@stephenw10:

I've been meaning to give Securicata a try ever since bmeeks anounced his package. Time to try that too.
@BBcan177:

so Steve.. Jump in…  ;)

If you're asking me to help with integrating Pulled Pork then you clearly haven't every read any code I've "written".  :P

Steve

Suricata is a lot more involved. I personally would stick with Snort until Suricata goes thru another few versions. It also a little piggy on memory.

Bill is really doing a fantastic job at managing the Snort and Suricata packages. Integrating Pulled pork was just to let you know that if it was integrated, we could post a basic ruleset that you could copy/paste and be ahead of the curve.

I think we need to convince the pfSense Devs that its a change for the better. (politics!)

For all the help you do on a daily basis to others, we are extending our full support to help you get up and running with an IDS of your choice and no software writing lol  :)

Thanks for the reassurance!

Glad you're up an running.  :)
There should be no issue installing 32bit pfSense on a 64bit machine though.

Steve

@lpitman:

Intel Pro 1000 PT Quad is not recognized in pfSense 2.1.3, but if I install the same card into a Windows machine it is recognized.  The hardware I am trying to install into is a SuperMicro 5017C-F 1U Server utilizing a X9SCL mother board. I believe this is a problem with pfSense. I am currently trying to see if FreeBSD will see the card.

Try forcing the PCIe link down to Gen 1 in BIOS.  That should resolve the issue with the PT adapters.

It should be under Advanced -> Chipset Configuration -> Northbridge Configuration -> Force PEG Gen1.

Well an i3, any i3, is a much faster CPU than a Pentium4. The Netburst architecture in the P4 was notoriously power hungry so the i3 is almost certainly going to use far less power and run cooler even while moving far more packets.
That said if you have one 10/100 and one Gigabit NIC then you can only ever pass 100Mbps of traffic (assuming no VLANs) and the P4 should easily manage that. You probably won't see 100Mbps of VPN traffic though if you need that. So although a new i3 system would be far faster you may not see any improvement due to other restrictions.

Steve

Unfortunately I omitted some somewhat important info about my test. The above figures with quite a load on snort relative the 100 Mbps link was when I saturated the link over an OpenVPN connection from one of the LAN hosts with 5 FTP-request for ubuntu ISOs from speedy servers. When I did the same test but not over OpenVPN the snort load figures were about 15% of divided over two CPUs. I don't really know what caused that difference but my guess is that snort didn't associate the packets as part of an already initiated continuous transfer stream and rather ran rules on every packet. Does anybody know?

Still working after 2.1.2>2.1.3 update.

Works with f3507g too (AKA Dell 5540, and v. popular with thinkpads).

Ah, thanks for the heads up.  :)
What about those who did get it installed and booting on the Gigabyte GA-J1900N-D3V? For example:
https://forum.pfsense.org/index.php?topic=73518.msg418094#msg418094

Is this a known FreeBSD issue if patches are availlable?
Edit: I see the link in your redmine report now.  ::)

Steve

Yes, though it will never be as fast as a gigabit switch. Just bridge the ports you want and assign the bridge as LAN.

With no mods it's quite loud, there is no thermal control on the fans. It is possible to manually control the fan speed or using a script to monitor the CPU temp. It can run relatively quietly if loading/air temp allows. I have had one next to my desk before and it wasn't really any louder than my desktop PC.

Steve

I found a case and ordered it. After weeks for looking across many sites and not finding anything that met my requirements, Amazon randomly recommended this:
http://www.amazon.com/gp/product/B0035FIS2O/ref=oh_details_o00_s00_i00?ie=UTF8&psc=1

Most mini-itx cases that support a PCIe slot have a full sized slot (they generally assume you're building a mini-itx system with a full-sized GPU). It's nice that this has a low profile slot so I can add more ports if needed.

I also decided to go with a different board. The Supermicro A1SAi-2550F. This board is twice as expensive, but I like having 4 on board ethernet ports. This also means having the slot wasn't really so important anymore, but the expandability is nice anyway.

Only drawback is that I think the motherboard only has internal USB ports for USB 3 and the case only has USB2 ports on the front. But on a router, I don't expect I'll need USB very much (and there are still 2 USB 3 ports on the rear of the motherboard anyway).

The board uses Intel i354 ethernet, which may not be supported in pfsense 2.1, but I'm currently using the pfsense 2.2 alpha anyway.

Hopefully this information will help someone else in the future.

That is easier than I was thinking.

Good news. Cheers.

Exactly what wifi card do you have?
Does it show up in?:

Steve

Thanks for the info. Basically, my processor is running at 3.0 GHz and isn't using any kind of speed stepping. However, I'm rather liking pfSense, though it took some time to get rules figured out - still having some minor issues, so I'm treating the P4 build as just a test platform. I'll probably get an Atom board to be the permanent home.

Thanks for the hard work on this project. I've been using DD-WRT almost since it came out, but support for their community versions really went downhill when they began offering professional services, leading me to question how secure the builds are, plus I find the community to be rude and arrogant.

I'm also hoping that pf will do a better job at QoS for VoIP than iptables, that way I don't have to use vendor supplied, rarely if ever upgraded, hardware for my network gateway, which in other configurations doesn't seem to play well with streaming video.

Thanks. Sorry, I didn't come back and close this one. There was a motherboard issue related to (very old) BIOS. Updated BIOS, everything worked as it should. Quite a bit of googling to find that one.

@stephenw10:

You could use VLANs with your one ethernet port. That would impose any restriction on a 20/2 connection.

Steve

I'm actually seriously considering that at this point but just have to wrap my head around how to accomplish it. On the pfSense side I imagine it is a piece of cake. Just figuring out how to get Tomato to cooperate on my main 'switch' to route things around. And time to take the network offline to accomplish it of course. ;)

What are you using for a serial terminal?
I have noticed that some terminal emulators don't handle the baud rate change well. For instance you have the terminal set to 9600 and boot the box. Initially you get garbage because the POST output is at 115200 but then when the output changes to 9600 you just see the cursor moving but no actual text. At that poing if you close the terminal program and re-open it at 9600 you should start to see the correct output.

Steve

@pmb1010:

The 2nd try was successful.

Why didn't you just boot from a USB stick and install?