Installation on Intel D2500CC (atom with dual NIC board)
-
I want a 1u or 2u rackmount chassis.
You might have to pay for that, since they seem to hold their value surprisingly well. There's a no-name 1U uITX on ebay right now for $25 …but they want another $50 to ship it, a common ploy. I've often seen elderly 4Us and 6Us on ebay for little or nothing if you were to pick up, but they'd only be a good deal if you're building a toy system for development rather than paying co-loc fees by the U.
-
Thanks for the info. I do watch eBay, but my goal is to build the boxes myself. I am in sheetmetal. I am going to call them "ugly box". I don't like the prices, would like a box w/ ps for under $75. This seems more reasonable pricing. I need to find a ps supplier.
Crcmetalproducts.com
-
How many are you building? Where are you installing them?
You could do something like Google did with their custom servers: open enclosures and DC power! Cheaper and more efficient but obviously not suitable for co-lo.http://news.cnet.com/8301-1001_3-10209580-92.html?part=rss&subj=news&tag=2547-1_3-0-20
Seriously if you have access to cnc machines and bending tools etc then you could either make it from scratch or add your own front panel to a steel tray. I've done this a few times with 19" rack equipment though never a server and having a single panel machined is for you is expensive.
Steve
-
1st off, I am new to pfsense, about 2 months new. I have a long background in computer/IT, going back to 1982. Never have I heard about FreeBSD or pfsense. The only reason I know of it now is because of router problems over the last few years. Googling for solutions and finally someone did a good write on inadequate memory/cache overload and mismanagement of such. In the same thread, someone piped in about dumping off the shelf routers for pfsense. Blew my mind, so I googled pfsense. Here I am…....78-). A converted happy camper on a new learning curve.
The goal is to build 3. 1 to replace the via box I have at home (want to be more green on my energy bill) and 2 for work (1 for the office and 1 for the owners house). Also installing a freenas box at each location. Need some redundancy and offsite backup. Yes, I have some of this in place already, but want to make a transition to FreeBSD (free,at least for the software, and good support).
The next step/goal would be to offer low cost "ugly box" to the pfsense group (1u/2u chassis 8-10" deep). Designed around the intel 2500cc or cce board. I like the idea of SSD drive but not quite sold on it yet.
-
You will have a lot more takers if you keep it 1U. Many people will be paying per 'U'.
Something that may be of interest, it's been suggested by several users, would be a 1U 19" enclosure that contained an Atom based board and a 5-8 port vlan capable switch. Not sure how you'd arrange that though.
Steve
-
The goal is to build 3. 1 to replace the via box I have at home (want to be more green on my energy bill) and 2 for work (1 for the office and 1 for the owners house). Also installing a freenas box at each location. Need some redundancy and offsite backup. Yes, I have some of this in place already, but want to make a transition to FreeBSD (free,at least for the software, and good support).
As far as putting together a fNAS box, unless you need rackmount setups, you might combine the firewall, router, and nas functionality on the same 2500 board in an Antec 300 or 302 case, unless the bandwidth through your firewall isn't going to leave any spare clocks.
I bought a 300 for my firewall/snort/open-vpn/tele application because the 2500 apparently gets quite hot unless it has adequate air space, and the 300 was the cheapest well-made box with elbow room at a useful price. I no longer even consider putting form above function: too much hardware lost to heat through the years.
And the 300 is actually very well made, especially for a low-price box ($50 at Newegg), and supports 3x5.25 drives, 6x3.5, and even a 2.5 bolted directly to the floor. Room for 5x120mm fans toto (a 120 and a 140 come with).
-
Steve, is that simple as adding more LAN cards? Or adding a completely different board? I did search this and found www.bsdcan.org/2012/schedule/events/330.en.html. Not sure exactly what they are saying. Does pfsense have a package to add an internal switch? I know free switch, but thought this only only for voip phones and PBX.
MMacD, I was looking or I was asking that very question. Can I bundle nas and router/firewall together using FreeBSD (in the FreeBSD forum)? The answer I received was that could be a security issue and not good security/networking practice. I do like the idea of bundling.
I also forgot to mention that the phones are VoIP at the office. My plan is to add an additional nic to handle the VoIP. Someone said why not just do a vlan for the VoIP. Maybe in the future.
-
The answer I received was that could be a security issue and not good security/networking practice.
hmmm…I wonder why that would be. Did they say?
Neither networking nor security is my field (I've been doing human-factors systems architecture since '74), but it seems to me that the whole point of the firewall and snort is to keep the bad guys from tricking their way into the LAN. So if they can reach your disc farm when it's living in the box with the firewall, they can reach it no matter where it is in your LAN since nodes are logical locations rather than physical, and ready access is the whole point of running a LAN rather than a sneakernet. As long as you don't expose the logical location of the farm to the inet, I can't imagine what problem there could be with physical colocation. Perhaps someone will explain.
-
MMacD, I agree w/ you.
Quote from FreeBSD forum….....
Hello,
It's a good security practice to separate the file server from the "router/firewall". However, you can achieve easily all of the above using OpenVPN which is flexible and easy to implement, or IPSEC if you feel ready to dive into a less flexible but probably more secure implementation of VPN.
For the backups I'd use rdiff-backup or duplicity (if for additional security if needed). Not sure how are they gonna run with Cygwin under Windows. I'm pretty sure though you can achieve scheduled backups under windows with rdiff-backup, although a solution like DeltaCopy might seem more suitable for windows as it runs natively.
I get that what needs to be backed up are windows files that will be channeled through VPN.
What does it mean exactly 'more green' Green like that?
-
The purpose of a firewall is security. Every time you add services to your firewall you open a potential avenue of attack reducing security. The more stuff you are running on your box the more likely it will have exploitable bugs.
There are many threads about this on the forum because, like you, many people want to do it. pfSense was originally devised to take the place of router/firewalls in medium to large networks. It has evolved into a product that fits in many more scenarios including soho where you want to minimise the number of boxes and power usage.
If you want to do this it is recommended to use virtualisation. Run pfSense in a VM and freeNAS (or whatever) in a separate VM.
Steve, is that simple as adding more LAN cards? Or adding a completely different board? I did search this and found www.bsdcan.org/2012/schedule/events/330.en.html. Not sure exactly what they are saying. Does pfsense have a package to add an internal switch? I know free switch, but thought this only only for voip phones and PBX.
Adding multiple NICs is expensive. If you have only one PCI slot, as many Atom boards do, you have to use a quad port card and that can be very expensive. A cheaper option is to use VLANs and a VLAN capable switch. You can then have as many interfaces as you have ports on the switch. This is how small soho routers work, a switch and a router on one pcb. That's what the package you linked to is for, not useful for us.
I don't know how you would do this, you'd have to add a switch PCB to the enclosure but I don't know where you'd get one. There would be very small market for this though since it would be cheaper to get a separate rack mount switch and it wouldn't be appropriate in a co-location situation. I only mentioned itSteve
-
Reading up just now on the hardware requirements for fNAS, I'd say the more important issue is address space and bandwidth. I've read, tho never seen verified (have you?), that a D2500CCx does have more than 32-bit address space implemented on the board, and I know there are some 8GB parts available, but fNAS's requirement of 1GB per TB to get anything like good performance would make me want to experiment before deciding to host both Snort and fNAS on the same board.
-
You can use nas4free instead. I believe that has a lower hardware requirement. There are other similar projects.
Steve
-
Thanks for the replies. I am currently running nas4free, booting from a thumb drive, at home. I think I am going to focus on building my pfsense boxes and setting up VPN.
-
Hi kids, bugs got fixed in latest 2.1-snapshot.
Installed 64bit version on d2500cc flawlessly. -
Good news! I'm new to FreeBSD/pfsense and ran into this problem right at the start… Since I don't want to wait for 2.1 release nor using a unstable snaphot version, I'll go with the 'install 32bit first and write down the inputs' method first.
Hope it'll install smoothly on my Samsung 830 SSD (64GB) and it'll detect and work with my miniPCIe WLAN Card (Compex WLE200NX).
BTW, I'm using this case: http://mini-case.com/pi37/pd332.html, totally fanless and hopefully ok when running pfsense 24/7….Cheers,
cibomato -
I'm has similar board JW Minix Mini HD PC http://www.jwele.com/motherboard_detail.php?1140 with 128GB SSD and 2GB ram. Since I need to set up several VLAN interfaces in the console so I had trouble using writing down the inputs method. Therefore I use the i386 version instead. Is there any downside using i386 version apart cannot using more than 4GB RAM?
-
No not really.
There may be some marginal performance increase using 64bit but its small enough you'd have to setup a test to see it. I've seen people argue both ways on this.Steve
-
I just picked up a new board. It was listed on ebay as the Intel2500CCE. When I received the board it shows Intel D2500CC. Is there an actual difference between the two?
From what I could find :
The 'E' suffix in the model name (e.g., D2500CCE vs D2500CC) signifies that this product is an Intel
Extended Life Product (ELP). ELP products will be available for extended production times (3 years) and are perfect for project use.So do you think I have the same thing? I dont see anywhere on the board the "E" just D2500CC.
Not sure if I should send it back and find one that has "e" listed.
Any help would be greatly appreciated.
-Neztik
-
I just picked up a new board. It was listed on ebay as the Intel2500CCE. When I received the board it shows Intel D2500CC. Is there an actual difference between the two?
From what I could find :
The 'E' suffix in the model name (e.g., D2500CCE vs D2500CC) signifies that this product is an Intel
Extended Life Product (ELP). ELP products will be available for extended production times (3 years) and are perfect for project use.So do you think I have the same thing? I dont see anywhere on the board the "E" just D2500CC.
Not sure if I should send it back and find one that has "e" listed.
Any help would be greatly appreciated.
-Neztik
I would think that would only matter if you were expecting to order an (or many) exact replacement as new stock through a standard distributor sometime in the next couple years. Those designations often are important for system integrators or manufacturers that need to be able to plan their supply chain for a particular product over the next few years.
Think of it this way, if you were building these as appliances and you needed to make sure each and every one was exactly the same for the planned release of your product, then I'd worry about it.
For a one off, no, probably not assuming it's otherwise identical, hardware wise.
-
Great! Thanks matguy. I can start building my new router this weekend without having to wait. I am currently running an older i386 system. The plan is to install 2.1 AMD64 and use the 2 onboard nics to VLAN tag.
