That chipset doesn't support what you are trying to do.

Specifically, using the PCIe x16 slot will disable the onboard graphics.

You could in theory do so if you add a PCI graphics card to keep the board happy.

@Muuuufasaaa:

…Netgear C7800 ... compatibility with pfsense.

They both should be IEEE802 compatible. Other than that you will not have pfSense running on that device - if that's your question. pfSense is not OpenWRT or such.

@jafoca:

@belt9:

The J3355 will almost certainly outperform that xeon in OpenVPN. OpenVPN is single threaded and depends a lot on clock speed, the J3355 has higher clock speed and is much newer. The J3355 also has acceleration for SHA, and it likely has a better implementation of AES-NI given the large time gap between the two processors.

All that having been said, so long as you stay <100Mbps it won't matter.

I'm considering going the J3355 route as it seems to check a good number of my boxes - mainly low power and modern processor. My Comcast internet connection is 100Mbps right now (though could move to 150 soon), so I think it should be capable of handling that even with a good handful of packages.

Has anyone found a good case for use with this board? It seems tough to find something small and cheap that ALSO handles the PCI Express card, which is needed because the board itself only has a single nic.

(Maybe we should have a dedicated thread for this board?)

I was going to build one based on J3355 and had been looking for a 1U case for a long time. I found this –
PlinkUSA WebITX125 which allows front to rear mounting which would be great for a router application like pfSense, because you could easily connect the WAN and LAN ports from the router case to your switch
They have a bunch of IO plates for different motherboards, but they don't have one for AsRock J3355. You'd have to buy the universal plate and cut it accordingly with pliers.

@Inxsible:

This could be interesting as I recently obtained a Supermicro server with Intel Xeon E3-1240 with 4 disk bays and 2 Intel NICs and ECC RAM. It also has a LSI MegaRAID 4 port SAS card installed.

Since the machine is way too powerful to be just a pfSense router, I too was thinking about setting up pfSense in a virtualized environment and using the server for some other things. I already have a 6 bay FreeNAS box, so this could either be a backup or a 2nd FreeNAS box. Unfortunately I do not have much experience with virtualization or ESXi, so I hope to learn more from this thread and others.

Follow this guide, it's quiet simple once you get it. I'm sure you know more about networking than I do, which will help.
https://doc.pfsense.org/index.php/PfSense_on_VMware_vSphere_/_ESXi

In short:

Create a WANvSwitch Create a LANvSwith Create a PortGroup for WAN (Finally you should place Pfsense as the only DHCP-client in this PortGropu) Create a PortGroup for LAN (for your VM's and all devices in the house) Create a a separate LAN port group on the LAN vSwitch for the ESXi management interface. Somehow you can't create a VMkernel interface on the LAN PortGroup, but it's connected to the LANvSwitch, so all the same.

Your cable provider could check your MAC address and you might have to unplug your cable modem for a few minutes.

You can even test first and start with virtual switches that don't have a a physical uplink, so you won't bring half the network offline if you misconfigure something. If the Pfsense has 2 interfaces and the LAN interface will have 192.168.1.1/24 as it's IP and you are running a DHCP server, just spin up another VM in the same LAN port group and you'll quickly find out if that's working.

It's a good idea to use static IP addresses for your ESX management interfaces on LAN. You shouldn't need one at WAN in the end, but it might be handy if your Pfsense VM is not connected straight to your cable mode, although I guess this could be a NAT in NAT.

You should be able to enable passthrough on the LSI-controller. Log into your ESXi box, go to hardware and you will see your PCIe devices and a "toggle passthrough" button. You have to reboot after this, but then you can attach the PCIe device to a VM.

Anyway, I'm not great at explaining this. Just follow the pictures at https://doc.pfsense.org/index.php/PfSense_on_VMware_vSphere_/_ESXi and let me know if you get stuck anywhere.

@Inxsible:

Question is why do they make them in x4, if all they require is x1 speed?

It's the differences between PCIe 1.0 vs 2.0 or 3.0.  The quad port server NICs that many of us use or recommend absolutely do require 4 lanes of PCIe 1.0 bandwidth to function with full performance.

GPU miners use riser cables all the time, and that works because the x16 GPUs can get away with x1 bandwidth because they're doing massive compute operations on relatively small chunks of data, meaning that the bandwith of the interface isn't a problem.  It is a problem with something like an HBA or a NIC, though, especially when that NIC uses only PCIe 1.0.

I can't wait a week for this to get worked out.  The i3 is probably a 2x performer, and would have saved me probably $75 after shipping, but 7 days is too long.  If it sucks, Ill ship it back after getting a replacement from ali.

By the way, keep in mind that PPPoE with 1Gbit/s is rather intense for a CPU (it doesn't scale well). So getting a CPU that has a good single core / single thread performance will help you.

@s_mason16:

and what about the 4-pin ATX 12V Power connector on the motherboard?

I know about pico power adapters but not much and always just figured they were for very small atom soc units.

you should be able to ignore it and just use the 20 pin connector–the system shouldn't draw enough that the extra power connections are necessary. if you actually need the extra pins, you also need a bigger power supply. :)

Thank you - that was a piece i was missing.

Maybe a stupid suggestion,
but also check if there are no copper taps at the wrong place in your case.
Then you get a shorting on the back of the motherboard.
I have seen this before when swapping a motherboard to another type,
and they didn't look for unused taps they left behind from the previous board.

Grtz
DeLorean

@Fisavelon:

will you recommend me this one?

In short: no.

@Fisavelon:

…put a laptop wireless adapter dual brand and it will do the work as an access point ...

That's the culprit. FreeBSD is not good at wireless.
You are way better off with a dedicated AP placed where it makes sense (radiation wise). The router closet usually is not such a place.

Don't you already have a thread for this :

https://forum.pfsense.org/index.php?topic=135565.msg742232#msg742232

@copcopcopcop:

@Inxsible:

@copcopcopcop:

I am finalizing my new router build and I am stuck on which NIC to buy. I'm trying to avoid buying an intel NIC on ebay since the secondhand marketplace is just flooded with counterfeits.

I know this doesn't answer your question, but read the many posts on this forum which confirm that even the $15-$20 used intel NIC cards work just fine. They might be made by certain Chinese companies but most do use the Intel chipset. If you still want to buy a brand new server NIC card, then more power to ya !

Yes, the cheap $20 Chinese counterfeit NIC's do work, but i think we can all agree that knowingly buying those comes with some very significant durability concerns. I'd rather pay the additional upfront cost to not worry about when my routers cheap NIC's are finally going to crap out.

then buy 2 or 3 cheap ones so you can replace them in case of something going wrong with the years.. still much cheaper then the 200$+

The SD card slot is (currebtly) only for recovering the firmware in the event that the USB recovery fails.

It would probably be possible to use it for caching but would require some hackery and the speed of SD cards is such that it might prove…. disappointing!

However, if you want to use Squid to cache content to reduce load on your narrow WAN I would probably not choose the SG-1000. It will run Squid but with the limited RAM and storage available it won't provide the greatest experience.

Steve

Xeon E3's are great processors to have. A bit of overkill for a home network but might serve you well for IDS/IPS.

I agree it reads like you're looking for an answer that doesn't exist here.

If you want the highest OpenVPN speeds you can have, get the fastest single thread performance CPU you can afford. Though as said above spending twice as much will probably not result in twice the throughput.

Steve

No.

The Realtek NIC on the 'modem' card is connected to the host via PCIe just as a separate NIC would be.

Steve

I don't anticipate any of those components failing anytime soon. Nothing moves or gets particularly hot. If you have to replace anything it will probably be from a bad component that will fail in the first few months and that's a crapshoot.

Just keep a thumbdrive loaded with the installer of the same basic version (i.e., 2.4.x, 2.3.x) of pfSense that you use and keep your config.xml's saved somewhere and you should be fine for many many years to come.

Old desktop workstations often work for well over a decade and they have moving parts, deal with on/off cycles, etc. Your box will likely last at least that long and probably longer.
The first thing to go will probably be capacitors, and you could even replace those for a few bucks and keep marching on if you wanted.

J3355B