@mattlach: Unless you have a need to keep the networks on each of those ports separate from eachother, you'd be better off buying a cheap switch (netgear GS105 for $24 maybe?) connecting the switch to a single LAN port and connecting everything else to that switch and leaving your two empty ports empty, than you are trying to mess with multiple LAN ports on your pfSense box. Performance wise even a very low end switch like the Netgear one linked above will perform leaps and bounds better than trying to bridge LAN ports.  This is not a pfSense thing.  This is a "the way networks work" kind of thing. Even if power consumption is your main concern, using an actual switch for switching is a better idea.  Bridging or routing to multiple lan ports is going to cause extra CPU load on the pfSense box, probably costing you more in power than using a switch would. Faster, less power, less complicated setup.  There really is no reason to mess with multiple LAN ports - unless of course - you absolutely need separate LAN's, which outside of complicated enterprise setups, most people never do. @TheRiceKing: Then I guess my Intel quad NIC card is an overkill for my pfSense box. I got the PCIe Intel GB quad card under $50 because I though I would need it in order to do other fun stuff while I learn networking. Thanks again. Unfortunately, yeah.  if I had caught you before you bought hardware, I would have recommended sticking with a cheaper dual port NIC. That's not to say that quad ports don't have their uses.  I use one in a very busy virtualized server using link aggregation as a cheaper (and very limited) alternative to 10gig ethernet.  The quad ports are fairly sought after though.  You might be able to sell it, replace it with a cheaper dual port, and buy yourself a nice switch with the leftover money :p You made a lot of great points. I appreciate you taking the time to explain all the very valid points. I agree on putting performance, simplicity, and efficiency at the top of the list. Thanks again.

SanDisk "Extreme" (red) or the Transcend industrial grade (green) ones with 4 GB should be really nice.

N2930 build for < $250

I'm thinking that this should be enough: 1. SG-2220 coupled with the internal WiFi card 2. Draytek Vigor 120 (for ISP dialing) 3. Gigabit Ethernet switch It will be enough pending on this input. Other wise if you want to install many packets and or service must be running such Snort, Squid, pfBlockerNG and ClamAV or HAVP I would say the SG-2440 is the better option. With WiFi and pfSense it is not so easy to answer, from what I was pulling out of this forum and another German forum is the following; "If got it working inside you will be happy and get some benefits on top of other solutions, if you get it not working often it comes a huge amount of problems besides". If ac WiFi will be a must be or in the near future you should go with an external WLAN AP. You could also take other antennas that will be longer and stronger then the mostly smaller and lamer ones. 2 x 13 dBi DiPol beam aerial or beam form with a longer wire and an magnetic feed planar, dish or flat antennas for stationing mounting The cards will be also really interesting that you will insert. The most common here in Germany I was saw that are this ones; Compex WLE200NX a/b/g/n miniPCI Express Radio Card SR71-E Hi-Power 802.11 a/b/g/n miniPCI-E Modul (UBNT) What is now better your consumer router or the miniPCIe card is not to answer from our side. Here are other well working chipsets. Link

@Jailer : I have a 100 Mb/s cable connection. But should be upgraded to fiber soon. What packets do you want to install? What services do you want to run? How many users or devices must be sorted? Is WiFi a point to talk about? Is VPN in usage? Will a Supermicro A1SAi-2550F be more appropriate ? Pointed to pfSense I would more go with a C2x58 (rangeley) then an Avaton platform. AES-NI and Intel QuickAssist would be the way to go. Take the C2558 rangeley and 8 GB of RAM.

@utnuc: Hello, here's another post about what hardware is cheapest and best. I have a 1G up / 1G down fiber connection with three apache web servers (1k visits/day with streaming video on a heavy day) and a home network behind it.  I'd like to run a Squid reverse proxy on the pfSense install. My question: what kind of hardware am I looking at to make this run smoothly?  Up until now I've been squeaking by with an Asus N56U, but it's starting to go down every other day or so now, probably because my network traffic is picking up. My options: Buy a pfSense Appliance. I emailed sales and they tell me I should go with a SG-4860 for $200 more than the SG-2440.  But, of course they would say that.  Double the RAM, double the Atom cores, and more Gb ports.  But is it necessary? Build my own.  If I do this, what kind of minimum specs do I need?  Pretty sure I can beat the pfSense specs and save money.  For those recommending this path, would a 2 NIC system + unmanaged Gb switch be appreciably slower than a 4-6 NIC system sans switch? May be you'll be interested to my new build? https://forum.pfsense.org/index.php?topic=109694.0

When I used the VPN, I used pure AES since I installed on a dual xeon quad core poweredge 1950. The issues I had with PicoPSU's were low quality which result in repetitive failure that sometimes burned up motherboards. They may be efficient but due to thier size, they lack protection circuitry. This is the difference between them an your platinum desktop psu. If they fail, your system will not be effected. Now, I've been using corsair platinum PSU's for years and I've got one that has run smoothly for 7 years without issue. I swear by them.

Dual Xeons for pfSense seems like rather ridiculous overkill, especially since typical pfSense workloads are not particularly threaded. I'd go with something that has 2 (or if you are running intensive plugins, 4) highly clocked cores instead. Now, if you want to build a cheap dual Xeon for other reasons (like visualization) there seem to be cheaper ways. I picked up a old new stock Supermicro X8DTE board on eBay for less than $250, two Xeon L5640's for $60 each, and 12x 8GB Registered ECC DDR3 modules for $15 a piece. Not the newest tech, but 12 cores (24 logical) at 2.2Ghz (turbo to 2.8) and 96GB of RAM for a total of $550 (for Mobo, CPU and RAM) was a pretty damned good deal, if you ask me. :p

Bridging any ports, on the same card or not, will require traffic to go through the PCI-e bus, through the CPU, and then back out.  Unless you're trying to make a filtering bridge, buy a switch.  Even then, you may be better off with a switch and simple ACLs.

Thanks for the replies but I found the issue. I had selected the modulation type to "Multimode" instead of "ADSL2+" which was causing all the packet loss. Once I changed this everything worked great…no packet loss  :) I know the Draytek 2820 is a real router but you do have the option of turning it into a dumb ADSL modem: http://www.i-helpdesk.com.au/index.php?/Knowledgebase/Article/View/354/0/how-can-i-configure-my-vigor-router–in-bridged-mode Theres no double NAT going on here and the Draytek 2820 is purely a modem. No NAT. No wifi. No DHCP. No firewall! In fact, I have noticed my broadband speed has gone up from 8Mbit/s to 9Mbit/s. I am REALLY pleased with my SG-2440 purchase. I had my IPv6 tunnel up and running in no time. I'm really impressed with pfsense and the SG-2440.

Please note, if you are planning on bridging the ports on the Intel Nic, it is a bad idea and generally frowned upon. If you need more ports, get a switch

Perhaps also interesting for you Gigabyte GA-6LISL Its available for ~280 € here in Germany. only max. 16 GB only two NICs UDIMM support flat design Intel i210-AT NICs solid made server grade DDR3-1866MHz ECC RAM support 1 x PCIe x16 (Gen3 x16 bus) slot If at a later time point another add on PCIe card is needed it will better to get the PCIe 3.0 x16 slot. Perhaps something as the Chelsio 10 GbE adapter or a Intel QuickAssist adapter from the Netgate store. Or will this be for a home usage only? [image: GA-6LISL.jpg] [image: GA-6LISL.jpg_thumb]

I'm now running 2.3 RC on this little box and I have no complaints. It's a great little box.

I've actually seen a few h87 and q87 based thin mini itx boards on the market. I like the idea of thin mini-itx but as soon as you put a fan cpu cooler on it, it looses the THIN description. Other than that, I do enjoy the external PSU capability of the thin mini

@jimp: Both ucom and uftdi are in the kernel, no need for modules. If it's not detected, odds are the version of the driver on pfSense doesn't know it. Did it detect when connected to a plain FreeBSD 10.1 box? Try a pfSense 2.3 snapshot, it's based off FreeBSD 10.3, it may have picked up support for that device along the way. Thank you so much for the response, I have been trying for a week to get this working. I will try FreeBSD 10.1 full and let you know. It is a CrystalFontz CFA-631 LCD which I bought due to it being fully supported by LCDPROC. All I get the LCD to do at this point is blink when LCDPROC is started

Thanks for sharing this experience. I was ready to order WAY more complicated components if I hadn't run into this lovely little piece. / Tarran

Thanks guys for the answers! Yes, we will go with a hardware with multiple interfaces. The solution with a managed switch and VLANs is much more complicated. We will go with the better hardware. Thanks again for the competent information! :)

VPN service, Proxy, etc. What does etc. really means? Squid, Snort, ClamAV, pfBlockerNG, SARG, SquidGuard and DPI on top? It makes a huge difference. or I can run VMware esxi 6 using board, and install pfsense on the host and WAN port will be connected to my modem. Why, I would install pfSense natively on that board and then it will be enough for all your requirements. For ~$65 more if you are able to get it sorted take and go with the C2758 one.

The advice from cmb solved my issue. I just had to check the box for powerd. I haven't had any hardware stability trouble with my MB (Gigabyte LGA1151 Intel Z170 Mini-ITX DDR4 Motherboard GA-Z170N-WIFI).  I got this motherboard because of its form factor (mini-itx), but also because it was the only Skylake compatible board with two intel nics on board that I could find. The only trouble I have is driver support with FreeBSD.  Wifi isn't recognized, and the intel nics were just recently supported in the 2.3 beta.