My First pfSense Box

ghendi

Hello guys!

I'm new here. I've been a PC hobbyist for over 15 years although I have never gotten into any depths of knowledge before. Just found out about you guys while learning about FreeNAS. I plan on building a home NAS of 16.4TB of storage in Raid-Z2. The entire home is connected by dual-gigabit with Verizon FiOS 150Mbps down and 65Mbps up (good chance that in the next 6 months an upgrade to 300Mbps down will occur). So finding out about pfSense was incredible, to say the least!
At first, I had thought of running FreeNAS and pfSense VM's using ESXi, but I was told by the FreeNAS community to stay away from the Freenas VM… So instead, I decided that a separate box would be needed to host pfSense. The following are the hardware specifications I have chosen. Please let me know if any changes are needed.

• CPU - Intel Celeron G1610 Ivy Bridge 2.6GHz - http://www.newegg.com/Product/Product.aspx?Item=N82E16819116889

• Motherboard - ASRock H61MV-ITX LGA 1155 Intel H61 - http://www.newegg.com/Product/Product.aspx?Item=N82E16813157367

• RAM - G.SKILL ECO Series 4GB (2 x 2GB) 240-Pin DDR3 1333 - http://www.newegg.com/Product/Product.aspx?Item=N82E16820231318

• PSU - SeaSonic SS-300ET Bronze 300W ATX12V V2.3 80 PLUS BRONZE Certified - http://www.newegg.com/Product/Product.aspx?Item=N82E16817151086

• HDD - Mushkin Enhanced Callisto Deluxe 40GB Sata II MLC - http://www.newegg.com/Product/Product.aspx?Item=N82E16820226168

• NIC - Intel E1G44HTBLK 10/100/1000Mbps PCI-Express 2.0 Server Adapter I340-T4 - http://www.newegg.com/Product/Product.aspx?Item=N82E16833106050

• Case - COOLER MASTER RC-120A-KKN1 Mini-ITX Tower - http://www.newegg.com/Product/Product.aspx?Item=N82E16811119261

I would like the pfSense box to run OpenVPN (with data encryption), Snort, Squid, (maybe HVAP), and the IP-Blocklist. In addition, it seems there might be other things that I would like to have running on the box such as a Ventrilo server and a simple VoIP telephony service to replace the separate house phone. There might be other things as well, but I cannot think of any because of my lack of knowledge. Would this system be able to do all the above? What would you change or recommend instead? Would I be able to connect 2 of the NIC's ports to network switch for a dual-gigabit LAN connection and pass the entire network through the switch without any noticeable delay in network/internet traffic? Should I connect the other 2 ports to the Verizon modem? Could the server's total power usage be lowered with slower components while still achieving the desired results?

I deeply appreciate any feedback and help I receive. Looks like an active and knowledgeable community here and I am happy to have joined it, if only so recently!

Thank you,

Ghendi

stephenw10

Hi. Welcome.  :)
Looks like a good selection of hardware. With that board you have many CPU options for a future upgrade if you need it.
The on-board Realtek NIC and the newer Intel NICs will require you to run 2.1beta. That shouldn't be a problem.

Not quite sure what you are asking regarding the switch/ports. There is no advantage to running two gigabit cables to your modem other than redundancy, though I doubt the modem supports that.

Steve

asterix

You just might be better off with an i3 processor, though the Celeron should be fine. pfSense has PowerD function in its advanced settings that can help lower down power usage to some extent. I have an i5 system on VM ESXi 5.1 and its not hogging that much of power.. (at least my electricity bill is not shooting thru the roof since I installed it.. in fact I can't even make out a difference in the power usage).

Single gigabit connection is ample enough for that bandwidth.

ghendi

Thanks for the quick replies!

Ok, so you would recommend to swap out the aforementioned CPU with one like http://www.newegg.com/Product/Product.aspx?Item=N82E16819116775 ?

Other than that, the hardware would be fine enough to run those programs?

Thanks again!

tim.mcmanus

Unless you're going to virtualize pfSense on the box you can't run Vent or a VOIP server on it.  You can, however, run those on separate hardware or virtualized and they will work with pfSense.

If you really want to reduce power, this i3 is pretty nice:  http://www.newegg.com/Product/Product.aspx?Item=N82E16819115094

stephenw10

In my opinion (since in reality there are probably too many variables to be precise) the G1610 should be sufficient, certainly for the 150Mbps WAN. It will take you a long time to recover the extra $100 you spent on a low power CPU. It's hard to say what you would actually save anyway since the Celeron is newer fabrication and you won't be running it at 100% most of the time. You would be better spending it on a more efficient PSU or choosing to use the Intel DQ77KB which has a built in DC-DC PSU.
http://www.newegg.com/Product/Product.aspx?Item=N82E16813121622

Maybe look at this for compromise between price and power: http://www.newegg.com/Product/Product.aspx?Item=N82E16819116407

Steve

tim.mcmanus

@stephenw10:

…choosing to use the Intel DQ77KB which has a built in DC-DC PSU.
http://www.newegg.com/Product/Product.aspx?Item=N82E16813121622

I am a big fan of the Q77 chipset.  Great chipset to virtualize on or run anything else.

asterix

Ditto.

By the way we need to keep in check the progress we have made in pfSense and the packages it has to offer over the years. Though packages are being fine tuned to meet performance goals (what ever those goals may be  ;) ), the processor plays a key role as its the central processing hub for everything that goes around. Given Snort uses more RAM but it still uses CPU cycles, so does Dansguardian, clamd, Squid, pfblocker..etc.

If I am investing in a good build then I tend to keep in mind any future upgrades that might require some additional horse power. Extra free CPU cycles are better than less CPU cycles in my opinion  :D

EDIT- Forgot to mention the OP is planning to upgrade from 150Mbps to 300Mbps.. that's double the WAN bandwidth. Things do change quickly at times.  ;D

ghendi

Wow, recommendations are greatly appreciated! Thanks!

Only one thing bothers me with the Intel DQ77KB and that is upgradability/expandability. I'm guessing that over time, you have found more things to load onto your box, giving it more tasks to perform. I'm worried that this lower powered system along with its 120w DC-DC power supply won't hold up with future changes, please correct me if I'm wrong.

On another note, I'm new to virtualization and plan to try it on an old pc i have in the garage. Does virtualization (instead of single OS install) limit the capability or performance of pfSense in any way? Could pfSense be installed as non-virtualized and the other services run on a virtualized OS? Would 4GB ram be sufficient, or should it go up to 8GB?

Edit: How does the SeaSonic SSR-360GP 360W http://www.newegg.com/Product/Product.aspx?Item=N82E16817151117 look in terms of efficiency?

Clear-Pixel

@ghendi:

Wow, recommendations are greatly appreciated! Thanks!

Only one thing bothers me with the Intel DQ77KB and that is upgradability/expandability. I'm guessing that over time, you have found more things to load onto your box, giving it more tasks to perform. I'm worried that this lower powered system along with its 120w DC-DC power supply won't hold up with future changes, please correct me if I'm wrong.

When you do a custom build, its a investment and if you expect 5 to 10 years service out of the unit, don't cut corners on the motherboard just to save a few bucks.
If you invest in a board that supports i3 and i5 Intel CPU you will have a far greater scope for what the system can be used for in the future if the need arises.

Favored Manufactures

• Intel

• Supermico

If you don't give a hoot and just want the cheapest board …... well nothing wrong with that I guess ..... just don't expect a lot.

And stay away from Atom systems .... there are many reasons for staying away, the two main reasons being they are overpriced based on performance per watt and limited in scope for what they can be used for.

@ghendi:

On another note, I'm new to virtualization and plan to try it on an old pc i have in the garage. Does virtualization (instead of single OS install) limit the capability or performance of pfSense in any way? Could pfSense be installed as non-virtualized and the other services run on a virtualized OS? Would 4GB ram be sufficient, or should it go up to 8GB?

It would be best you have a CPU which has speed enhancements for Virtualization.

4GB will work just don't expect much.

Virtualization loves RAM ….. Think of it this way, if you Virtualize 3 operating systems you effectively have 3 computers. Build the Virtualization machine with as much ram as you would building 3 computers suited to the task at hand.

Personally if I where doing a custom build for pfsense I would want to future proof my build so if I decided to use the computer for Virtualization 16GB to 24GB supported motherboard would be a must .....

@ghendi:

Edit: How does the SeaSonic SSR-360GP 360W http://www.newegg.com/Product/Product.aspx?Item=N82E16817151117 look in terms of efficiency?

You want your power supply somewhere around 2 to 3 times your actual estimated power consumption. To big of a power supply will lower the efficiency of the power-supply. The problem I have had in the past is finding quality 100w to 200w power supplies.

But I have to say with the lower power consumption for some of the Intel low voltage CPU's a 50w to 100w power brick would be nice. I have seen a board or two that come with a AC plug for power bricks.

ghendi

Ok, so taking the previous comments into consideration, these are the following changes that I have looked in to:

• CPU - Intel Core i3-2120T Sandy Bridge 2.6GHz LGA 1155 35W - http://www.newegg.com/Product/Product.aspx?Item=N82E16819115094

• Motherboard - Intel BOXDQ77KB - http://www.newegg.com/Product/Product.aspx?Item=N82E16813121622

• PSU - FSP FSP150-ABAN1 150w AC-DC - http://www.amazon.com/Adapter-FSP150-ABAN1-FSP150ABAN1-Charger-Supply/dp/B00AI16RJE

• Case - SILVERSTONE Black PT12B Mini ITX - http://www.newegg.com/Product/Product.aspx?Item=N82E16811163219

• RAM - G.SKILL 8GB (2 x 4GB) 204-Pin DDR3 SO-DIMM DDR3 1600 - http://www.newegg.com/Product/Product.aspx?Item=N82E16820231472

Based on http://extreme.outervision.com/PSUEngine, I will only need 102w under full 100% load, so it is safe to take a bit extra room and get a 150w, right?
Also, with this thin mini-itx case, I'm not sure if the Intel NIC can fit… not even the low-profile ones... please correct me if I'm wrong. If you have a solution, that would be great! Maybe a different thin case? I'll keep looking around. If there isn't a solution, I'll go back to a regular mini-itx case. The only problem is that there is a big hole in the back for the regular sized PSU's...

stephenw10

There are a number of cases designed specially for that board due to it's great combination of features, they are expensive though I seem to recall. It is only half height so you have more space above the board to fit expansion cards than normal. The only restriction is the cpu heatsink/fan.
That Silverstone case looks great but you don't need an optical drive in a firewall.

There is plenty of upgrade potential with that board, have a look at the compatible CPUs:
http://processormatch.intel.com/CompDB/SearchResult.aspx?BoardName=dq77kb

The power brick you have linked to won't fit, it has the wrong connector. You need something like this:
http://www.mini-box.com/19v-8-4A-160-Watt-AC-DC-Power-Adapter

Steve

tim.mcmanus

If price/size is of no concern and you want to get the most out of virtualization, I matched this motherboard/CPU pair to do the job:

Motherboard
http://www.newegg.com/Product/Product.aspx?Item=N82E16813121623

CPU
http://www.newegg.com/Product/Product.aspx?Item=N82E16819116503

NICs
http://www.newegg.com/Product/Product.aspx?Item=N82E16833106033

I am, however, known for overspecing systems out, so this might be way out of your ballpark.  I did use the same motherboard in my pfSense build but with an i3.  I have an i7-2600K on the shelf if the i3 starts getting overtaxes.  I doubt I'll ever use it.

ghendi

The PSU model I got from Intel's compatibility chart on their pdf's (i attached to this post the jpg showing the chart). Interesting enough, you're right about that connection.

A 130w-150w would be all that is needed. Anymore would just be wasted, no?

Also, from my understanding of your replies, there is no way to get a pci(e) NIC to work with a thin mini-itx case?

Thanks again!

Edit: This looks like a nice case and there is room for the NIC by using a riser: http://www.g-alantic.com.tw/wp-content/uploads/Download-GA6503.pdf
The only thing is that its a regular mini-itx, although made specifically for DC boards, and not internal power supplies.


stephenw10

Hmm, I see the chart but never the less it won't fit.  ::)

@http://www.intel.com/support/motherboards/desktop/sb/cs-012037.htm:

Desktop boards with a 19 VDC power connector

These boards can use the following power supplies:

External Power Supply – the board can be powered with a 19 VDC external power supply through the 19 VDC connector (A in the image below) on the back panel. The back panel connector accepts plugs with an inner diameter (ID) of 5.1 mm and an outer diameter (OD) of 7.4 mm, where the inner contact is 19 (±5%) VDC and the shell is GND.

If you ever decide to fit a more powerful CPU you might need a larger power brick. That i3 will be fine though.

Steve

Clear-Pixel

Notes

Power Bricks - If there's no ferrite choke on the cord, that would be a sign the manufacture is cutting corners!

Motherboard - There might be problems with the Intel board you selected .. http://www.newegg.com/Product/Product.aspx?Item=N82E16813121622 .. investigate the Newegg Customer Review complaints left by users, they may be valid concerns.

I like most of Intel's hardware, but they can screw things up to…. after all they are human to.

ghendi

Ok great, thanks Stephen!

Looks like I have a final build:

• CPU - Intel Core i3-2120T Sandy Bridge 2.6GHz LGA 1155 35W - http://www.newegg.com/Product/Product.aspx?Item=N82E16819115094
• Motherboard - Intel DQ77KB - http://www.newegg.com/Product/Product.aspx?Item=N82E16813121622
  _* RAM - G.SKILL 8GB (2 x 4GB) 204-Pin DDR3 SO-DIMM DDR3 1600 - http://www.newegg.com/Product/Product.aspx?Item=N82E16820231472 * PSU - 19v/8.4A 160 Watt AC-DC Power Adapter - http://www.mini-box.com/19v-8-4A-160-Watt-AC-DC-Power-Adapter [still unsure] _* HDD - Mushkin Enhanced Callisto Deluxe 40GB Sata II MLC - http://www.newegg.com/Product/Product.aspx?Item=N82E16820226168
• NIC - Intel EXPI9402PTBLK 10/100/1000Mbps - http://www.newegg.com/Product/Product.aspx?Item=N82E16833106015 [using a pci-e riser]
• Case - G-Atlantic GA6503 B-Type Mini-ITX Case - http://www.g-alantic.com.tw/wp-content/uploads/Download-GA6503.pdf

Seems like that should be everything then!

Everyone, thank you very much!! :D I would like to start it in the next few weeks… would be a nice summer project!

Edit: @Clear-Pixel: You seem to have posted while I was writing mine up too. It seems there are some problems with the board, but it seems there are just as many good reviews too... so like a 50/50 shot huh? If everything on the hard drive is backed up and the mobo fails, could I RMA it and have it all up and running as soon as it's installed? Do you have any recommendations for a power adapter?  Thanks.__

Clear-Pixel

The concerns about the MB seem to be valid ghendi ….. You must investigate for yourself .... don't take anyone's word that everything's ok!
From a IT perspective when your running server based software you can run into serious issues with some boards.

Like I said a power supply such as this http://www.mini-box.com/19v-8-4A-160-Watt-AC-DC-Power-Adapter with no ferrite choke tells me they are cutting corners.

My choice for a quality power supply would be HP TouchSmart 310 520 135W 19V AC Adapter Power Supply they do make higher powered bricks if needed.
http://www.ebay.com/itm/GENUINE-HP-TouchSmart-310-520-135W-19V-AC-Adapter-Power-Supply-Cord-Charger-/400343813708?pt=Laptop_Adapters_Chargers&hash=item5d3659ce4c

_You're the one which will have to live with it, not them … always verify information!  _

stephenw10

Interesting. Surprised it doesn't have a choke. I guess it could have sufficient internal filtering.

There are quite a few people using that board here on the forum, have a search around. I don't remember hearing about any problems with the NICs. It could be a Linux only driver issue.

I'm not running that board myself though so I can only pass on what I've read.  ;)

Steve

Clear-Pixel

@stephenw10:

Interesting. Surprised it doesn't have a choke. I guess it could have sufficient internal filtering.

There are quite a few people using that board here on the forum, have a search around. I don't remember hearing about any problems with the NICs. It could be a Linux only driver issue.

I'm not running that board myself though so I can only pass on what I've read.  ;)

Steve

I don't have a need to investigate the issue, but there seems to be a problem with Linux and the 82579LM and 82574L Intel chip combination.

Speculation
1. Its a direction Intel is headed in and the problem may have to be solved by the Linux community.
2. Nic combination was never designed for Linux compatibility. If that's the case, from a IT perspective the board is unsuitable for IT use unless your running Windows based software.