New build on CybertronPC Quantum XL2010
-
What sort of throughput do you need? VPN? Squid? Snort?
Steve
-
It's almost only for Snort and basic routing abilities
This will run like that : modem + pfsense snort + switch for nas, workstation, home server etc
If I use a miniItx I may add a wirelessG card as independant wifi for cellphones or a wireless router on another NIC
From where I usually buy there is no much good motherboard with dual nic, few pci, pci-e
What about a old and cheap desktop pc :
http://www.tigerdirect.ca/applications/SearchTools/item-details.asp?EdpNo=2043689&Sku=J001-11009
Or
http://www.tigerdirect.ca/applications/SearchTools/item-details.asp?EdpNo=2886024&Sku=T76-2208Did not check hardware details yet but they have few extra slots for NIC cards, cheap and not power hungry
-
Depends how you define 'power hungry'. Both of those systems will consume a lot more than an Atom based box which may be all you need. However you haven't stated your throughput requirement. What speed is your WAN connection?
Steve
-
I have ASDL 20 Mbps
-
In that case almost anything will be fine, including very low powered boxes. A D525 based box will be good for ~500Mbps of NAT/firewall. Add Snort and that comes down but still way in excess of 20Mbps.
The very low powered Alix boxes are not good for Snort, not enough RAM.
If you choose to add a wifi interface you may want to transfer large files between wifi and LAN which will be restricted only by the wifi speed. Potentially this is far higher than 20Mbps so may effect your choice of hardware.Steve
-
Thank you, I'll try to find an Atom box for that or I'll build it myself
Thanks to all of you !
-
There are alot of small integrated motherboards nowdays. Recently i bought a motherboard with an integrated Celeron 847 processor on it (Asus C8HM70I/HDMI) that supports 64 bit and more RAM than the typical Atom-processor. I'm running Windows Server on it at the moment but i bet Pfsense would work perfectly on it. With 16 GB RAM and a small SSD it would be a very fast solution that is very cost-effective. It draws a little more power (17W TDP), but in most cases it is so little that it won't affect anything.
What i'm trying to say is that Atom processors are pretty nice, but there are better alternatives lurking around.
-
Thanks Kr^PacMan,
Find something similar but I'm having son difficulty to find hardware compatibility for the onboard LAN. 2 Onboard LAN + 1 PCI will give me the possibility to simply add my old pci wirelessG card and have a great setup but the onboard LAN is 2 x Realtek GbE LAN chips… Didn't find numbers for that chip
There is the mb : http://www.gigabyte.com/products/product-page.aspx?pid=4444#ov
If both LAN will work with FreeBSD this would be awsome, if not I'll have to find something else with at least 1 working onboard LAN + 2 PCI
Is anybody know these onboard "Realtek GbE LAN chips" ?
-
If you look at the drivers they are offering for the LAN you'll see they are RTL8111 chips. However there are several variants with that same model number. Some are supported by pfSense 2.0.X but some may require using pfSense 2.1beta (or RC if it's been released) with it's more recent drivers.
Steve
-
Thank you I think I'll go with that next week :D
-
This post seems to indicate you'll need to use 2.1:
I picked one of these up last week myself.
Unless I'm doing something wrong, 2.0.2 does not recognize the NICs, however 2.1BETA seems to be working fine, though I have not yet put it into production - if you can call a home network "production" :)
With beta, I initially had an issue where neither interface would function (despite ifconfig reporting up for both) until I ran ifconfig down/up for each interface. After clearing the CMOS all was well.
Steve
-
This looks like a pretty nice, inexpensive option. http://forum.pfsense.org/index.php/topic,60336 Dual Broadcomm nics.
-
Thank you stephenw10,
That board may ruin my first experience with pfsense, I'll try to find another one ^^
-
That board have Intel
82574L Gigabit Ethernet wich is supported by the em(4) driver :
https://www-ssl.intel.com/content/www/us/en/motherboards/desktop-motherboards/desktop-board-d2700mud.htmlOnly one NIC but have PCI slot available for another ethernet NIC, exit my old Linksys Wireless G ^^
-
I also found that interresting : http://www.ncix.ca/products/?sku=76623&vpn=XH61V&manufacture=Shuttle&promoid=1360
But + CPU + RAM + Shipping ~ 320$CAN
Similar build here : http://forum.pfsense.org/index.php/topic,56950.0.htmlI also found a cheap 1U case with PSU :o : http://www.supermicro.com/products/chassis/1u/503/sc503l-200.cfm 90$
But I'll have to cut the backplane and use a PCI vertical to horizontal adapter. It's not a big deal.. PCI connector will be sideway and the whole thing will became ugly :-\I think I'll stay with my last plan of : https://www-ssl.intel.com/content/www/us/en/motherboards/desktop-motherboards/desktop-board-d2700mud.html
- 2gb kingston RAM + Intel PCI NIC + Cheap case & Psu (IN WIN BP655), around 220$ before shipping
Other ideas ?
-
For the PCI nic you could try an Pro MT dual port, they are quite cheap on ebay. It is a PCI-X card, but works on standard PCI ports too.
-
Yes good advice, I just ordered one of these
I have another question now.. If I eventually want 2 have 2 wireless ap (guest/private) and few computer wich I want to be accessible from/to the private wireless.
Is it better to have a switch with VLANs support : http://www.netgear.com/business/products/switches/smart-switches/smart-switches/gs108t.aspxOption 1:
-modem (interface0)
–pfsense firewall
---switch (~8ports or more with vlans support on interface1)
----wireless ap (guest)
----wireless ap (private)
----computer 1 (ethernet)
----computer 2 (ethernet)
----laptop (wireless)
----nas (ethernet)
----mediacenter (ethernet)
And group all ports of the switch in VLAN1 to access each others except the wireless ap guest to put in another VLANOption 2:
-modem (interface0)
--pfsense firewall
---wireless ap (guest on interface1)
---wireless router (private interface2)
----computer 1 (ethernet)
----computer 2 (ethernet)
----laptop (wireless)
----nas (ethernet)
----mediacenter (ethernet)
Then making sure the wireless AP cant access the router and vice versaOption 3:
-modem (interface0)
--pfsense firewall
---wireless ap (guest interface1)
---switch (~8ports or more with vlans support on interface2)
----wireless ap (private)
----computer 1 (ethernet)
----computer 2 (ethernet)
----laptop (wireless)
----nas (ethernet)
----mediacenter (ethernet)
Then making sure the wireless AP cant access the switch and vice versaAppears to me that the first solution (if it can work) with the switch is the "simpliest", give me more room to expend in the future and very flexible (adding another swith as VLAN3 for servers or direct plug them in the main switch). (switch + 2x wireless ap)
The second option is the cheaper and should work (router + 1 wireless ap)
The third option is in-between and use the 3 interfaces (wireless ap + switch + wireless ap)Other ideas ?
-
Some wifi access points can support multiple virtual access points and tag each to separate vlan. You may be able to load openwrt/dd-wrt onto your AP to enable this functionality.
Steve
-
Ok, if I understand correctly some ap have that functionality built in but any ap that support dd/open-wrt can do it ? I mean, is it mainly software related or also hardware
Thank you again :)
-
Exactly. It is mostly software related because almost all soho style routers use VLANs internally anyway. Some wifi chipsets are not capable of supporting virtual access points however. It's worth looking into however because it's a zero cost option. ;)
Steve