@stephenw10:

Loads of errors can be a bad cable or a poorly secured card that's moved in it's slot. I assume you would have tried changing the cables but I mention it in case.

Steve

Thanks for the response. Can't be the cables, because prior to this build, I had pfSense running on a T40 laptop for 6 months straight with NO errors on the WAN or LAN interface, with the same cables.

@tirsojrp:

4 - pFsense is not optimized for multithreading, that 165% performance jump doesn't apply for every scenario.

Indeed. The increased benchmark score of the D2550 over the D2500 is due to the former supporting hyper-threading. Not necessarily any advantage in pfSense.

This board doesn't beat the Jetway NF9HQL-525 in my opinion. The older D525 actaully benchmarks faster. It's expensive though.

Steve

Hmm, interesting result. I wonder what is causing such a huge discrepancy?

@Class889:

i agree on the powerD statement but first i must know what my router is capable of :)

The P4 chip you are using does not have any useful power saving features. It would be almost pointless running powerd.

@Class889:

but i wonder, how come ppl dont pass the 1gbit barrier?

It's because people are, mostly, measuring the throughput of the pfSense box. Usually what people are interested in is how much bandwidth can I handle with X hardware between WAN and LAN. Testing that bi-directionally is just not relevant.

Steve

@stephenw10:

This should not be limiting to 20Mbps.
However this does put extra load on the cpu. It should be well within the capabilities of your P4 but check the output of 'top -SH' when it's limiting to make sure.

Steve

when I do top-Sh I can see the top going to 100%.. not exactly sure what i'm lookign at. If I just look at the output of top, everything's below 1%.

Without the shaper, the speed seems to vary (from 1 of the port of he switch) from 20 to 45Mbit as there are other traffic on the network. But whatever shaper I put in, it'll drop the speed down to below 20Mbit. I've tried different wizard, but they all seem to throttle the overall bandwidth even when I put in the correct up/down numbers.

My question is no longer with the hardware. Therefore I'll hop over to the other sub forum to troubleshoot traffic shaper.

Conclusion: Realtek 8139 can do the 100Mbit, but is unstable, a lot of crashes and resets. Intel 82559 is stable and able to do the 100Mbit throughput.

@NuSkooler:

Good, I got the impression that some of the information in that thread may have been blown out of proportion or just plain FUD.

I think at this point I've pretty much settled on "Option 1" above. I don't plan on having much disk I/O so unless I get faulty parts, it should be solid for quite some time.

Yes, a modern 30GB SSD should last a long time on a standard pfSense install.  That's an early SandForce drive, which should be fine.  I would, however, make sure to update the firmware before you start.  If I recall correctly, that era of SandForce reserved some space for wear leveling and helped with performance, which is good (more recent versions are releasing that space back to the user for more capacity, since you don't exactly need that much space for your purpose, that extra wear leveling slack can help with longevity, faster is a side bonus.)

Yeah, a wiki-site would be awesome.

@stan-qaz:

@joshfokis:

@stan-qaz:

What IP and mask do you have for pfSense LAN port and what is set in the LAN section of the WRT setup? The IPs must be in the same network but different and the subnet masks must match exactly.

I am using the 192.168.5.x/24. When I connect to the WRT by cable I can access the configuration page for WRT but I must set a static ip. I cannot get to the pfsense page when connected. If there's anything else I can provide to help please let me know.

So you have your:

pfSense LAN port set to 192.168.5.1 /24

WRT WAN port set to DHCP (it won't get an address but it also won't conflict with the LAN network)

WRT LAN port set to 192.168.5.XXX  /24 - where XXX is from 002 to 254 (a manual setting as the WRT LAN doesn't do DHCP)

Your PC set to 192.168.5.XXX  /24 - where XXX is from 002 to 254 but not the same as the WRT LAN

@stan-qaz:

If you configure a computer with a third IP address in the same network as pfSense and the WRT and the same network mask you used in both of them, what happens when you connect the computer directly to a WRT LAN port? Can you see the WRT from it?

You do have the Ethernet cable from the pfSense box going to one of the LAN ports on the WRT and the computer plugged into another of the LAN ports?

pfSense LAN  –->  WRT LAN 1

WRT LAN 2 ---> PC

WRT WAN disconnected

If you have this setup and the addresses above you should be able to see and set the WRT settings from the computer with or without the connection to the pfSense box.

You should be able to see the pfSense box once you connect it to the WRT LAN port since that is a simple switch and the WRT router/firewall is not involved in the process.

If you don't have anything else hooked to the pfSense box try these static IPs and masks and see if they work for you. This takes the pfSense DHCP server out of the loop for assigning the PC an address and is as simple a setup as you can try.

pfSense LAN port set to 192.168.5.1 /24

WRT LAN port set to 192.168.5.10  /24

WRT WAN port set to DHCP

Your PC set to 192.168.5.20  /24

Once you can see the WRT and pfSense confirm that the WRT DHCP server is turned off and set the PC to use DHCP and pfSense should assign it an address and all should work as before. At this point the other LAN ports and wireless should also be operational as far as connection and DHCP functions.

Thanks for the help I did try this setup and it continued to give me issues so I figured it might be hardware related and not configuration related. It turns out I was correct. I returned the NIC and got another one and I have to admit it gave me a fight for a moment but now it is up and running and working beautifully. The previous NIC I had was a TRENDnet. I now am running an ASUS card. I just would like to thank every one for their help in trying to get me up and running.

Whoops! Didn't know that pfsense doesn't support N. That does explain why I couldn't find it :)
A desktop is a possibility, but I was looking for a small all in one appliance (no moving parts and power consumption).

Thx for the reply!

Yep, massive overkill.
Better to run pfSense virtualised on that box. At least you can then use the rest of it for something useful.

Steve

I don't see that one on our list:
http://doc.pfsense.org/index.php/Known_Working_3G-4G_Modems

Do you actually have that modem, or are you looking to potentially purchase it?

If you have it, and 2.0.x doesn't detect it, you might give a 2.1 snapshot a try and see if it works there.

@alixman:

You are very helpful.  So if I bought the DC7800 you listed, what upgrades would you do?  SSD for sure for squid/snort, what else?

Well, I'd put in more RAM, for sure.  I mean, 1GB is great for normal routing, but if you're doing extended features, you'll want more.  They can cheaply take 4GB, 8GB isn't too expensive.

I would probably get a good dual port PCI-Express Intel Gb NIC, it'll fit in your PC-Express x16 slot (you don't need a video card in a router, the features supplied by the onboard/integrated GPU are already overkill.)  It has an integrated Intel Gb NIC already.

If you need something physically smaller, the Small Form Factor versions of the same can be slightly cheaper, but they'll need low profile cards.

Past that, unless you've got some serious internet access and/or plan on doing some crazy stuff, upgrades would probably be just for the sake of upgrading, not noticeable performance.  I mean, this hardware should be able to get close to saturating Gb internet with pure routing; VPN somewhere between 50Mb and 100Mb (+/- probably 20Mb depending on the type of VPN.)  I'm not sure what dedicated crypto cards would do for you, though.

The only strike against the Ubiquiti gear is that everything I've read says the system software needs a Mac or Windows host machine to run on. You can manage it from anywhere once you have set up the host but you have to have that host.

@swampster:

Yeah I might give the laptop idea a bit of a whirl

No personal experience but have read that Lenovo's don't work so well with pfSense.  So may want to steer clear of those.  I'm running a DELL Inspiron 5100 with the VLAN for WAN interface and a Netgear GS108T SmartSwitch.

Check the system logs at the time of of the disconnection. Without more informtation this is just a guess but if you have a bad quality line pfSense may be seeing that and marking it down. If that happens you will see lots of entries in the logs for 'apinger: ALARM' followed by the cause of the alarm which will be either excessive ping time or packet loss. You can tune those parameters to stop that happening over a bad connection, a satellite connection for example.

Steve

No.  I've been running two systems with SLC CompactFlash cards for around 4 years and they're fine.

Matrix21 isn't a good indication of the max connections you can push through the pfSense box.  Each IP is only good for 45k - 60k ports and each connection needs one unique port.

If you really want to test connections limit, multi-home both the wan side host and the lan side device.  Say, have 10 - 20 IP addresses tagged to the network card each.

Then run as many instances of matrix21, each tagged to one IP on both the server and device.

i.e.
Server is currently 10.0.0.1, client is 192.168.1.1

Multi-home the server so that it has the IPs 10.0.0.1 - 10.0.0.10 on the NIC.  Run 10 instances of Matrix21, each listening on one of those IP addresses.

Do the same for the client device.

Use batch file to do this and run all the instances together.  The sum of all the instances will give you a high connection limit.  You're not likely to actually be able to hit the pfSense limit with only 10 instances but it should cripple most other commercially available routers.

Yes but as Wallabybob pointed out your NICs may not work under 1.2.3 which would make it a lot more difficult (if not impossible). Why not just install 2.0.2? You can import a 1.2.3 config file if you have hundreds of firewall rules you need to use.

Steve