Installation on Intel D2500CC (atom with dual NIC board)
-
MMacD, I agree w/ you.
Quote from FreeBSD forum….....
Hello,
It's a good security practice to separate the file server from the "router/firewall". However, you can achieve easily all of the above using OpenVPN which is flexible and easy to implement, or IPSEC if you feel ready to dive into a less flexible but probably more secure implementation of VPN.
For the backups I'd use rdiff-backup or duplicity (if for additional security if needed). Not sure how are they gonna run with Cygwin under Windows. I'm pretty sure though you can achieve scheduled backups under windows with rdiff-backup, although a solution like DeltaCopy might seem more suitable for windows as it runs natively.
I get that what needs to be backed up are windows files that will be channeled through VPN.
What does it mean exactly 'more green' Green like that?
-
The purpose of a firewall is security. Every time you add services to your firewall you open a potential avenue of attack reducing security. The more stuff you are running on your box the more likely it will have exploitable bugs.
There are many threads about this on the forum because, like you, many people want to do it. pfSense was originally devised to take the place of router/firewalls in medium to large networks. It has evolved into a product that fits in many more scenarios including soho where you want to minimise the number of boxes and power usage.
If you want to do this it is recommended to use virtualisation. Run pfSense in a VM and freeNAS (or whatever) in a separate VM.
Steve, is that simple as adding more LAN cards? Or adding a completely different board? I did search this and found www.bsdcan.org/2012/schedule/events/330.en.html. Not sure exactly what they are saying. Does pfsense have a package to add an internal switch? I know free switch, but thought this only only for voip phones and PBX.
Adding multiple NICs is expensive. If you have only one PCI slot, as many Atom boards do, you have to use a quad port card and that can be very expensive. A cheaper option is to use VLANs and a VLAN capable switch. You can then have as many interfaces as you have ports on the switch. This is how small soho routers work, a switch and a router on one pcb. That's what the package you linked to is for, not useful for us.
I don't know how you would do this, you'd have to add a switch PCB to the enclosure but I don't know where you'd get one. There would be very small market for this though since it would be cheaper to get a separate rack mount switch and it wouldn't be appropriate in a co-location situation. I only mentioned itSteve
-
Reading up just now on the hardware requirements for fNAS, I'd say the more important issue is address space and bandwidth. I've read, tho never seen verified (have you?), that a D2500CCx does have more than 32-bit address space implemented on the board, and I know there are some 8GB parts available, but fNAS's requirement of 1GB per TB to get anything like good performance would make me want to experiment before deciding to host both Snort and fNAS on the same board.
-
You can use nas4free instead. I believe that has a lower hardware requirement. There are other similar projects.
Steve
-
Thanks for the replies. I am currently running nas4free, booting from a thumb drive, at home. I think I am going to focus on building my pfsense boxes and setting up VPN.
-
Hi kids, bugs got fixed in latest 2.1-snapshot.
Installed 64bit version on d2500cc flawlessly. -
Good news! I'm new to FreeBSD/pfsense and ran into this problem right at the start… Since I don't want to wait for 2.1 release nor using a unstable snaphot version, I'll go with the 'install 32bit first and write down the inputs' method first.
Hope it'll install smoothly on my Samsung 830 SSD (64GB) and it'll detect and work with my miniPCIe WLAN Card (Compex WLE200NX).
BTW, I'm using this case: http://mini-case.com/pi37/pd332.html, totally fanless and hopefully ok when running pfsense 24/7….Cheers,
cibomato -
I'm has similar board JW Minix Mini HD PC http://www.jwele.com/motherboard_detail.php?1140 with 128GB SSD and 2GB ram. Since I need to set up several VLAN interfaces in the console so I had trouble using writing down the inputs method. Therefore I use the i386 version instead. Is there any downside using i386 version apart cannot using more than 4GB RAM?
-
No not really.
There may be some marginal performance increase using 64bit but its small enough you'd have to setup a test to see it. I've seen people argue both ways on this.Steve
-
I just picked up a new board. It was listed on ebay as the Intel2500CCE. When I received the board it shows Intel D2500CC. Is there an actual difference between the two?
From what I could find :
The 'E' suffix in the model name (e.g., D2500CCE vs D2500CC) signifies that this product is an Intel
Extended Life Product (ELP). ELP products will be available for extended production times (3 years) and are perfect for project use.So do you think I have the same thing? I dont see anywhere on the board the "E" just D2500CC.
Not sure if I should send it back and find one that has "e" listed.
Any help would be greatly appreciated.
-Neztik
-
I just picked up a new board. It was listed on ebay as the Intel2500CCE. When I received the board it shows Intel D2500CC. Is there an actual difference between the two?
From what I could find :
The 'E' suffix in the model name (e.g., D2500CCE vs D2500CC) signifies that this product is an Intel
Extended Life Product (ELP). ELP products will be available for extended production times (3 years) and are perfect for project use.So do you think I have the same thing? I dont see anywhere on the board the "E" just D2500CC.
Not sure if I should send it back and find one that has "e" listed.
Any help would be greatly appreciated.
-Neztik
I would think that would only matter if you were expecting to order an (or many) exact replacement as new stock through a standard distributor sometime in the next couple years. Those designations often are important for system integrators or manufacturers that need to be able to plan their supply chain for a particular product over the next few years.
Think of it this way, if you were building these as appliances and you needed to make sure each and every one was exactly the same for the planned release of your product, then I'd worry about it.
For a one off, no, probably not assuming it's otherwise identical, hardware wise.
-
Great! Thanks matguy. I can start building my new router this weekend without having to wait. I am currently running an older i386 system. The plan is to install 2.1 AMD64 and use the 2 onboard nics to VLAN tag.
-
Since that board only supports 4GB of RAM anyway, I would probably stick with x86 (32 bit) pfSense. The main reason for going with x64 support is to be able to address more than 4GB of RAM, otherwise x86 may be more supportable for you.
-
Since that board only supports 4GB of RAM anyway.
actually, the board supports at least 8GB ram, despite the claims of Intel:
# uname -rsp;dmesg|grep CPU;dmesg|grep memory FreeBSD 9.1-RELEASE amd64 CPU: Intel(R) Atom(TM) CPU D2500 @ 1.86GHz (1866.78-MHz K8-class CPU) FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs cpu0: <acpi cpu="">on acpi0 cpu1: <acpi cpu="">on acpi0 p4tcc0: <cpu frequency="" thermal="" control="">on cpu0 p4tcc1: <cpu frequency="" thermal="" control="">on cpu1 SMP: AP CPU #1 Launched! real memory = 8589934592 (8192 MB) avail memory = 8217665536 (7836 MB)</cpu></cpu></acpi></acpi>they are probably trying to make it look less attractive than it is…
-
actually, the board supports at least 8GB ram, despite the claims of Intel:
# uname -rsp;dmesg|grep CPU;dmesg|grep memory FreeBSD 9.1-RELEASE amd64 CPU: Intel(R) Atom(TM) CPU D2500 @ 1.86GHz (1866.78-MHz K8-class CPU) FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs cpu0: <acpi cpu="">on acpi0 cpu1: <acpi cpu="">on acpi0 p4tcc0: <cpu frequency="" thermal="" control="">on cpu0 p4tcc1: <cpu frequency="" thermal="" control="">on cpu1 SMP: AP CPU #1 Launched! real memory = 8589934592 (8192 MB) avail memory = 8217665536 (7836 MB)</cpu></cpu></acpi></acpi>Hello t3h0th3r, I am going to use the same board for a new
pfsense installation.As I am going to include Snort, Squid + havp and OpenVPN,
I was looking for a board with more than 4GB Ram, but the
2 Intel Nics convinced me :)Are you running the Intel D2500 or the newer D2500CCE revision?
What Ram do you have installed?
If possible could you provide the serial number for the memory.Thank you very much!
-
Today I installed the D2500CCE. I selected the Jetway JC110-B case which allows for adding two PCI cards, and has two internal fans. It is not very noisy at this moment. The case comes with a wall mount which is very useful as well. The Intel board fits without moving the fans's (which I read somewhere else). The BIOS has a setting for "always on" on power failure which is useful in my case because the firewall will be installed quite remote. I burned "pfSense-memstick-2.0.2-RELEASE-i386-20121207-1630.img" on a memory stick and installed pfsense from the stick on a harddrive. The display output was a little corrupted but good enough for a "simple" installation (I could read most of the words). The monitor isn't needed after the install, so it is good enough to me.
To answer the question above:
- board: Intel D2500CCE
- Memory: Transcend SO-DIMM DDR3 1333 2Gb
Later on I installed Squid proxy. The firewall will be used by a maximum of 75 users and a bandwidth of 60Mbit.
Dirk.
-
Solid information. Nice first post! ;)
Steve
-
besides the first gentleman who posted his idle consumption @ ~20watts
has anyone else checked their power consumption at idle?
I thought I read somewhere that these atom 2500's were supposed to idle at <10 watts? -
My D2500CC idles at 15W using a "Kill-a-watt". I have it running the 64-bit 2.1Beta snapshot. I think the 32-bit beta also worked. Anything else was a problem for me, IIRC. I am using a Picopsu-120 with a 10A (large) power brick, which might account for some of that. A PicoPSU-80 would probably make more sense. I'm using a flash drive, not a hard drive.
-
I'm using pfS 2.1 x64 Snapshots full-install@hdd with two Intel D2500CCE board since eight months without any problems, except the serial-console-bug. Services are HAVP, Squid / Dansguardian and OpenVPN on a 50/2,5 cable. VLAN on the Intel NICs works, too.
Without cooling the Atom heats to 60 degree celsius. Power consumption with HDD and none -80+ PSU ~30W.
