Looking for some pointers for designing my home router.
-
I'm attempting to build a router / firewall for my home. Currently I have an aging NetGear N300 that I've been annoyed with and I've always wanted to go back to a 'real' device that I could control and hopefully move to IPv6 when people get their crap together on supporting it and those home routers never seem to be ready/able. In my previous house I ran my own linux firewall but it was in a giant computer and I'd like to move to something much more power efficient/space efficient than a mini tower.
Currently what I need is an WAN link and at least two switch bridge ports at a minimum. The WAN link could be 10/100, but I'd prefer 10/100/1000 in case anyone gets anything better than 10Mb DSL in my area which is always a possibility. Ideally I'd like at least 5 NICs, One WAN, four for bridge to WAPs or a DMZ port.
I'd like it to be somewhat small, wall mountable, so I can mount it above the patch panel in my garage where the builder terminated all my cat5 wiring in the house. So super quiet isn't a requirement, but decent cooling in a room that isn't climate controlled in the summer/winter and a device that doesn't get shut down hot. I've seen many mini-ITX that can hit 60C so that should do it. It's just getting to a total of five ports that seems to be my roadblock.
I started with the ALIX boards, but they seem to stop around 3 ports and only 10/100 which wouldn't be enough. I don't necessarily need a lot of processing power. I'd like to use either a CF or MSATA 2GB/4GB max size as I don't expect much storage.
I've been spending a lot of time the last week in Google trying to find options. At first I thought I had something with a Jetway board that had this daughter card with three NICs. However what little I could find on them were 'don't use that NIC' and 'Don't use that board' and 'can't install via USb' and other stuff.
I can't seem to find any 'here's some good places to start' entries. If anyone could provide some models or names of things I would greatly appreciate it.
-
I suggest you search the pfSense forums for ITX - that will probably turn up a number of posts about pfSense and mini-ITX motherboards. These are smallish (170x170mm), sometimes are fanless and can sometimes be found with multiple NICs on board.
The Jetway daughter boards with three NICs come in two variants, one with Realtek NICs (which are commonly rubbished but I haven't had any trouble in over three years with mine) and the other with Intel NICs (which are commonly praised).
Multiport NIC cards are commonly expensive. A more cost effective alternative for some people is to use a VLAN capable switch as a "port multiplier": one port on the pfSense box acts as a "trunk" port carrying a number of VLANs to the switch which then fans out the VLANs to individual switch ports.
The Intel D2500CC and D2500CCE are fanless, come with two Intel GigE NICs on board and could be combined with an 8-port VLAN capable switch in a configuration such as one on-board port as pfSense LAN port and the other as a VLAN trunk port for WAN and various DMZs. The WAN and DMZs would then share the gigabit bandwidth between switch and pfSense.
-
Oh cripes. I didn't think of that. Can you tell I'm a hardware guy? I had my hammer out and was looking at nails every where.
I found a cheap 8 port Cisco that does more than enough VLANs. Should be able to LACP two of the ports on an alix together and call it a day.
Thanks
-
We LCAP 2 ports on the 7535 at Netgate into the local LAN.
We LCAP another 2 ports (for no good reason, really) to the VoIP side of things.Should work, though the Alix doesn't have that much throughput.
-
If you have a gigabit switch that supports VLANs, I think you could probably even get away with connecting a single gigabit port on the router computer to the switch and using VLANs for everything.
-
Is there any advantage to aggregating two ports on the Alix when it's maximum throughput is 85Mbps?
It might actually be slower. Interesting to find out.Steve
-
Is there any advantage to aggregating two ports on the Alix when it's maximum throughput is 85Mbps?
It might actually be slower. Interesting to find out.Steve
'because I can?' :) I was just thinking out loud. Based on the 'google fiber is looking to expand' thing that is circulating I will probably go with an Atom box so I can have more bandwidth should it magically become available.
-
-
Is there any advantage to aggregating two ports on the Alix when it's maximum throughput is 85Mbps?
It might actually be slower. Interesting to find out.The overhead of lagg would indeed leave you very slightly lower top end throughput. Only reason you would do that with an ALIX is redundancy.
-
'because I can?' :) I was just thinking out loud. Based on the 'google fiber is looking to expand' thing that is circulating I will probably go with an Atom box so I can have more bandwidth should it magically become available.
I'm in the same boat… Except I WILL be getting Google Fiber within the next year. I'm one of the lucky ones that lives in KCMO and preregistered for the service.
I currently run my build on an old 1ghz AMD Duron box with two gigabit cards in it. I'm looking at guy that's got a SuperMicro case for sale but it's got the P4 2.4ghz processor in it. Would you guys recommend that these specs would actually pass 1gig when I do get the fiber? Or would I need to upgrade the box in the near future?
Supermicro Superserver 5013C-M 1U Chassis
- Supermicro P4SCI Motherboard
- P4 2.40 GHz Processor
- 1GB DDR Ram
- WD400BB-75DEA0 40 GB Hard Drive
- Dual 10/100/1000 Network Ports
- 2 Sata Ports
- 4 USB 2.0 Ports
- Floppy, CR-ROM
- 260W Power Supply
-
@Efonne:
If you have a gigabit switch that supports VLANs, I think you could probably even get away with connecting a single gigabit port on the router computer to the switch and using VLANs for everything.
If you want to share data between LAN and DMZ (or OPT) isn't the best way..
-
hey dude,
Iv been looking at a smiler system my self… I found the bellow which would fit your criteria well!!
The board has 2 Intel nics built in and the daughter board has another 3. you then also have a pci and a mini pcie free for what ever you like (my plan was ssd in the mini PCIe and a wifi card in the PCI slot)
There are also cheaper versions of the same stuff just using broadcom or 100m/b nics instead on that site two.
Hope this helps
http://linitx.com/product/12576
http://linitx.com/product/13104 -
@Efonne:
If you have a gigabit switch that supports VLANs, I think you could probably even get away with connecting a single gigabit port on the router computer to the switch and using VLANs for everything.
If you want to share data between LAN and DMZ (or OPT) isn't the best way..
If you want to do that on gigabit ethernet, you need a powerful system anyway. An Intel Atom CPU, for example, may not have enough processing power for it to even make a difference.
-
hey dude,
Iv been looking at a smiler system my self… I found the bellow which would fit your criteria well!!
The board has 2 Intel nics built in and the daughter board has another 3. you then also have a pci and a mini pcie free for what ever you like (my plan was ssd in the mini PCIe and a wifi card in the PCI slot)
There are also cheaper versions of the same stuff just using broadcom or 100m/b nics instead on that site two.
Hope this helps
http://linitx.com/product/12576
http://linitx.com/product/13104What SSD works in mini PCIe? I don't think I have ever seen that before.
-
Many early netbooks used a mini-pci-e card/slot for their SSD. However I believe they use a non-standard interface (or part of it) so don't assume they will work in any board.
Steve
Edit: In fact most use mSATA which looks the same but isn't! http://en.wikipedia.org/wiki/Serial_ATA#mSATA
-
hey dude,
Iv been looking at a smiler system my self… I found the bellow which would fit your criteria well!!
The board has 2 Intel nics built in and the daughter board has another 3. you then also have a pci and a mini pcie free for what ever you like (my plan was ssd in the mini PCIe and a wifi card in the PCI slot)
There are also cheaper versions of the same stuff just using broadcom or 100m/b nics instead on that site two.
Hope this helps
http://linitx.com/product/12576
http://linitx.com/product/13104That motherboard does not have mSata on the mini-PCIe slot so you can forget about putting in a mSata (Mini-PCIe) SSD.
-
Many early netbooks used a mini-pci-e card/slot for their SSD. However I believe they use a non-standard interface (or part of it) so don't assume they will work in any board.
Steve
Edit: In fact most use mSATA which looks the same but isn't! http://en.wikipedia.org/wiki/Serial_ATA#mSATA
Or the great PATA over Mini PCI-Express. That's what my Dell Mini 9 has. Ugh.
-
Ah yes I knew the Dell mini was different but couldn't remember the details. The very early Asus netbooks had some proprietary connector I seem to remember. ::)
Steve
-
Ah yes I knew the Dell mini was different but couldn't remember the details. The very early Asus netbooks had some proprietary connector I seem to remember. ::)
Steve
The 700 series was PATA over mini PCI-e but with some proprietary protocols. The later models used the standardized PATA over mini PCI-e like the Dell Minis.
Either way, it's now mSATA for almost everyone though Apple devices are a notable exception.
-
Yes, mSATA uses the exact same connector as mini PCIe, but it is wired totally different.
-Some motherboards allow you to change the function in the BIOS of a port, between mSATA and mini PCIe
-mSATA uses the SATA protocol :)I have an mSATA drive in my laptop, they are pretty sweet and really tiny! It's amazing to have 256GB of data in something so small!