All you have to do use a CF to IDE adapter like the one I use. It mounts where a PCI card bracket would be mounted to the rear panel. You'll need a 40 wire standard IDE ribbon cable to connect it to the primary IDE port. This assumes you will not be using the on board PCI expansion slot.

http://www.opentip.com/Electronics-Computers/Monoprice-Ide-To-Compact-Flash-Cf-Adapter-Pci-Bracket-p-1515902.html

This is what I do on my GB-1000 running m0n0wall, but pfsense 2.1 also works.

You will want to grind down the two screws that hold the bracket to the card, the portion protruding beyond the threaded part of the bracket is a bit long and interferes with the ethernet ports.

@MMacD:

@matguy:

good workstations, usually by OEMs, like Dell and HP.

Just as a not-so-minor semi-O/T note:  HP's workstations these days are made by what used to be Compaq.  Compaq had a hideous reputation among engineers because their boxes were spec'd and built to maximise Compaq profit, not minimise customer COO.  Customers gradually figured that out.

I have a very high-end HP dual-Opteron workstation sitting at my feet that's only 5yo yet has shed so much functionality off its house-branded Tyan motherboard that it barely works at all.  I bought it because I lost my mind for a moment and forgot that HP wasn't doing their own workstations anymore.

While every OEM has their lemons, and while Compaq was absorbed in to HP, Compaq's main "issue" models were their home marketed machines, which were crap, certainly.  A lot of HP home machines were crap too.  Both generally made pretty good business class machines, usually.  No offense to AMD processors, but a lot of machines built around them, especially around the launch of a particular CPU architecture had issues as motherboard manufacturers caught up, it's an artifact of the relationships with the motherboard manufacturers and QA processes.  There's a reason Dell took so long to put out AMD based machines, and they're not their primarily marketed machines.  Again, please let me state this again, I'm not attacking AMD nor the products they make, just that the support chain of motherboard manufacturers seem to take a while to start making good and stable motherboards after an architecture launch.

I have 3x HP DC7700P machines at home, they're super great.  I use 2x for a VMware vCenter cluster and one for a gaming machine for a friend (had to replace the power supply, didn't fit right, had to drill a screw hole.)  I also have an XW4600 that I use as my primary machine.  Loaded it with a Perc5 RAID card from a Dell server and 4x 15k RPM SAS drives, those with some big GeForce card on the stock power supply and it's great and stable and fast.  Oh, and 8GB of ram, technically it'll take 16GB, but those are some expensive sticks of older RAM since it's DDR2.

Anyway…

I'll adjust my statement, "good workstations with Intel processors, usually by OEMs, like Dell and HP."

I'll admit that Dell had issues with a lot of their GX270's from bad capacitors, but they were -very- good about replacing motherboards and extended the warranties on a lot of them to cover machines that failed outside of the warranties.  They had cap issues with GX260's and GX280's as well, but not nearly as widespread.  I have a couple GX270's that had their motherboards replaced, one of them is my media server with 6x 1.5TB drives on the stock power supply, works great.

FYI- I have an Atheros 9280 in my ALIX right now on 2.1 and it works like a champ so far.

@noob12344321:

From what I've read…the VPN accelerator card would slow down a high end CPU!

Would depend on which one you get… If you get a Xeon and a vpn1411, then, yes :)
If you get, say a DX1845, I'd say that would be faster :P

Anyway: modern Intel chips, have AES instructions built-in, should be plenty fast :D
http://en.wikipedia.org/wiki/AES_instruction_set
will be supported in 2.1:
http://forum.pfsense.org/index.php/topic,51367.msg275362.html#msg275362

Until then the i3/Xeon itself should be able to do 200Mbps, I would say, but with a bit higher cpu load.

I would imagine that if you use powerd, you could keep the power usage low.

How many NICs do you have in the machine running VirtualBox?

It looks like you have the pfSense WAN and LAN bridged to the same real NIC. You can't do that.

Steve

On better switches and Wireless APs there is an option like "AP isolation" or something like "Private VLAN". This allows the port only to communicate with its gateway but with no other clients on the same switch/AP. This will prevent that someone is spoofing someone else MAC address and do man-in-the-middle attacks. So they cannot use someone else MAC addres and use their bandwidth/traffic.

Then - as SeventhSon said - enable static ARP on the DHCP server.

Another possibility could be to use the pfSense Caprive Portal + freeradius2 package and then setup bandwidth and traffic volume for each user individually. Then it is dependent on the username/password - so people can user their laptop or smartphone or ipad and all counts on the same user.
http://doc.pfsense.org/index.php/FreeRADIUS_2.x_package

Yes, that helped. Hope it stays that way. Thank you.

I can't help you there.
I am lucky enough to live in an area with a choice of broadband suppliers and very good 3g coverage (no 4g in the UK yet). The few times I've had call to use a 3g modem I had no need for an external antenna.

Perhaps someone else can help.  :-\

Steve

Just need one final recommendation for the build.
What is the smallest/slimmest micro-atx case people have used. Since I'd rather not have a mid tower router next to my gaming rig haha.
Basically stock cooler with 2 intel nics that can be low profile, a 2.5inch drive and cd/dvd drive if possible, but not required

I was thinking about grabbing the Silverstone SUGO-SG02. But if there are any good compact case recommendations for silence I would like to have your opinion. Preferably under the 100 limit would be good since a decent psu and the sugo would be like 110 DX not including tax and shipping

I would go for the LAGG option, for redundancy (at least for NIC/cable).

As for PPS testing, just lower the MTU on the sending and run the iperf again?

Nice,

Bit expensive for a pfSense box, any benchmarks? Are you getting anywhere near the 400Mbps advertised by D-LINK?

Any idea what crypto device it has onboard?

pci1: <encrypt decrypt,="" network="" computer="" crypto=""> at device 7.0 (no driver attached)</encrypt>

Maybe report it to he Working Specialist Platforms?
http://forum.pfsense.org/index.php/topic,36651.0.html

In the logs apinger marks your gateways as down, because of packetloss/too high latency

You seem to be saturating UP and DOWN on your WAN, basically making the WAN too slow/unreliable from for apinger's perspective.

You can just disable the gateway monitor on that WAN Gateway if you want…  ::)

If that HP dual uses the Intel 82571 (like the forum link says) it should work good as a server NIC.

Looks like a good cheap dual NIC and mod, have to keep that in mind if I ever need a dual NIC solution!

Dansguardian uses a Squid proxy which is disk intensive so you're going to have awful performance and thrash your CF card unless you run Squid on another box. I think you'd be better off (fewer machines to manage) if you bought something with a hard drive instead of CF. If you do want to run an external Squid instance, here's a tutorial for setting it up (I didn't write it):

http://linuxforge.wordpress.com/2010/11/26/how-to-pfsense-external-squid-transparent-proxy-dansguardian/

@mhab12:

A while back I had to find an odd riser to adapt our mobo/case combo where the slot was facing the wrong direction.  Ultimately a couple items from Logic Supply ( http://www.logicsupply.com/categories/riser_cards) did the trick.  Not sure if they can do custom work, but perhaps they can create something that will fit the pinout of your current box.

Saves that site for later

I know nothing about those boxes. I suspect the issue you are most likely to come across is the RAM size. The minimum went up to 128MB (or was it 256MB?) some time ago.

Oh, and if the NICs are "old enough" they might not have been tested with current software.

Edit: This was the note I was thinking of: http://forum.pfsense.org/index.php/topic,1712.0.html It looks as if 128MB is the current minimum.

@anno:

To be 100% sure is the controller intel I350, Intel 82576, Intel 82580 supported to?

From what I've read here in the forums and if IIRC. The I350 and 82580 should/might work in 2.1. But the 82576 is supported in 2.0. I'm using the Intel Gigabit ET2 Quad Port Server Adapter[1], which uses the 82576. Working fine here on 2.0.

[1] http://ark.intel.com/products/49187/Intel-Gigabit-ET2-Quad-Port-Server-Adapter

If you can't disable DMA in the BIOS you will have to set it as a loader option. Though I would expect to see some dma errors if that was the problem.
Are there any BIOS updates available for your board? It suprises me that there are no DMA/IDE options.
If you can use a serial console try the normal Nano image (without VGA) as it has DMA disabled by default. I don't know why the VGA version doesn't do this.

To disable dma you need to add:

hw.ata.ata_dma="0"

to /boot/loader.conf.local, create the file if it doesn't exist. However you will probably need to boot correctly first in order to add that. See this doc for details:
http://doc.pfsense.org/index.php/Booting_Options#Disable_DMA_for_IDE_drives

Steve

pfSense currently only supports x86 hardware and I'm fairly sure the air port isn't.
Feel free to start porting it though!  ;)

There have been previous efforts to get an arm port running, search the forum.

Steve