Recommendation for home user with VPN, Snort & fanless
-
Do you have any recommendations for a board/cpu combo that may come with intel chips and have a REAL pcie for adding additional network cards?
This one: http://www.msi.com/product/ipc/MS98E3.html also has 2 intel i210at's but it might turn out cheaper then the Supermicro one. Maybe drivers will be solved in Pfsense 2.2? Not sure when this board is supposed to come out.
-
This might be pretty close to what you want: http://www.mitxpc.com/proddetail.asp?prod=JBC200F99-525-B
I got something similar, but just dual nic
-
The D525 will be on it's limits with 50Mbps of VPN. I doubt it would do even a tuned Snort config as well without dropping throughput significantly.
Steve
-
It seems you are saying most of the embedded chips are not going to cut it? Do you think stepping up to the i3 to avoid drop in throughput is needed? It just seems there are not many options to keep a machine like that silent.
-
At your price point maybe. The Rangley Atoms seem have huge potential which will only get better with the multi-thread pf in 2.2.
Steve
-
At your price point maybe. The Rangley Atoms seem have huge potential which will only get better with the multi-thread pf in 2.2.
Steve
Rangeley is a great platform, even under 2.1.x. It's going to absolutely scream under 2.2 with multi-threaded pF, AES-NI, and Suricata.
-
I picked up a second hand i5-4570T on ebay for $135 (AUD) - was pulled from a HP.
Considering the T series of haswell are rated to 35W TDP you could reasonably run it fanless with just about any moderately sized cooler sans fan. You could even undervolt to get it down further.
http://ark.intel.com/products/75045/Intel-Core-i5-4570T-Processor-4M-Cache-up-to-3_60-GHz
On a home connection like yours, most of the time it'd be running well and truly under it's TDP anyhow (probably 5-8W at idle)
Another alternative is the i3-4130T (http://ark.intel.com/products/77481/Intel-Core-i3-4130T-Processor-3M-Cache-2_90-GHz )
I would personally put a "silent" slow blow fan on whatever cooler cause that is in my nature, but it would be unnecessary at that TDP
Both of these CPUs have AES-NI, have scope for upgrades (to the i7-4970 if you feel like you need it sometime) and both can be put on a cheap ($60~) motherboard.
-
Considering the T series of haswell are rated to 35W TDP you could reasonably run it fanless with just about any moderately sized cooler sans fan.
Hmm, not sure I'd agree with that. Most CPUs that are commonly used fanless are <15W TDP. There are cases designed for 35W TDP fanless but they usually go to significant lengths to dissipate the heat. The Akasa Euler for example.
Most modern CPUs have built in over-heat protection of some sort so will just clock down instead of melting but I'm not sure I'd want to rely on that or run a CPU at it's maximum operating temp continuously.Steve
-
I popped one of these: http://www.itsvet.com/proizvod/thermaltake-cl-p0019-fanless-103/comp_comp_cooler/49/237 on an overclocked Q6600 (at 3.2ghz) and it coped ok. That would have been dissipating 150+w
More modern heatsinks are much bigger in terms of surface area.
If you popped something like these on the chip:
http://www.thermaltake.com/Cooling/Air_Cooler_/Frio/C_00001826/Frio_Extreme/design.htmor
http://www.thermaltake.com/Cooling/Air_Cooler_/Contac/C_00001807/Contac_21_/design.htmor
http://www.thermaltake.com/Cooling/Air_Cooler_/Others/C_00001896/BigTyp_Revo_/design.htmI think you would be more than fine, especially considering in a home application you would not be running full out most of the time.
Intel specify the heatsink 60% down the following page for 35W (and it's tiny!)
http://www.anandtech.com/show/4524/the-sandy-bridge-pentium-review-pentium-g850-g840-g620-g620t-tested -
Well, yes, those look fine. I may well be out of touch here but those look like more than 'moderately sized' to me. ;)
35W is a pretty low TDP by modern standards, although the trend for ever increasing power consumption looks to be thankfully reversing. You don't need to much to dissipate 35W but it's a big gap between a small/quiet fan and fanless.
I guess my point here is that if fanless is a key requirement then you're better off spending more on a CPU with a very low TDP than trying to cool a standard CPU with an expensive case. In my opinion!Steve
-
I've run intel i5-3740t (?) and xeon 1265lv2 fanless Ian euler case with dual port i350 on intel dq66kb Mobo. Both run snort and pfblocker with intensive rules on multiple interfaces. Both CPUs run at 10-20% utilisation and 55 degC. Ram is a bigger hurdle, get 16gb of fast stuff, not silly over clocked marketing bull, just good solid low latency ram.
I'm building a couple of rangeley systems next week too for comparison. I've been meaning to throw build and data threads up for sometime but got distracted. -
16gb of ram is utterly unnecessary for home use.
I run 6 gig on my box and even that is overkill..
-
16gb of ram is utterly unnecessary for home use.
I run 6 gig on my box and even that is overkill..
Not necessarily. Snort can use 3-4GB of RAM per interface, depending on how you configure it, and squid can use RAM for a first level cache.
-
I can't see a home user needing multiple snort interfaces and a large squid setup.
Just can't see it
Would love to be proven wrong
-
Depends how you define 'need'. ;)
You could argue that most people don't need a pfSense setup for home use at all.Steve
-
Well, I don't use squid. I prefer to overcome the need with a lot of unmetered bandwidth.
Snort, on the other hand, is very valuable. I run on all interfaces, blocking on externals, alerting on internal. Very memory-intensive.
-
Does it catch much on your home network? What does it catch?
I ask because I gave up running Snort at home after I was getting more false positives than anything useful. That was some time ago though and I'm not running any home servers (currently).Steve
-
Does it catch much on your home network? What does it catch?
I ask because I gave up running Snort at home after I was getting more false positives than anything useful. That was some time ago though and I'm not running any hime servers (currently).Steve
I've had a few people come over with laptops which had Zeus trying to hit CnC servers. I've also had it catch a few 0-Day exploits on web sites. I use it mostly for malware blocking.
Getting it configured correctly so it doesn't constantly block everything you do is the hardest part.
-
Ah, interesting thanks. ;)
Agreed, stopping it blocking everything is what I gave up trying in the end. Too many complaints, not enough perceived advantage.
Back in the day I used to run it in IPCop (by just checking the box) and never really had any issues but also never caught anything. That was on a box with 196MB. Times change, I guess Snort is able to detect far more than it could 10+ years ago.Steve
-
Ah, interesting thanks. ;)
Agreed, stopping it blocking everything is what I gave up trying in the end. Too many complaints, not enough perceived advantage.
Back in the day I used to run it in IPCop (by just checking the box) and never really had any issues but also never caught anything. That was on a box with 196MB. Times change, I guess Snort is able to detect far more than it could 10+ years ago.Steve
I too ran IPCop back in the day along with Snort on an old Dell P-III machine with 256meg of RAM. Most of the blocks were actually unnoticed. Since the hardware was very limited I only had it snort on the WAN (RED Network). I also was running some package that blocked IPs for port scans which worked pretty well. Over time IPCop started to age with no real updates so I looked around for something better which lead me to PfSense after trying out other firewalls.
Just a side note a group of devs forked IPCop which is now called IPFire and very active in development. For simple home use IPFire is fine but I prefer PfSense's advanced features and flexibility.
