and your TCP ACKs are being prioritised at the same level as web browsing and BitTorrent, then your traffic shaper is not doing its job properly. Any router that does not have those features is a router that needs to be upgraded.
@@killermist You're rather missing the point. Your router's traffic shaping is superceded by your ISP's own traffic shaping policies. You might be able to assign the highest priority to an ICMP request within your network but as soon you try to traverse your ISP's backbone they shape and prioritize the traffic and one of the first things to bite the dust when traffic is heavy are ICMP requests because they are not providing a service. Some internet routers are so harsh they just become black hole routers and NEVER respond to ICMP requests
I noticed SHA1 when you were setting up your VPN. Wasn't that deprecated a few years back? Great video, by the way!
this is not a production environment, just for test
@@tarasfedchuk9261 but many will consider it not as such...
Dyor
@@jacksummer2849 lmao, no need to research, it's well known that SHA1 is considered weak nowadays
Ask PIA, mate.
This is a great tutorial, to the point with no fluff or faffing about, plus chapters to refer back to sections easily! Thank you for all the work you put into your videos 🙂
Hey Chuck - just found your videos and they're great! 1 thing tho - I don't think you need the block rule if the PIA gateway goes down. In my experience, the rule you set to push traffic out the gateway will still kick in try to push out and get stuck... (so no traffic gets to internet).
"I love when things make noises" - network chuck
My bike makes a lot of noise without the servicing
Chuck being out of context sounds fun :D
Thanks for this. Other recommendations (including other comments) are for OPNsense as a fork of pfSense.
I'm behind an IPv4 CGNAT, but with a /64 IPv6 static allocation. I'd love to see something from you about IPv6 and DHCP/Static/DDNS.
I have also been recommended to choose OPNsense. Is there something that is bad with OPNsense?
@@JohanLindberg -- Some people like the user interface better but I prefer pfSense's UI. To each his own. Both are great firewalls.
Hi there Dear Friend, after i went to your Chanel , i can confirm i get more some of your knowledge and skills, you for me is like a mentor. I owe you so much from your teachings.
Your one of the bests man here, i Salute you. Greetings from BR. (y)
I’m currently using a MikroTik router at home. It has lots of capabilities, similar to PfSense, but GUI is not as good.
Mikrotik is good option for beginners. its cheap & has commercial grade options on its lowest line up products too.
@Mik Müller well, we cannot even start comparing MikroTik with a home router LOL. It has much more than I need or use but I miss a friendly GUI though.
A huge advantage of pfSense and friends over any dedicated device I could find is the ability to use hostnames in firewall rules.
use console instead;)
I use mikrotik as well, best routers imo. I also love ruckus radios but their firmware has been aides this past year.
I used to use refurb dell optiplex's with extra NICs to connect branch offices together. I would have loved to see some kind of comparison between PC vs hardware like you used.
What he used is a pc in a small box. You could easily use an older pc as long as it has a way to add a second network port and a reasonable amount of ram. Even a pc a few years old should be adequate.
What about Mikrotik? I've been working more and more with Mikrotik and its super cool and fun and rewarding to figure out and setup
I use Mikrotik "Hex-S" and "hAP ac3" and very hapy
I have it but it's quite complex, pfSense seems to have a better gui and to be easier for accomplishing basic tasks
Thank you for creating this video! I just setup my pfsense on protectli & PIA VPN. One thing, you blotted out your IP addy with your ISP at the 28:00 mark, but when you showed your screen again at the 28:13 minute, you forgot to blot it out there! Maybe time to get a new IP if your ISP didn't already provide you a new one lol! Cheers for this video and thank you @NetworkChuck!
I wonder why you never talked about Mikrotik Routerboard routers. They are amazing.
No consigo mas de 30mbps en wifi
Love your videos but the continues "Coffee Break" inserts are annoying.
Everything else, you're brilliant!
WTH man
I was just getting into pfsense these days and was wondering it would be so nice to have network chuck or David bombal make a video on that
Lo and behold ♥️♥️
I enjoy all your content. Especially this video. I used it as a guide to setup my home network firewall. I bought their Netgate device and thank you for the walk through.
Great video. One thing I would love to see (maybe a tip for next video) is how to set it up in a way so you don't bridge the ISP router, so it works as your 1st fw and pfsense is your 2nd fw. Hopefully and theoretically increasing the overall security by introducing different layers.
Also bit on zoning (family devices in one zone, NAS in another, your rPi web server in another, etc.) in case the sh** hits the fan, would be lovely.
You don't want to give your ISP the first level firewall, you want that control yourself. If you need two layers, deploy two firewalls yourself. You will also run into double NAT problems if you don't bridge your ISP router/modem. Plus the whole point here is that your outside firewall should be more powerful. You will be bottlenecking your connection if you don't bridge.
Mikrotik it's the fairest firewall does everything a pfsense does and more, an RB750gr3 costs $60, with $200 you buy an RB4011iGS+RM (10xGigabit port router with a Quad-core 1.4Ghz CPU, 1GB RAM, SFP+)
I like the specs but does it have plugins like pfsense have? Such as pfblockers, Suricata? Not DNS base blocker. Also manageble IDP, IPS suricata...? Last time a tried years ago, The OS did not have those plugins and the interface was buggy but it might changed. Right?
@@AFiB1999 Currently Mikrotik does DPI (deep packet inspection), but not use signature-based detection, heuristics or machine learning. Having a built in IPS integrated would be great
Very professional, just a suggestion, when you evoke the technical parts, may you go slower to improve understanding for apprentice like me, thank you very much.
youtube has a slow down function
@@jeremiahbullfrog9288 Agreed. I didn't saw he talking about how he configured the modem/router (route mode VS bridge mode).
@@jeremiahbullfrog9288 if you want an easy fix I'd get the Vilfo VPN router. In my opinion, Vilfo's OS it's A whole lot easier than pfsense's OS. they have documentation on their website but the setup wizard is practically dummy proof in my opinion
@@jeremiahbullfrog9288 also the performance for my gigabit connection is very good over 250 megabits wired OpenVPN and over 600 megabits per second over wireguard (might be higher as I've been having a hard time maxing it out as downloads complete too fast first world problems lol)
You really got the psych down on how to make sure people with ADHD stay focus with the camera pans, my brain is absorbing all the information and I can't look away from the video
Outstanding video. You teaching style is always on point. Would love to see how you integrate your Ubiquiti/Unifi hardware into the mix. Thinking of moving from the UDM-Pro to a Protectli (already have a FW6E) based PFS setup but not quite sure of the best method for getting it to play nice with my current Unifi setup. Thanks again for your great videos!
I really agree on the need for coffee in the IT-environment... :-)
But you should mention to put the USB to boot on the lower USB when using for example the FW4B, as (vendor) protectli also recommends. That will save users some headache, luckily I read before trying, but have seen similar issues for other hardware as well. Despite of that, great tutorial.
Chuck, or anyone really, what are the pros/cons of going with Protectli vs a Netgate?
I haven't gotten excited about my day to day work stuff in years!
Pretty cool man, thank you so much!
This is going to be part of my first feat now that we own a forever home; I want to get this running & figure out Virtualization on TrueNas Scale.
Haven't tried myself with a major project since leaving IT in 2k6ish. There's a ton of change, I'm in dire need of major Crash Courses.
Keep up the Great Work
Any update?
The best teacher ever! If I had you as a professor, I would never cheat in your class!
If you’re worried about your WAN IP getting out, you need to be a little tighter on your editing. There are still sections where its clearly visible when the dashboards start sliding around
??.???.19.128
@@dwaynehallows3273 iykyk
Yeah there is a specific timestamp I noticed it as well. Sometime at 1x:x1 it clearly scrolls by unfortunately.
Yea it openly shows the gateway @35:21
28:13 shows it as well.
Thanks!! Got my Netgate 6100MAX, working! Sweet! 🙂2 separate PIA VPNs through my QNAP QSW-M2116P managed switch on 3 separate VLANs, for my Synology NAS, APs and rest of network. Thanks Chuck!
The option shown here is actually really cheap for a PfSense router.
If you were to build a cheap PC with new components, the most expensive part would be the Network Card which has the network interface for SFP+ or RJ45 (usually), they're usually as expensive as a budget GPU at the moment.
Intel network cards are pretty much the best, be they Wi-Fi cards for laptops or ethernet network cards for PC/Servers so if possible, get one of those.
Ideally you should get a network card with a minimum of 2 interfaces, one for input (from your ONT) and one for output (which goes in your switch), from your switch you can connect to the internet everything, Smart TVs, Wireless Pots, PCs and so on (depending how you made your network structure around the house/company building).
Thing is more than 2x RJ45 or SFP+ ports used at the same time, can overload your router's CPU and the network speed will go down so don't think about replacing the cost for a switch with a multiple port network card, it's not gonna be good.
As for the CPU and RAM, well, a Pentium is better than a Celeron and are pretty much the same price so get that (for socket LGA1700, those are the latest gen so it's gonna be perfect) and probably 2 sticks of 4GB RAM are gonna be plenty, 3200 MT/s frequency and 22CL to keep things cheap.
Use a mITX motherboard for everything and use the stock cooler, so that everything fits in a Cube Tower case, and you can place the router anywhere, it won't be that big, noisy and ugly sitting somewhere in sight.
Time for a Update
100%
Not much has really changed but I can see where people will get tripped up by it if they are new to networking.
I can imagine there are few more literal "something secure" passwords now.
Just ordered my firewall and will be setting it up with pfsense. Thanks for this vid!
I appreciate your enthusiasm very much. You inspire me to want to try this. I have a plex server I setup for my family that I want to be able to access outside the home but I also work from home. I feel pretty good when I ingest tech like this but for some reason networking always intimidates me. I despise my ISP outside of the speeds they provide so to be able to check all these boxes makes me really want to do all of this. It's the doubt that is creeping in that is holding me back lol! #goals
id be enthusiastic as him if i was paid for it too....nothing he mentions is different then a high end router for the same cost......
You work from home and can’t setup a plex server for remote access? You must be the IT engineer for a public school ….sounds about right.. can you log into your own router…😂😂😂😂😂 I love the IT guys….lmao….wouldn’t know how to pin out a cat 5 cable ….IT guys…….God help us.