@Jailer : I have a 100 Mb/s cable connection. But should be upgraded to fiber soon.

What packets do you want to install?
What services do you want to run?
How many users or devices must be sorted?
Is WiFi a point to talk about?
Is VPN in usage?

Will a Supermicro A1SAi-2550F be more appropriate ?

Pointed to pfSense I would more go with a C2x58 (rangeley) then an Avaton platform.
AES-NI and Intel QuickAssist would be the way to go. Take the C2558 rangeley and 8 GB of RAM.

@utnuc:

Hello, here's another post about what hardware is cheapest and best.

I have a 1G up / 1G down fiber connection with three apache web servers (1k visits/day with streaming video on a heavy day) and a home network behind it.  I'd like to run a Squid reverse proxy on the pfSense install.

My question: what kind of hardware am I looking at to make this run smoothly?  Up until now I've been squeaking by with an Asus N56U, but it's starting to go down every other day or so now, probably because my network traffic is picking up.

My options:

Buy a pfSense Appliance. I emailed sales and they tell me I should go with a SG-4860 for $200 more than the SG-2440.  But, of course they would say that.  Double the RAM, double the Atom cores, and more Gb ports.  But is it necessary?

Build my own.  If I do this, what kind of minimum specs do I need?  Pretty sure I can beat the pfSense specs and save money.  For those recommending this path, would a 2 NIC system + unmanaged Gb switch be appreciably slower than a 4-6 NIC system sans switch?

May be you'll be interested to my new build?
https://forum.pfsense.org/index.php?topic=109694.0

When I used the VPN, I used pure AES since I installed on a dual xeon quad core poweredge 1950.

The issues I had with PicoPSU's were low quality which result in repetitive failure that sometimes burned up motherboards. They may be efficient but due to thier size, they lack protection circuitry.

This is the difference between them an your platinum desktop psu. If they fail, your system will not be effected.

Now, I've been using corsair platinum PSU's for years and I've got one that has run smoothly for 7 years without issue. I swear by them.

Dual Xeons for pfSense seems like rather ridiculous overkill, especially since typical pfSense workloads are not particularly threaded.

I'd go with something that has 2 (or if you are running intensive plugins, 4) highly clocked cores instead.

Now, if you want to build a cheap dual Xeon for other reasons (like visualization) there seem to be cheaper ways.

I picked up a old new stock Supermicro X8DTE board on eBay for less than $250, two Xeon L5640's for $60 each, and 12x 8GB Registered ECC DDR3 modules for $15 a piece.

Not the newest tech, but 12 cores (24 logical) at 2.2Ghz (turbo to 2.8) and 96GB of RAM for a total of $550 (for Mobo, CPU and RAM) was a pretty damned good deal, if you ask me. :p

Bridging any ports, on the same card or not, will require traffic to go through the PCI-e bus, through the CPU, and then back out.  Unless you're trying to make a filtering bridge, buy a switch.  Even then, you may be better off with a switch and simple ACLs.

Thanks for the replies but I found the issue. I had selected the modulation type to "Multimode" instead of "ADSL2+" which was causing all the packet loss. Once I changed this everything worked great…no packet loss  :)

I know the Draytek 2820 is a real router but you do have the option of turning it into a dumb ADSL modem:

http://www.i-helpdesk.com.au/index.php?/Knowledgebase/Article/View/354/0/how-can-i-configure-my-vigor-router–in-bridged-mode

Theres no double NAT going on here and the Draytek 2820 is purely a modem. No NAT. No wifi. No DHCP. No firewall!

In fact, I have noticed my broadband speed has gone up from 8Mbit/s to 9Mbit/s.

I am REALLY pleased with my SG-2440 purchase. I had my IPv6 tunnel up and running in no time. I'm really impressed with pfsense and the SG-2440.

Please note, if you are planning on bridging the ports on the Intel Nic, it is a bad idea and generally frowned upon.

If you need more ports, get a switch

Perhaps also interesting for you Gigabyte GA-6LISL
Its available for ~280 € here in Germany.

only max. 16 GB only two NICs UDIMM support flat design Intel i210-AT NICs solid made server grade DDR3-1866MHz ECC RAM support 1 x PCIe x16 (Gen3 x16 bus) slot

If at a later time point another add on PCIe card is needed it will better to get the PCIe 3.0 x16 slot.
Perhaps something as the Chelsio 10 GbE adapter or a Intel QuickAssist adapter from the Netgate store.
Or will this be for a home usage only?

GA-6LISL.jpg
GA-6LISL.jpg_thumb

I'm now running 2.3 RC on this little box and I have no complaints. It's a great little box.

I've actually seen a few h87 and q87 based thin mini itx boards on the market. I like the idea of thin mini-itx but as soon as you put a fan cpu cooler on it, it looses the THIN description. Other than that, I do enjoy the external PSU capability of the thin mini

@jimp:

Both ucom and uftdi are in the kernel, no need for modules. If it's not detected, odds are the version of the driver on pfSense doesn't know it. Did it detect when connected to a plain FreeBSD 10.1 box?

Try a pfSense 2.3 snapshot, it's based off FreeBSD 10.3, it may have picked up support for that device along the way.

Thank you so much for the response, I have been trying for a week to get this working. I will try FreeBSD 10.1 full and let you know. It is a CrystalFontz CFA-631 LCD which I bought due to it being fully supported by LCDPROC.

All I get the LCD to do at this point is blink when LCDPROC is started

Thanks for sharing this experience.
I was ready to order WAY more complicated components if I hadn't run into this lovely little piece.

/ Tarran

Thanks guys for the answers!

Yes, we will go with a hardware with multiple interfaces. The solution with a managed switch and VLANs is much more complicated. We will go with the better hardware.

Thanks again for the competent information! :)

VPN service, Proxy, etc.

What does etc. really means? Squid, Snort, ClamAV, pfBlockerNG, SARG, SquidGuard and DPI on top?
It makes a huge difference.

or I can run VMware esxi 6 using board, and install pfsense on the host and WAN port will be connected to my modem.

Why, I would install pfSense natively on that board and then it will be enough for all your requirements.
For ~$65 more if you are able to get it sorted take and go with the C2758 one.

The advice from cmb solved my issue. I just had to check the box for powerd.

I haven't had any hardware stability trouble with my MB (Gigabyte LGA1151 Intel Z170 Mini-ITX DDR4 Motherboard GA-Z170N-WIFI).  I got this motherboard because of its form factor (mini-itx), but also because it was the only Skylake compatible board with two intel nics on board that I could find.

The only trouble I have is driver support with FreeBSD.  Wifi isn't recognized, and the intel nics were just recently supported in the 2.3 beta.

That's a nice build you got there. To answer your questions

Intel Pro PT NICS are awesome but I would personally suggest not buying more ports than you physically need since unused ports occupy system addressing and memory resources and remain IDLE. Additionally, if not needed, I would disable the onboard LAN since it as well as other onboard devices are CPU controlled. NIC cards like the Pro PT cards incorporate their own controllers which provide better performance.

Also I wouldn't worry about naming since pfsense will do this automatically and unless changed during setup will assign em0 and em1 to pcie 1 and pcie 2 in that order if NIC cards are put into them. The caviat is that if you don't put a card into pcie 1 but put a card into pcie 2, the card in pcie 2 will be named em0.

2 Side suggestions I would make is consider potential reuse of the parts if you upgraded the router and choosing a board that is  upgradable for reusability with things like and upgradeable CPU and dual channel memory would be great features for a desktop. External power is also a great consideration since, internal PSU's generate heat and inside small cases for this purposes, heat is often trapped inside due lack of good ventilation. So, based on my suggestion above I chose the Intel DQ77KB for my new build.

Im going to supply a link here that illustrates a thin mini-itx board that is externally powered. Personally its a good choice but you buy what you like. Again, just showing you something with external power that is value priced and gives you upgradability.

http://www.amazon.com/Intel-BLKDH61AG-Thin-Motherboard-DH61AG/dp/B00G9EXYLS/ref=sr_1_1?ie=UTF8&qid=1459610896&sr=8-1&keywords=thin+mini-itx

If you end up going with a externally powered board, two considerations apply since they use what is basically a laptop charger as a power source. 1st consideration is buying one that supply the required power needed by the board. 2nd is ensuring that the plug that goes into the motherboard is the same inner and outer diameter needed by the motherboard. These are easy to check on and are a must to do since there are so many of these types of chargers on the market.

No, 'ifconfig -a' does not show the missing interface. :(

As promised, here is a few pics of my new build. I should point out that, I've got it running but since decided to order a Samsung 840 Evo 3D NAND MSATA SSD to use instead of the standard SSD. I'm also waiting for a few 40x40x20mm case fans to come in the mail as well as a PCIE riser to install my Dell DRAC5 remote management card. Lastly I need to modify the lid for the CPU fan because when the lid is on, it sits perfectly against the fan without bulging it and stops it from being able to pull in air. Should I do slots or cut a circle and put a filtered grill on it?

I did go into the bios and modified the CPU fan from 20% minimum duty / 100% maximum duty to 70% min / 100% max. With the default my CPU was average 43C and with the new it average 32C.

20160401_202558.jpg
20160401_202558.jpg_thumb
20160401_202616.jpg
20160401_202616.jpg_thumb