Ready to run hardware for a complete noob soho-user?

stephenw10

There have been several threads about these boxes. Here's one recently:
http://forum.pfsense.org/index.php/topic,50904.0.html
These are brilliant little servers for home use or quiet enough to have under your desk at work. They work great with ESXi. A friend of mine has one and I have a VM pfSense instance on it that I use for OpenVPN testing. It works very well as long as none of the other VMs on it are doing much.
But…. the CPU in these boxes is nothing special: AMD Turion II Neo N40L (1.5GHz). That score puts it comfortably ahead of the fastest Atom. I would guess that the best throughput under pfSense will be up towards 1Gbps but probably not quite there. That's a guess mind you!  ::)

Steve

fragged

The HP microserver, while it's a great box for many things, I don't think it's that great for pfSense. You can get a much smaller box for pfSense with more power. I would much rather have a mini-itx or smaller (like Alix) box for pfSense. My current build has a Intel G630T CPU in a Antec ISK110 case.

NOYB

Personally I'd go with a second hand notebook.  Oh wait, in fact that's what I did.

You might even have a relative, colleague, or friend that wants to get ride of one.  Again in fact that's what I did.  A colleague gave me a couple old notebooks (2003 vintage DELL Inspiron 5100).  They make good pfSense machine.

Just add an external access point for the WiFi N

That's my home setup.  Work good and I like it.

Mr. Jingles

@NOYB:

Personally I'd go with a second hand notebook.  Oh wait, in fact that's what I did.

You might even have a relative, colleague, or friend that wants to get ride of one.  Again in fact that's what I did.  A colleague gave me a couple old notebooks (2003 vintage DELL Inspiron 5100).  They make good pfSense machine.

Just add an external access point for the WiFi N

That's my home setup.  Work good and I like it.

You wrote it funny  ;D

But then I have to add network cards. And I am not that technical op hardware, especially with the OEM-notebooks I expect this to be a problem(?)

Mr. Jingles

@fragged:

The HP microserver, while it's a great box for many things, I don't think it's that great for pfSense. You can get a much smaller box for pfSense with more power. I would much rather have a mini-itx or smaller (like Alix) box for pfSense. My current build has a Intel G630T CPU in a Antec ISK110 case.

Thanks, by now I've indeed ditched the HP from my list. I will need to find out what exact hardware to buy, but, again, I am a noob on hardware (and actually wish to remain that way; hardware doesn't interest me at all  ;D).

NOYB

No additional network cards required.
VLAN the WAN interface.  You mentioned that you already have a gigabit switch.  If its a smart switch or better then it should support VLANs.

So it goes something like this.
ISP modem connected to switch port 1
pfSense machine connected to switch port 2
switch port 1 PVID 98 & untagged member of vlan 98
switch port 2 PVID 1 & tagged member of vlan 98
switch port 2 and remaining ports PVID 1 & untagged members of vlan 1 (typically the default/admin vlan)
create pfSense VLAN 98 on the physical network device
assign pfSense WAN to vlan 98 network device
assign pfSense LAN to the physical network device

WiFi N Access Point connected to switch port 3

Remaining LAN devices connect to remaining switch ports.

Mr. Jingles

@NOYB:

No additional network cards required.
VLAN the WAN interface.  You mentioned that you already have a gigabit switch.  If its a smart switch or better then it should support VLANs.

So it goes something like this.
ISP modem connected to switch port 1
pfSense machine connected to switch port 2
switch port 1 PVID 98 & untagged member of vlan 98
switch port 2 PVID 1 & tagged member of vlan 98
switch port 2 and remaining ports PVID 1 & untagged members of vlan 1 (typically the default/admin vlan)
create pfSense VLAN 98 on the physical network device
assign pfSense WAN to vlan 98 network device
assign pfSense LAN to the physical network device
 
WiFi N Access Point connected to switch port 3

Remaining LAN devices connect to remaining switch ports.

I do realize only now that I didn't say 'thank you' for your post  :-\ My apologies, sorry  :(

I will need to study hard to understand what you wrote (I am not that technical and am still searching for a good book on networking, aimed at the absolute noob  :P).

For the last couple of months, I have been trying to get stuff to work. The GREAT Stephenw10 has been helping me all this time, since it was rather a disaster to get things working with the my ISP-provided VDSL modem/router/all-in-one. Finally we had it working yesterday, and this morning the box (a very old P4) died  ::)

So I am now looking at the hardware. Stephen again has helped me here also, so most of it I think I know what to buy. Only one part is missing: the harddisk.

Sofar what I have is:

mobo: DQ77KB Intel Mini-ITX dual Intel LAN
http://www.mini-box.com/Intel-DN2800MT-Mini-ITX-Motherboard
http://www.newegg.com/Product/Product.aspx?Item=N82E16813121622

CPU: Intel Celeron G1610 (apparently the successor of the G530).
http://www.newegg.com/Product/Product.aspx?Item=N82E16819116889&Tpk=G1610

Case: Cooler Master Elite 120 Advanced
http://www.newegg.com/Product/Product.aspx?Item=N82E16811119261

RAM: some 8GB in one of the two available slots

Power: integrated on the mobo, this cable to connect it to my APC UPS:
http://www.mini-box.com/19v-8-4A-160-Watt-AC-DC-Power-Adapter

So I think that all that is remaining is the hard disk, and here I run into a  ???

Because I can not seem to find any information about how big the hard disk needs to be. Yes, I've found 'minimum 1GB', but what if I want to use snort, squid, RRD and such?

Would anybody be able to give some information on this? Do I need to buy a 64GB SSD for it ( ???) or are there better alternatives I could do?

Thank you very much for any help –- after months, I am almost there  ;D

Bye,

RocKKer

In the OP you didn't seem to want to build something but now that you do, here is a complete build I did. It includes shopping list to build an 18 watt router with ~250+ Mbps throughput, using an Intel Atom as base. here

The build and shopping list starts 2 post below the link I referenced in this reply. I started you at that post because it shows some pics of where I put some extra heatsinks.

This has been a rock solid and completely reliable build for me.

Mr. Jingles

@RocKKer:

In the OP you didn't seem to want to build something but now that you do, here is a complete build I did. It includes shopping list to build an 18 watt router with ~250+ Mbps throughput, using an Intel Atom as base. here

The build and shopping list starts 2 post below the link I referenced in this reply. I started you at that post because it shows some pics of where I put some extra heatsinks.

This has been a rock solid and completely reliable build for me.

Thank you very much for your reply  :P

( ;D)

I decided to order some stuff, and it basically is the Intel mobo and G1610 I mentioned in the above. Actually, I picked it up in the store today, 2 hours ago. Only the power cord for this specific mobo is still missing, the store didn't have it. But it is in backorder now. Perhaps what I bought might turn out to be a little bit 'over weight' right now, but, as I explained before, I buy stuff to use it for 10 years, and I hope with this stuff I can comfort myself for the next 10 years.

So now I am waiting for the power cable, and then I can join the happy family of proud PFsense-users  ;D

Thanks again for your reply,

Bye,

tim.mcmanus

You could get away with a LOT less RAM.  I have 4GB for two LAN and WANs (50/8 each) and barely fill 17%.  You could even cache the entire pfSense OS into RAM and you'd still have plenty of room.  But, RAM is cheap so it's only a few bucks difference.

daniev

@NOYB:

… VLAN the WAN interface...

Sorry to hijack, but I'm curious on how safe a thing that is? My ISP is Verizon FIOS. So the Layer 2 frames and MAC address will be visible to them only and I'm sure they won't launch a L2 attack against me, their paying customer. Beyond the VZ network, no-one can see my L2 MAC, so I'm thinking it's relatively safe, right?

Mr. Jingles

I am a very happy man  ;D

I finally, after months of problems am running Pfsense flawlessly for one week now.

None of these problems were related to Pfsense (well, one, it turned out, was, but that should be solved in the 2.0.3 that was released yesterday).

All the major problems, and all the headaches and the hours of googling, reading, turned out to be related to my ISP and to my old crappy hardware that was too old, and too crappy (it died in the process of testing Pfsense. But it was old: a P4-2.4, I think I bought it in 2000 or so).

In short, my setup is:

• Mobo: Intel DQ77KB Intel Mini-ITX (dual NIC)
• CPU: Intel Celeron G1610
• HDD: WD Scorpio Black 500GB
• RAM: 8GB Corsair 'very long product number' (4GB used, since on X32, not X64).
• ISP: Belgacom (Belgium national ISP) VDSL
• Case: can't remember, but big and ugly for a mini-ITX (but an A-brand and the cheapest. Smaller was more expensive, - and since it is stashed away in my computer room anyway, I didn't want to spend the extra money. I spent that on a donation to Pfsense  ;D).
  Packages installed: Snort, Pfblocker, Squid, Squidguard, Ntop. CPU 18%, memory 40%.

The setup is:
Belgacom (ISP) modem-router (does the dial up) -> Pfsense WAN (DHCP from Belgacom) -> PFS - LAN (different subnet, does DHCP to the LAN) -> HP Switch -> LAN-'puters.

(The reason the ISP-modem still does the dial up is that I couldn't get this to work from within PFS. Thanks to an extremely kind member of this board (who refuses consistently to let me buy him a cup of coffee  :-[) I got it working anyway. This dial up problem should be fixed in 2.0.3, so I will test this when I have the nerves to do so  ;D).

My experience for one week:

• Exactly 0 point 0-0-0-0-0-0-0-0-0-0 (enough zeros to make my point ?  ;D) hickups from PFS.
• No slowdown whatsoever on my VDSL. Speed the same as with my switch being plugged in directly into the ISP-modem-router (tested with speedtest.net).

So, I am one very happy 'free man', now: no more retail plastic junk, and I would like to thank all of you who helped me, especially Mr. Very Special who refuses me buying him a cup of coffee for all his advice ( ;D). Of course I just donated to express my thanks to all the great people from Pfsense and FreeBSD who are making this possible for us. Thank you, peoples, you are extremely appreciated  :-*

Bye,

tim.mcmanus

Any particular reason why you stayed with the 32-bit version over the 64-bit version?  You probably won't need it, but having access to that additional 4GB of RAM you have installed would be nice.  :)

Mr. Jingles

@tim.mcmanus:

Any particular reason why you stayed with the 32-bit version over the 64-bit version?  You probably won't need it, but having access to that additional 4GB of RAM you have installed would be nice.  :)

Thank you for your reply  :)

No, not at all; not at all.

This 'historically' grew like this. I started at X64, then had loads of problems (described high-level in the above), and then decided, in order to eliminate possible causes, to start at X32 (perceived by me, probably rubbish due to my noob-ness, as 'more safe').  So I built on that, and arrived at the final: after 1 week of smooth running, I will probably enjoy it for a couple of weeks to recoup from the 'horrors' (well, the frustration was really severe) of the past couple of months. After that, I will do a reinstall of X64 2.0.3. I have no reason whatsoever to think that that will turn into a nightmare, now that I have new hardware and at the same time know how to deal with my ISP.

Thanks again for your reply,

Bye,