Hardware options for new build?

LPD7

@stephenw10 I didnt go crazy with loading up on all the bells and whistles, with squid proxy above base settings I setup man in the middle and for squidgard I enabled logging, a black list with 6 category types set to deny and clean advertising, I also have PFBlocker running with only a handful of feeds selected, I believe they were the ones that were set by default as I dont recall adding any as I wanted to do more research before enabling anymore.

My system is a 12yo Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz, 2 CPUs: 1 package(s) x 2 core(s) with 3.2gb mem available. Most of the netgate gear if I recall has quad core cpus and 4 or 8gb mem and 256gb SSd and larger drives and was taking my queue as a starting point from there.

I have plenty of old parts, boards and such and was thinking before I pull the trigger on a new system seeing what "monster" I can make from what I have on hand if I can get a performance bump and being able to run with more features.

This is what I have running at the moment:

This is what I have loaded for PFB:

And here is where my current utilization is at:

Not sure if the above is useful but if it leads to better performance without dropping $400 to 500 on a new system then thats always a good thing.

Thanks for the feedback.

stephenw10

Well it doesn't seem to be having any problems with just those lists loaded in pfBlocker.

I would expect to be able to run Squid there as well with mostly default settings.

Adding Snort/Suricata to that might be a problem though.

Steve

LPD7

@stephenw10 Thanks for taking a look at that. I realized that I need to do this incrementally and with specific purpose so I will be able to devote more time next month and will probably build a VM for testing purposes. I may still have to look at HW options, if I recall I think the FW PC is maxed out in ram (4gb), I need to check on that. Would additional ram make a difference or is it CPU that is the bottleneck? Since its running FreeBSD I cant use a system reporting tool to get system information to look up the specs online, gonna have to take it apart. This will be a good time to clean it out and replace a couple of fans.

stephenw10

For a 300Mbps WAN I wouldn't expect the CPU to limit throughput unless you loaded up ever list and signature you could find. And you would exhaust the RAM trying to do that.

Steve

LPD7

@stephenw10 So if I add more ram (if possible) I should see an improvement in system performance and resource utilization as I restart services?

I am not looking to load everything only those which reduces/eliminates ads, allows me to restrict access to certain sites and provides for protection from external threats.

Knowing what to load such as lists and such is the key, need to get up to speed on the various options.

While on the subject of lists, why have so many squid proxy blacklists disappeared? I read one guy who use to publish a pretty popular list say that due to the political and social environment he had to stop publishing and it seems like all of the other lists I could find were also no longer active.

Are these lists a good tool to have? Do you know of any good one(s) that are still active?

Cleaned out the PC, replaced CMOS battery so it boots up without my having to press F1, and installed new fans to keep things cool, it sounds like a mini turbine now. I am going to have to unplug one of the fans to bring down the noise, I am sure people can hear it when I am on conf calls. They have helped drop the normal op temp by 2+ degrees C which is a good thing.

PS...Just confirmed that the MB only supports 4gb of mem so will have to start loading stuff carefully and see where it settles out. Good thing that I dont have to buy new HW right now, I can wait and see how it works out and wait for a good deal on refurbished or new equipment.

stephenw10

If it exhausts the RAM and starts SWAPing you will see performance tank! So much so that I often just disable SWAP at install. That can prevent crash reports being stored though.
So keep an eye on the usage. You'll probably be fine though, 4GB is still quite a lot.

Steve

LPD7

@stephenw10 I started the proxy server and have been holding steady at 24% and load averages are in the 0.9x's. I noticed that amazon product images were not displaying and office 365 was having server connectivity issues, I went and disabled man in the middle filtering and the issues resolved. I was under the impression from what I read that this would need to be configured to be able to restrict web sites that use encrypted DNS. I guess now would be a good time to back up the config...again. Thanks for the input.

LPD7

The system did a reboot all on its own last night, I have the crash report but dont know enough about the contents to even take a guess at what happened. I shutdown the squid proxy server and so far has been running stable. I am going to restart the service later to see if it happens again. Would be nice to have some sort of cipher or something to see if the report can shed light onto what happened.

stephenw10

You can pm me a link to it if you upload it somewhere if you like.

A Former User

All recommendations and advice is welcomed.

NETGATE 4100 BASE
Would be nice to your setup but is not matching the
price range.

NETGATE 6100 BASE
Offers more options, able to activate more services
but on the other end more away from your price
range wish.

But please don´t forget that electric power is here in both cases low as it can be! And you might be also able to safe money over the years I mean, to get something more back than horse power.

PC Engines APU4D4
Offers not that hard power like the both Netgate devices
but also low electric power using and silent on top! It
offers the ability to install a mSATA, WiFi and Modem
card if needed.

Others may love the option for a procom or protectli
directly from the internet, may be an option also but
if electric power may be also a point to keep an eye
on it is not that real thing for home installment.

LPD7

@dobby_ Appreciate the input. I was looking a the netgate devices but dont have a rack and want to maximize ROI by maybe leveraging for other uses like a log server or to run everything virtually. I have not yet decided but am leaning towards an i5 processor and 8-16gb mem (depending on planned uses). I have a new Dell for automation and am impressed with the quality and price so am keeping an eye on deals to see what pops up. I would like fanless due to size but when all is said and done I can get a mid tower PC with its expansion capabilities for the same cost as a comparable fanless unit. I am testing PFS as a VM and if it works as expected I may use VM for most of my needs so a PC would almost be a must.

LPD7

@stephenw10 Will do, appreciate it. I will get it uploaded and send you the link.