Alix board?
-
After flirting with pfSense it has become obvious that it's the platform for me, however the target server I deployed it on has Realtek NIC's and hardware checksum errors to go with it :(
I started looking around at solutions and an Intel PCI-e dual port card is going to cost me in the neighborhood of $150. Naturally I scoffed at the idea of paying that much for an ethernet card, so then my thoughts shifted to other hardware platforms that would work well with pfSense in mind and I came across the Alix boards. I am looking at the Alix 2D2 board:
http://store.netgate.com/ALIX2D2-Kit-Unassembled-P1015C142.aspx
My network is modest home based one, with 16/2 business class internet from Comcast, 5 static IP's on the WAN side and internally I have one main subnet and 1 VLAN cabled to a Netgear gigabit smart switch. I see this board has 2 mini PCI slots so that would be perfect for adding a wireless interface as well as a crypto card (not that I really need it, it's only me that connects back to my LAN and occasionally a few friends as well as my wife) but the thought of it is cool so why not :)
Before I make the initial investment though, I need to make sure I am not going to encounter any hardware related problems with this board and pfSense, and that it will be "beefy" enough to meet my requirements as outlined above. I simply can not use anything else at this point, pfSense is just utterly amazing so I am more than willing to make an investment in hardware to deploy it.
If I choose to go this route (and I am leaning heavily towards it) what size CF should I get? I'm thinking I should just get the 4gb to give me enough headroom for now and the future. Are there any tutorials on how to install pfSense 2.0 to a CF? I see there are multiple images available, but don't know the difference between each one.
Thanks for any insight :)
-
I see you haven't posted about your problems with the Realtek NICs are you sure they can't be solved?
I don't run an Alix but I do run Nano from a CF card. Installing to the card is very easy. You need a CF card reader of some kind, I use a USB multicard reader on a Windows box. Check out the guide here.
There is no real advantage to having a larger CF card. The number of packages available is limited and they don't use much space. However the price of CF cards these days is very low so why not go for 4GB?
I have 4GB and 2GB cards but I use the 1GB image since it writes much faster over my USB 1.1 connection. I can always reflash with a 2 or 4GB image later.There is some debate that using a larger card allows the built in 'ware leveling' function more space to work with increasing the lifespan of the card, however the estimated lifespan is already 10+ years.
Steve
Edit: Don't bother trying to get a super fast CF card that supports UDMA. CF DMA support appears to be broken in FreeBSD and you'll have to disable it anyway if your card supports it.
-
You might want to have a look at this. You get the better, 3 NIC board, and it's fully assembled with pfsense installed for you. And at less total cost.
http://nw-ds.com/
http://nw-ds.com/shop/firewalls/lx700.html
With wireless is a cheap upgrade.
http://nw-ds.com/shop/lx700-w.html
-
I see you haven't posted about your problems with the Realtek NICs are you sure they can't be solved?
Well I did some searching and saw various posts concerning Realtek cards and the problems associated with them, so my thoughts were to just get a tested and proven platform to work with instead. Ideally, I'd like an "appliance" type install that I can just configure, deploy, and forget :)
BTW… cool name I'm a Stephen too :P
You might want to have a look at this. You get the better, 3 NIC board, and it's fully assembled with pfsense installed for you. And at less total cost.
http://nw-ds.com/
http://nw-ds.com/shop/firewalls/lx700.html
With wireless is a cheap upgrade.
http://nw-ds.com/shop/lx700-w.html
Cool thanks! I'll take a look…
-
http://nw-ds.com/
Not a bad price, but be aware that they are based on the older 2D1 boards.
Netgate is a recommended vendor (http://www.pfsense.org/index.php?option=com_content&task=view&id=44&Itemid=50) and they have systems based on the 2D13 boards, with a faster processor, USB, IDE header, RTC battery, and twice as much ram. Their cases also have two antenna cutouts instead of a single. -
So the question remains… will I get decent throughput with one of these boards? I'd really hate to spend $200+ dollars just to find out I'm unsatisfied :(
I don't have any real serious traffic flowing in and out of my network, it's mostly web, mail, VoIP, and video streaming (hulu, netflix) as well as gaming, but still yet I need to be sure.
Would I be better off with my current platform and making it work with the purchase of a new NIC card? I'm currently running on an Atom dual core with 1gb of RAM (although not using pfSense at the moment, had to roll back to linux/iptables till I can get this hardware mess straightened out). I know the platform I have now is way more powerful than the Alix boards, but given my level of traffic and planned usage I question if it's overkill or not. I like the idea of having a dedicated standalone box with no moving parts, but don't want to invest in something that could potentially give lower performance.
-
An Alix will handle your current setup. It should be able to pass traffic at near the capacity of the interfaces. The Alix will have lower power draw and be quieter, but won't scale as well in the future.
What kind of slot does you atom have? If it's PCI, you could probably grab a dual 10/100 Intel card from ebay for about $15. You also might want to see if 2.0 handles the realteks better than 1.2.3. -
A lot of Realtek problems can be solved by disabling various hardware options which are not well supported. A lot of those options are disabled by default in 2.0.
Steve
-
What kind of slot does you atom have? If it's PCI, you could probably grab a dual 10/100 Intel card from ebay for about $15. You also might want to see if 2.0 handles the realteks better than 1.2.3.
PCI-e :(
Well it has PCI, but it's not accessible inside the case because of the way it's laid out. It's a Supermicro server. Scalability is also a concern for me, at least with a standalone PC I can upgrade whatever is needed, not the case with an Alix board.
A lot of Realtek problems can be solved by disabling various hardware options which are not well supported. A lot of those options are disabled by default in 2.0.
I had to install 1.2.3 as 2.0 wouldn't boot from the CD, I suspect it didn't like my USB CD drive which I found odd considering 1.2.3 booted and installed without issue. I did however upgrade to 2.0 once I got 1.2.3 installed but the NIC problems persist. I get lots of weird stuff like DHCP timeouts and such. Never could pinpoint the real issue other than these Realtek NIC's just not playing nicely. I disabled the hardware checksum offload etc. and it didn't make much of a difference. Could be the VLAN's acting up as well as that seemed to be where most of my problems were occuring.
Think I might deploy a fresh 2.0 install with a dedicated CD-ROM just to see if my problems persist or go away. If not, then I'm still looking at options, may just end up biting the bullet and getting a dual port card or building a mini-itx system from scratch with Intel NIC's… don't want to really spend any money, but I don't think I have any choice :(