Ready to run hardware for a complete noob soho-user?
-
Thank you extremely very much, Stephen; I am in your debt already :P
I will digest the information you gave tomorrow; currently I am fighting with one of my Synology servers who seems no longer to like me, and refuses to let me in ( :-[).
As to your remark about the sponsors and supporting this project; I do intend to donate to this project directly, anyway. I am a donator to the FreeBSD-foundation also, I've donated to the late desktopBSD (which unfortunately died due to Peter pursuing other interests), and I intend to donate to PC-BSD as well if 9.1 appears to be the solution I am looking for (I hate W7, and I can't afford Apple ;D). So, my objectives are not about getting things for free (there's no such thing as a free lunch in life, my grandpa told me ;D), my objectives are about getting good quality, and decent support. I've looked at the price of commercial support for Pfsense, and that really appears to be aimed at really commercial, as these are prices I can't pay. But, in the end, I refuse to supply vendors with my hard earned money if they appear to be nothing but 'cheap' 'rats', trying to get your money and then don't even live to their moral responsibility to fix the bugs in the product they've sold me ( >:( :-[ :-X).
Anyway, thanks again very much, Stephen: I'm in your debt already, and I will process your information tomorrow, after I have conquered the Synology which obviously wants to start a fight with me ;D
Thanks & Bye,
-
Unless I missed something, ALIX should be a good solution for you. I went with regular PC hardware as I wanted my box to scale close to 1 Gbps speeds (I now have 100/10 fiber), but ALIX should be good for anything under 100/100.
Obviously as Steve mentioned, ALIX won't run Squid and/or Snort too well, but for just the basic pfSense installation with light packages running it's enough.
EDIT: Gigabit speeds not only require decent NIC's (Intel,Broadcom or other quality NIC), it also requires a lot of CPU power with pfSense. This is why you don't see low power appliance like ALIX with Gigabit NIC's.
And again like Steve said, you should go for WLAN AP if you want Wireless N support. And in home environment you most likely don't need special access rights, filtering or other tweaks for WLAN vs wired so you don't even need to put them to different subnets or anything unless you really want or need to. I'm actually using my old Wireless N router/firewall as just a router in for my home network with NAT,DHCP and everything else I don't need disabled to serve my wired and wireless devices.
-
Unless I missed something, ALIX should be a good solution for you. I went with regular PC hardware as I wanted my box to scale close to 1 Gbps speeds (I now have 100/10 fiber), but ALIX should be good for anything under 100/100.
Obviously as Steve mentioned, ALIX won't run Squid and/or Snort too well, but for just the basic pfSense installation with light packages running it's enough.
EDIT: Gigabit speeds not only require decent NIC's (Intel,Broadcom or other quality NIC), it also requires a lot of CPU power with pfSense. This is why you don't see low power appliance like ALIX with Gigabit NIC's.
And again like Steve said, you should go for WLAN AP if you want Wireless N support. And in home environment you most likely don't need special access rights, filtering or other tweaks for WLAN vs wired so you don't even need to put them to different subnets or anything unless you really want or need to. I'm actually using my old Wireless N router/firewall as just a router in for my home network with NAT,DHCP and everything else I don't need disabled to serve my wired and wireless devices.
Thanks for your comments ;D
On another note, what do you all think of this:
http://h10010.www1.hp.com/wwpc/us/en/sm/WF06a/15351-15351-4237916-4237918-4237917-4248009.html?dnr=1
Recommended to me by some 'IT-guru' (who also sells this stuff) as being 'perhaps already overkill for something as light as pfsense/snort/ip-block/squirt'. I am not sure if I believe that, 'though, given the comments on this forum about performance.
-
There have been several threads about these boxes. Here's one recently:
http://forum.pfsense.org/index.php/topic,50904.0.html
These are brilliant little servers for home use or quiet enough to have under your desk at work. They work great with ESXi. A friend of mine has one and I have a VM pfSense instance on it that I use for OpenVPN testing. It works very well as long as none of the other VMs on it are doing much.
But…. the CPU in these boxes is nothing special: AMD Turion II Neo N40L (1.5GHz). That score puts it comfortably ahead of the fastest Atom. I would guess that the best throughput under pfSense will be up towards 1Gbps but probably not quite there. That's a guess mind you! ::)Steve
-
The HP microserver, while it's a great box for many things, I don't think it's that great for pfSense. You can get a much smaller box for pfSense with more power. I would much rather have a mini-itx or smaller (like Alix) box for pfSense. My current build has a Intel G630T CPU in a Antec ISK110 case.
-
Personally I'd go with a second hand notebook. Oh wait, in fact that's what I did.
You might even have a relative, colleague, or friend that wants to get ride of one. Again in fact that's what I did. A colleague gave me a couple old notebooks (2003 vintage DELL Inspiron 5100). They make good pfSense machine.
Just add an external access point for the WiFi N
That's my home setup. Work good and I like it.
-
Personally I'd go with a second hand notebook. Oh wait, in fact that's what I did.
You might even have a relative, colleague, or friend that wants to get ride of one. Again in fact that's what I did. A colleague gave me a couple old notebooks (2003 vintage DELL Inspiron 5100). They make good pfSense machine.
Just add an external access point for the WiFi N
That's my home setup. Work good and I like it.
You wrote it funny ;D
But then I have to add network cards. And I am not that technical op hardware, especially with the OEM-notebooks I expect this to be a problem(?)
-
The HP microserver, while it's a great box for many things, I don't think it's that great for pfSense. You can get a much smaller box for pfSense with more power. I would much rather have a mini-itx or smaller (like Alix) box for pfSense. My current build has a Intel G630T CPU in a Antec ISK110 case.
Thanks, by now I've indeed ditched the HP from my list. I will need to find out what exact hardware to buy, but, again, I am a noob on hardware (and actually wish to remain that way; hardware doesn't interest me at all ;D).
-
No additional network cards required.
VLAN the WAN interface. You mentioned that you already have a gigabit switch. If its a smart switch or better then it should support VLANs.So it goes something like this.
ISP modem connected to switch port 1
pfSense machine connected to switch port 2
switch port 1 PVID 98 & untagged member of vlan 98
switch port 2 PVID 1 & tagged member of vlan 98
switch port 2 and remaining ports PVID 1 & untagged members of vlan 1 (typically the default/admin vlan)
create pfSense VLAN 98 on the physical network device
assign pfSense WAN to vlan 98 network device
assign pfSense LAN to the physical network deviceWiFi N Access Point connected to switch port 3
Remaining LAN devices connect to remaining switch ports.
-
No additional network cards required.
VLAN the WAN interface. You mentioned that you already have a gigabit switch. If its a smart switch or better then it should support VLANs.So it goes something like this.
ISP modem connected to switch port 1
pfSense machine connected to switch port 2
switch port 1 PVID 98 & untagged member of vlan 98
switch port 2 PVID 1 & tagged member of vlan 98
switch port 2 and remaining ports PVID 1 & untagged members of vlan 1 (typically the default/admin vlan)
create pfSense VLAN 98 on the physical network device
assign pfSense WAN to vlan 98 network device
assign pfSense LAN to the physical network device
WiFi N Access Point connected to switch port 3Remaining LAN devices connect to remaining switch ports.
I do realize only now that I didn't say 'thank you' for your post :-\ My apologies, sorry :(
I will need to study hard to understand what you wrote (I am not that technical and am still searching for a good book on networking, aimed at the absolute noob :P).
For the last couple of months, I have been trying to get stuff to work. The GREAT Stephenw10 has been helping me all this time, since it was rather a disaster to get things working with the my ISP-provided VDSL modem/router/all-in-one. Finally we had it working yesterday, and this morning the box (a very old P4) died ::)
So I am now looking at the hardware. Stephen again has helped me here also, so most of it I think I know what to buy. Only one part is missing: the harddisk.
Sofar what I have is:
mobo: DQ77KB Intel Mini-ITX dual Intel LAN
http://www.mini-box.com/Intel-DN2800MT-Mini-ITX-Motherboard
http://www.newegg.com/Product/Product.aspx?Item=N82E16813121622CPU: Intel Celeron G1610 (apparently the successor of the G530).
http://www.newegg.com/Product/Product.aspx?Item=N82E16819116889&Tpk=G1610Case: Cooler Master Elite 120 Advanced
http://www.newegg.com/Product/Product.aspx?Item=N82E16811119261RAM: some 8GB in one of the two available slots
Power: integrated on the mobo, this cable to connect it to my APC UPS:
http://www.mini-box.com/19v-8-4A-160-Watt-AC-DC-Power-AdapterSo I think that all that is remaining is the hard disk, and here I run into a ???
Because I can not seem to find any information about how big the hard disk needs to be. Yes, I've found 'minimum 1GB', but what if I want to use snort, squid, RRD and such?
Would anybody be able to give some information on this? Do I need to buy a 64GB SSD for it ( ???) or are there better alternatives I could do?
Thank you very much for any help –- after months, I am almost there ;D
Bye,
-
In the OP you didn't seem to want to build something but now that you do, here is a complete build I did. It includes shopping list to build an 18 watt router with ~250+ Mbps throughput, using an Intel Atom as base. here
The build and shopping list starts 2 post below the link I referenced in this reply. I started you at that post because it shows some pics of where I put some extra heatsinks.
This has been a rock solid and completely reliable build for me.
-
In the OP you didn't seem to want to build something but now that you do, here is a complete build I did. It includes shopping list to build an 18 watt router with ~250+ Mbps throughput, using an Intel Atom as base. here
The build and shopping list starts 2 post below the link I referenced in this reply. I started you at that post because it shows some pics of where I put some extra heatsinks.
This has been a rock solid and completely reliable build for me.
Thank you very much for your reply :P
( ;D)
I decided to order some stuff, and it basically is the Intel mobo and G1610 I mentioned in the above. Actually, I picked it up in the store today, 2 hours ago. Only the power cord for this specific mobo is still missing, the store didn't have it. But it is in backorder now. Perhaps what I bought might turn out to be a little bit 'over weight' right now, but, as I explained before, I buy stuff to use it for 10 years, and I hope with this stuff I can comfort myself for the next 10 years.
So now I am waiting for the power cable, and then I can join the happy family of proud PFsense-users ;D
Thanks again for your reply,
Bye,
-
You could get away with a LOT less RAM. I have 4GB for two LAN and WANs (50/8 each) and barely fill 17%. You could even cache the entire pfSense OS into RAM and you'd still have plenty of room. But, RAM is cheap so it's only a few bucks difference.
-
… VLAN the WAN interface...
Sorry to hijack, but I'm curious on how safe a thing that is? My ISP is Verizon FIOS. So the Layer 2 frames and MAC address will be visible to them only and I'm sure they won't launch a L2 attack against me, their paying customer. Beyond the VZ network, no-one can see my L2 MAC, so I'm thinking it's relatively safe, right?
-
I am a very happy man ;D
I finally, after months of problems am running Pfsense flawlessly for one week now.
None of these problems were related to Pfsense (well, one, it turned out, was, but that should be solved in the 2.0.3 that was released yesterday).
All the major problems, and all the headaches and the hours of googling, reading, turned out to be related to my ISP and to my old crappy hardware that was too old, and too crappy (it died in the process of testing Pfsense. But it was old: a P4-2.4, I think I bought it in 2000 or so).
In short, my setup is:
- Mobo: Intel DQ77KB Intel Mini-ITX (dual NIC)
- CPU: Intel Celeron G1610
- HDD: WD Scorpio Black 500GB
- RAM: 8GB Corsair 'very long product number' (4GB used, since on X32, not X64).
- ISP: Belgacom (Belgium national ISP) VDSL
- Case: can't remember, but big and ugly for a mini-ITX (but an A-brand and the cheapest. Smaller was more expensive, - and since it is stashed away in my computer room anyway, I didn't want to spend the extra money. I spent that on a donation to Pfsense ;D).
Packages installed: Snort, Pfblocker, Squid, Squidguard, Ntop. CPU 18%, memory 40%.
The setup is:
Belgacom (ISP) modem-router (does the dial up) -> Pfsense WAN (DHCP from Belgacom) -> PFS - LAN (different subnet, does DHCP to the LAN) -> HP Switch -> LAN-'puters.(The reason the ISP-modem still does the dial up is that I couldn't get this to work from within PFS. Thanks to an extremely kind member of this board (who refuses consistently to let me buy him a cup of coffee :-[) I got it working anyway. This dial up problem should be fixed in 2.0.3, so I will test this when I have the nerves to do so ;D).
My experience for one week:
- Exactly 0 point 0-0-0-0-0-0-0-0-0-0 (enough zeros to make my point ? ;D) hickups from PFS.
- No slowdown whatsoever on my VDSL. Speed the same as with my switch being plugged in directly into the ISP-modem-router (tested with speedtest.net).
So, I am one very happy 'free man', now: no more retail plastic junk, and I would like to thank all of you who helped me, especially Mr. Very Special who refuses me buying him a cup of coffee for all his advice ( ;D). Of course I just donated to express my thanks to all the great people from Pfsense and FreeBSD who are making this possible for us. Thank you, peoples, you are extremely appreciated :-*
Bye,
-
Any particular reason why you stayed with the 32-bit version over the 64-bit version? You probably won't need it, but having access to that additional 4GB of RAM you have installed would be nice. :)
-
Any particular reason why you stayed with the 32-bit version over the 64-bit version? You probably won't need it, but having access to that additional 4GB of RAM you have installed would be nice. :)
Thank you for your reply :)
No, not at all; not at all.
This 'historically' grew like this. I started at X64, then had loads of problems (described high-level in the above), and then decided, in order to eliminate possible causes, to start at X32 (perceived by me, probably rubbish due to my noob-ness, as 'more safe'). So I built on that, and arrived at the final: after 1 week of smooth running, I will probably enjoy it for a couple of weeks to recoup from the 'horrors' (well, the frustration was really severe) of the past couple of months. After that, I will do a reinstall of X64 2.0.3. I have no reason whatsoever to think that that will turn into a nightmare, now that I have new hardware and at the same time know how to deal with my ISP.
Thanks again for your reply,
Bye,