i use x520-DA2 cards in my freebsd file servers (zfsguru is on freebsd 9.1) and there i had to tweak some buffers as well, otherwise the link would not come up.

kern.ipc.nmbclusters=262144
kern.ipc.nmbjumbop=262144
Kern.ipc.nmbjumbo16=32000
Kern.ipc.nmbjumbo9=64000

I got this info from: http://forums.freebsd.org/showthread.php?t=24723

Please, test the modules from this post: http://forum.pfsense.org/index.php/topic,20095.msg346347.html#msg346347

We are using CARP with two dell poweredge R610 with bi-CPU E5506 and 16Gb of memory.
It has been running well for us.
It handle: a 650Mbps WAN which average at 200Mbps and can peak to 600Mbps for a few hours which generate ~70TB of traffic/month
50000+ states, ~60 simultaneous OpenVPN users, 4 IPSec tunnel (3DES 256bits)

Thanks.  That's good to know.  I won't start for a few weeks yet, but it's interesting how much harder things are to find when you don't use current tech.  "The long forgotten LGA775."  :)

Right, so I bought the Intel LAN Card mentioned above, installed it in the target hardware, and ran LiveCD with both 2.0.3, and 2.1. It seems to be running fine, no hiccups.

thanks for the feedback everyone!  will stick with the old reliable for this round as everyone suggests..

@dkozel:

Then this CF card for all three systems: http://www.amazon.com/SanDisk-Extreme-CompactFlash-Memory-SDCFX-004G-X46/dp/B004UC9HSA
4GB should be more than plenty even for dual booting test versions or just having fun. It supports UDMA which I understand used to be problematic sometimes. Has support changed or is that still not entirely working?

Well, I tried with this one and…

$ dmesg | grep -i dma atapci0: <amd cs5536="" udma100="" controller="">port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xff00-0xff0f at device 15.2 on pci0 ad0: 1919MB <cf 20110221="" 2gb="">at ata0-master UDMA100</cf></amd>

wallabybob,

Sorry for the confusion… The 4G modem is a Huawei E392.
As I just started playing with pfSense, I am using the most recent version I could find at the site.
And yes, there is a thread about it (http://forum.pfsense.org/index.php/topic,49549.0.html)where a fellow got it working installing usb_modeswitch.

Moacir

50Mb fiber at home? I wish!  ;D

This is for work. We currently have some bonded T1's for 10x10, however moving and also upgrading to a full 50x10 fiber circuit. The currently firewall is a small netgate and can work with the T1's but I could see it struggling with the new fiber. Rather build something that's 1U rack mountable. Anyone have links to builds? Like stated, Atom, 512 memory, cheap board, etc.

There have been reports of using, successfully, 1000+ VLANs with pfSense so it's not a problem with that directly. Perhaps some combination of a large number or VLANs and interface bridging?  :-
Did you try any of the suggestions from the FreeBSD lists?

Steve

Another nice command…thank you.

Jun 21 00:41:35 pfsense syslogd: kernel boot file is /boot/kernel/kernel
Jun 21 00:41:35 pfsense kernel: Copyright © 1992-2010 The FreeBSD Project.
Jun 21 00:41:35 pfsense kernel: Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
Jun 21 00:41:35 pfsense kernel: The Regents of the University of California. All rights reserved.
Jun 21 00:41:35 pfsense kernel: FreeBSD is a registered trademark of The FreeBSD Foundation.

Couldn't find anything useful from log. There are hours (or more) between the time when reboot sequence start and previous log entry. The previous log entry is always different line, so no consistency there.

I will try to swap HD, NICs etc. since I have another box with same hardware and see what gives.

Thanks again,

GBR

If you're looking for the command line it's option 8.

Steve

@SunCatalyst:

the other issue nobody has touched on is the NOISE factor with the 1u and 2u boxes…

1U are USUALLY pretty damn noisy (due to the fans) and if your using this in a home
environment you may not be happy with the Noise.

ALSO.

if the OP is wanting to do Wire speed and Snort / Etc with 10GE  , your gonna WANT multiple
cores. NOT a single core. and then theres ECC ram.

The noise depends on the amount of fans, and the fan itself, but yes it makes to much noise for a regular home, But it is ment for co-location in a datacenter, Do not see any reason why to use a 10gbit lan at home :P

about the, single core, I don't think anyone said a single core is better, they did say that snort uses by default a single core and it would be better to get a cpu with a high rating per core. But indeed, a quad core is required for that speeds.

@Downloadski:

@ilaurens:

@Downloadski:

you need to compile the driver for that intel 10 GE card i think.

I have them in my zfsguru nas servers and in 1 it works the other not. That runs freebsd 9.1 and does not have the newest intel drivers included even.

Further it is hard to fill up that 10 GE connection also, i only can put 350 Mbyte/sec through it (source system is not faster)

Because you will have tweak parts yourself, take a look here this is one of the many things you can do to speed it up http://forum.pfsense.org/index.php?topic=42952.0;prev_next=prev

also search on google: network tuning

Thanks, i have no more problems now with the 10GE cards.
I check the logs and it was caused by to low buffers for 10GE cards.

No problem, glad it helped came across it when I was searching for info. Perhaps you can post your speeds here?

@stephenw10:

Yep. I would think that to do 10G Snort you are going to want all the processing power you can possibly muster!  ;) That's way out of my experience though.
I was just pointing out that, due to pf's single thread, you need to look at a CPUs single thread rating rather than it's overall benchmarks. I.e. a 2 core, 4GHz CPU is likely to give faster throughput than a 48 core, 1GHz CPU even though such a CPU would have massive processing power on paper. That's ignoring the Snort requirement.

Steve

Yes, you are right, but well it depends how it's used. It's said a single core, is that per instance or per process, there is also something called PFRING which enables you to use multi threading for snort, but i'm not sure how to do that yet nor I have the space to setup a server at the moment :(

@sventunus

Thanks for your input. Great to hear from someone actually using this Jetway box.

I will look forward to hear your real world numbers if you get around to it.
;)

@stephenw10:

How are your Xboxes connected? Wifi? If so run cables for a much better connection. Perhaps consider using Ethernet-over-powerline or ethernet over rf if your house is wired for that.

This may come across as patronising so I apologise if it does; are you sure that Cinemanow is reporting Mbps and not MBps. 8x3.35 seems very close to your rated speed.

Is the AC66R what you're currently using?

Steve

Thanks Steve,
yes I'm using the AC66R right now, and my xboxes connected by wifi..
Thanks for your suggestion, I'm going to see if my house can use Ethernet-over-powerline. ;)

Assuming it is a "standard" x86 system and you can configure it to boot from a CD or USB stick I expect you should be able to install pfSense on it. However I have no experience with that system type.

I would be inclined to try pfSense 2.0.3 (the current released version) or (especially if the system was first released less than 3 years ago) a snapshot build of pfSense 2.1 which has more current device drivers than pfSense 2.0.x and so is more likely to work with newer hardware.

It would also be worth take a walk through the pfSense documentation pages at http://doc.pfsense.org

Still good enough for a home router perhaps, especially running m0n0wall instead of pfSense. There has some work done to drive the LED 'triangle' display. http://forum.pfsense.org/index.php/topic,36546.0.html

Steve

Not sure why you'd be worried about getting DDOS'd, unless your sitting on a routable class-B or larger it's very unlikely unless you are messing with the wrong people.

As far as hardware unless your doing Snort or Squid you really don't need that powerful of a box. If excluding those to options I've held up 100MB business links running pfSense on boxes you would be throwing away these days. cough cough P3 933mhz + 512MB ram, granted more modern releases of FreeBSD are slightly more resource intensive, I've had no problems running it currently with 1vCPU and 768MB ram under VMware….Yes a VM in production and it works just fine.

CPU:
If your really worried I'd probably go with an i3-3220 which is likely overkill (G2020 should be good enough, really looking at the 55w TDP)...if your doing Snort at line speed it really depends on your WAN link. On gig+ links with 2000+ clients banging away at it your looking at westmere xeons unless you want to do some port-mirroring.

Ram:
4GB would be plenty for most things and cover you down the road. If you are planning on Squid then 8GB, but make sure the motherboard can take 16GB down the road in case load increases.

NIC:
As tirsojrp said, pickup a used dual port Intel Pro1000/PT PCI-E adapter off Ebay....should be $30 or less shipped. A lot cheaper than new, and a lot higher quality.

Storage:
CF works but I would go with a regular USB thumb drive, USB2 drives seem to boot quicker.

PSU:
Always get a high quality PSU, being cheap can cause all sorts of issues from higher failure rates to odd voltage outputs and fluctuations.

Worth mentioning as no one else has asked. "Huge LAN parties...will go on the fritz", what kind of switching is he running? I wouldn't recommend running 100 seat lan parties off netgear switches, no offense they have their place but when you care about latency and have a large network...I would go with something of a bit higher grade.