Is old gaming hardware a good choice for pfsense?
-
I have been running pfsense for some months now on a proxmox server. It has to run 24/7 and it is nor reliable or efficient. I don't want to loose my firewall everytime something is going on with that machine.
I also have many issues with pfBlocker, Suricata, firewall rules, traffic shaping that could be linked to the proxmox virtualization. I am running virtualized NICs because I wasnt able to make any more pcie lanes work in proxmox.This made me want to go bare metal. I want something with less energy consumption and more reliable.
My network is 10Gbe and I would like to achieve 10Gbe Firewall performance. Although I could compromise for less if I have to. That would force me to bring a few devices into the same VLAN and run 10Gbe at L2 level only.My first idea was to choose something made for this application. I was interested in the netgate 6100 or a protectli from the vp6000 series. Unfortunately the netgate 6100 costs 1000€ in Germany. And a protectli with 10Gbe ports costs 1200-1500€.
I contemplated NUCs, but I could not find any with 10Gbe or PCIe slots to put a network card on it.Right now I am thinking of building a mini-itx PC with hardware I have at my disposal.
The device will go into a server cabinet in the basement, so no worries about looking good or being quiet.
I have an i7 12700k and a Intel X550T2 laying around. I would need an itx case, mobo, ram and power supply. I believe I can get all that for much less than 1000€. But is that a good idea? Or will I have issues running pfsense on it? This hardware is not going to be used anywhere else and selling it will give me around 300€ which is still far from the 1000€ for the netgate 6100. Besides the built I am considering is much more powerful and could still become another firewall in the future if I choose to switch boats.If anyone thinks this is a good idea, what do I have to consider when selecting the rest of the hardware? Which are common compatibility mistakes for ram and mobos on pfsense?
Or does anyone have another recommendation? I looked a lot for pfsense hardware alternatives and I cant find anything that makes sense.Thanks in advance to all!
-
I would purchase a dedicated Netgate appliance. Like a 2100-MAX.
Side Note I got a Dreamcast that I wish it had wifi
-
Maybe a quick list of things I would like to achieve can help...
VLANs, Suricata, PfBlocker, Firewall rules to block and cater the different VLANs, Traffic Shaper, 10Gbe firewall performance, bigger than 1Gbe Wan, OpenVPN server and client.
-
@JonathanLee Hello,
will I be able to do all I want besides 10Gbe with such a device? And why the max version? Do I need more disk space for pfsense only?I could not find what a Dreamcast is.
My firewall is in the basement and I dont want it to have wifi. I have several APs in the house to deliver Wifi and they work pretty well. -
@br8bruno That is way faster then my Dreamcast.. Netgate also has higher tier equipment
-
@JonathanLee
I have another problem with Netgate in Germany. All the resellers wrote saying they won't sell a device to a private person. They only sell to companies.
So I would have to find some creative solution to that as well. Which will take more time and cost more money. -
@br8bruno They have export controls on equipment I forgot. Maybe you could purchase an OpenSense firewall? Also the free version can be converted to Plus with a license, can you purchase a Plus license in Germany?
Try to install the free pfSense version on that system see if it takes it.
-
@JonathanLee
I am running the free version in a different hardware now.
The idea is to go baremetal, but I want advice before investing on more hardware. -
@br8bruno Remember TinTri? I would have loved something like that, There will be others to help answer you..
-
A i7 12700k is a really fast processor to my mind. I'm using a i7 7700T and the utilization is around 3% with an occasional spike to 12%, although I'm not pushing 10 Gbits. I just bought an old PC on ebay for $200 that I'm using and I feel like I have more power than if I would have spent $500 on an "appliance".
-
@SubSeven You difinitively have more power - much more. But a couple of things:
- It’s borderline idleing even when pushing +1 gbit unless you have Suricata/Snort running with full inspection
- Your power consumption is at least several times that of an appliance
- You do not have access to pfSense+ unless purchased separately.
In other words - it’s massively overprovisioned for the task :-)
-
Normally I do not post about websites, but ServeTheHome has reviews of many appliances that may suit you needs. Look under the option for servers. Mixed in with the big servers you will find small ones. One of those may meet your needs. There are several with SFP+ ports and some with copper 10GbE ports.
-
@keyser That's what I thought too. I figured, provided I don't need pfSense+ and provided I don't care about a little extra power consumption, that it would be smarter to buy an old cheap PC to use for pfSense instead of one of those little mini PCs. I've already kind of made what I would consider a mistake because in 2022 I bought this and look how much I paid:
I wanted a second one for practice and expanding my network and only then it dawned on me to just get a used PC. It also allowed me to install my own NICs so I added a 2.5 Gbit NIC and even a 10 Gbit NIC and yet spent way less money.
-
@SubSeven said in Is old gaming hardware a good choice for pfsense?:
pent way less money.
But 50 to 100 € more each year to feed it.
No "help me" PM's please. Use the forum, the community will thank you.
Edit : and where are the logs ?? -
@Gertjan said in Is old gaming hardware a good choice for pfsense?:
But 50 to 100 € more each year to feed it.
Yeah - unless your getting very cheap power, or produce your own and have extra to burn.. That would be just wasted anyway because you have no net metering and or the elec company pays you shit on the dollar for what you produce. While you might save a few bucks up front.. You really should do the math over the life of the device.
Lets go with a 5 year life..
Cost of unit + cost to run it for 5 years = total cost
Do that for some old pc you buy, and then do it for the appliance.. Which one cost less over the 5 year life.
A firewall appliance can draw significant less power compared to some box meant to run games on.. Sure it might have some rocketship for a cpu, etc. But do you really need that to push some packets?
Do you need a rocketship sucking juice sitting there idle most of the time, and even when in use doesn't use anywhere near what it can do.. Or do you want something that sucks as little juice and gets the job done..
Avg cost of electric in the US is like 12.5 cents per kwh.. If you do the math on say a device sucking 100W your at like 110$ a year.. Now if your device only uses 20W your at like 20 a year.. About 90 bucks lets call it x 5 years your looking at 450 bucks over the 5 year span difference..
-
@Gertjan and @Gertjan oh my goodness, I didn't realize it could be that much and if that's true than I really am spending a lot more money with the PC.
My last bill was $290 and that is for just over 2,000 kWh. Aside from the AC which I figure uses most of that power, I have 5 (old) laptops running 24/7 and 3 desktop PCs (that includes the pfSsense). I just assumed that it was negligible but what I need to do is find my watt-o-meter, maybe even buy a 2nd one and take some measurements. It will probably take me a few weeks to get this done but I shall return with the numbers.
Btw. my grandpa had a power strip for his TV and would disconnect power when the TV was off because of the little LED and that would tell him that it still consumes power even when the TV is off :D I need to take a hint from him and you guys and see how much money i'm wasting on electricity.
For what it's worth, I never keep the outside lights on by the front door, a lot of houses keep those lights on all night long which I would consider a total waste. I even have 2 neighbors that have those big HID street lights to illuminate their entire driveway. -
@SubSeven hahah - yeah some people go to extremes.. While sure devices can be vampires and suck a little juice while "off" its normally like 1 w or sub 1 watt even. The convenience of having it on instant or close to instant when you want to use it is well worth such cost to me.
TV for example go into sort of standby mode when you turn them off.. but when you want it back on it only takes a few seconds.. But if for example you remove power completely, like power outage or pull the plug, etc - it can take quite a bit longer to boot up.
Same with computer.. I leave mine on, the monitors go into standby, but pc I just am such a random user - I might be on it at any time of the day, 2am if I wake up for some reason, etc.. And just too many issues of coming out of standby for me.. Might work 9 out of 10 times, but that 10th time can be so frustrating.. I will pay the few bucks a year for convenience. The monitors are really what are the juice suckers when the pc is just idle, etc.
Porchlight - I replaced mine with a LED light - same sort of brightness but way less power use. I only turn mine on when people are going to come over or something, or someone is at the door. And if I forget its on, timer that turns it off at midnight anyway. Pretty much every light in my house is LED now..
Yeah the kill-a-watt meters are great!!
But yeah look on your bill to see what your actual cost per kwh works out too, including delivery, etc.. Just for example see how many kwh you used, then divide that by the bill amount.. Then do some math at how much such devices cost you over a year.
You will prob be surprised..
