Right hardware
-
We are considering building a pfsense box for the office. We have burned up 2 Linksys WRT54G's and most recently a Dlink DGL-4300 all in the last 3 years. Here is what we have now:
The router is fed by a 6M/1M PPPoE DSL and feeds a 2003 server with 40 low traffic websites (development sites), an FTP server, a DNS server (secondary for ~1000 domains hosted elsewhere), an IP monitoring program, 2-4 inbound Windows RDC connections, 6-10 outbound Windows RDC connections, and 8-14 users that have moderate to heavy web and FTP traffic. We have a lot of internal traffic between the users and a 1Tb Buffalo NAS and we are running an access control program on the Dlink which logs the DHCP wireless users web access to an external syslog server. Unfortunately, the logging was the straw that broke the camels back and it causes the Dlink to overheat occasionally resulting in a reboot. Withthe logging turned off, the unit is fine. The server, NAS, and 2 workstations are connected to the DGL via a gigabit switch. The rest of the machines are connected to the DGL via an old DD-WRT box that handles 6-8 wireless connections and 3 wired connections. Wireless is turned off on the DGL as it was never able to handle the wireless traffic from day 1. The logging is a new addition as the boss has found out that a couple of employees are surfing the web instead of working so it is now a requirement that we log those (but not all) users. We considered a squid proxy but I think a better router would be a less complicated solution.
Here's what I have to work with:
I have an old PC with a P4 2.4G (single core), 1G of DDR266, an intel 10/100 pci card (for wan), and an intel gigabit PCI card (for lan). i would use the DGL for a gigabit switch. Everything else would stay the same. I can use either a small IDE hard drive or a 2G CF card. i would prefer CF is there is no performance hit.
Will this hardware handle the traffic I have without struggling?
If so, will PFsense do everything I am doing with the DGL?
If not, do I need a box with faster bus speeds?
What would you recommend?
Will PFsense allow us to log some users and not others (boss and admins do not want to be logged)?
Thanks
Bob
-
The machine is more than capable of handling such connections, especially when you are using two decent networks cards and interrupts arent going to be a problem. You could even give it an pci wlan-card and make it an powerful wireless AP!
Since you mentioned you have 8-14 web users behing the firewall I would suggest you use an normal hard disk and set up and squid server. This saves bandwidth for you but also gives faster experience for the people surfing. Also with squid its easy to set up lightsquid where you can monitor the web usage.
Embedded install (=cf-card install) cripples the ability to use pfsense for more than just simple firewalling. With your specifications I would go the 'normal' way and install some extra packages too to get most out of your machine.
For example using bandwidthd to monitor traffic usage per ip, squid to proxy, lightsquid to monitor web usage, tinydns for dns-serving etc. etc.
-
I haven't messed with squid yet. Can it be set to proxy some sites and not proxy others? I don't want it to cache the sites we work on as the users are constantly changing them and need to see the changes immediately. I would need to set it to skip our entire IP range (254 addresses). As long as that wasn't a problem, that sound like a good plan.
I had read elsewhere that the processor speed was not really important with pfsense but bus speed and memory speed was important. Is that not true?
Thanks
Bob
-
I haven't messed with squid yet. Can it be set to proxy some sites and not proxy others? I don't want it to cache the sites we work on as the users are constantly changing them and need to see the changes immediately. I would need to set it to skip our entire IP range (254 addresses). As long as that wasn't a problem, that sound like a good plan.
I had read elsewhere that the processor speed was not really important with pfsense but bus speed and memory speed was important. Is that not true?
Thanks
Bob
Yes, and even with squid they could see changes immediatly.
Dont know about the memory bus speed, many of us are running with Pentium 3 -level stuff. As am I for example, an old isp1100 with two intel network cards and P3 750MHz. 1Gb of ram and its running good and fast, even with squid on it.