Recommendation cheap unit for a 74 years old senior citizen :-)
-
I would like to thank you all very much for your inputs and help. I will go on and buy the APU for my neigbor.
Your insights on the VPN are food for thought, and therefor much appreciated also ;D
-
@chemlud:
German secret service is the LAST to trust, except for Five Eye and the Sweds (deep in the rectum of the US…) and the Danish, doing the surveillance of the German mobile net for the US and the CSC story and and and…
Herr Mitterwald seems to think Denmark is still to be trusted, and I vaguely recall there is a VPN provider over there who salutes himself for that.
@chemlud:
Read about the people behind OpenSSL, not that funny.
Deal with it. The net is fu**ed up, totally, completely and for a very long time, if there will be any form of privacy at all in the future.
Could I ask which story of the people behind OpenSSL?
And, if I may; how do you deal with it then? Nothing at all?
-
Hum, sorry, I forgot, one last question: do I need to put a SSD in there, or can I stick with an SDHC card or something like that? (I had trouble understanding the stuff about ´USB connectors´ in the other thread. I know nothing except for connecting a HDD to a SATA-connection, and a USB is a stick that sticks outside my computer ;D
It is not easy for a stupid Dutch person btw to type on a German layout keyboard, as I am currently doing: each sentence takes about 10 minutes ;D ;D ;D
-
It depends on what you end up running on it. Use an SD card of you aren't going to be using Snort or Squid.
Steve
-
It depends on what you end up running on it. Use an SD card of you aren't going to be using Snort or Squid.
Steve
Thank you Knight Steve ;D
I've changed my mind: I will not buy an APU.
The reason is the people that know, on this forum, are recommending switching from Snort to Suricata. I did this yesterday as a test. My RAM is now 72% of 8 GB, so 5,6 GB. the APU has only 4 GB. And who knows what the future will bring for Suricata. I want to give the old senior citizen something he can use for the next 10 years.
This box looks nice:
http://www.mini-box.com/M350S-enclosure-with-picoPSU-80-and-60W-adapter
(Via: https://forum.pfsense.org/index.php?topic=70936.0).
Now of course is to find an appropriate motherboard and CPU - not too expensive for this old man. There once was a great great man on this very forum who helped me get my Intel board and Celeron CPU as a good match. You never know if he will pull something out of his magical hat again ;D
-
I must have missed my name in the honours list. ;)
That is a surprisingly high memory usage even for Snort. I'm guessing you have a lot of rules and have the filtering algorithm set to something memory hungry.
What seems like only a few years ago (more like 10 at least!) I used to run IPCop here at home. At the time I had an 8/0.5Mbps DSL connection and the hardware I was running was a Cyrix-333 with 196MB RAM. I ram Squid and Snort on that machine with no noticeable slow down. Here's a guy filing a bug report because Snort won't run in 96MB! It's hard for me to get my head around the current Snort requirements given that. ;)There are many people using the M350 it seems to be well tested.
I'm yet to find a board that seems as suitable for a moderately powerful firewall as the DQ77KB. Supermicro have some pretty nice options, for example: http://www.supermicro.com/products/motherboard/celeron/X10/X10SBA.cfm
Don't know if anyone else has tried them yet and they're expensive. There are other manufacturers coming out with similar boards though. Celeron J1800/1900, dual Intel NICs, mini-ITX, DC power-able seems like a sweet spot for a home firewall.Steve
-
I must have missed my name in the honours list. ;)
:o ??? :P
(The man I was referencing knows who I mean - he keeps on refusing to let me buy him a coffee ;D )
That is a surprisingly high memory usage even for Snort. I'm guessing you have a lot of rules and have the filtering algorithm set to something memory hungry.
What seems like only a few years ago (more like 10 at least!) I used to run IPCop here at home. At the time I had an 8/0.5Mbps DSL connection and the hardware I was running was a Cyrix-333 with 196MB RAM. I ram Squid and Snort on that machine with no noticeable slow down. Here's a guy filing a bug report because Snort won't run in 96MB! It's hard for me to get my head around the current Snort requirements given that. ;)It apparently is a (rather serious) problem with Suricata. At the peak this morning it was running 94% ( :o ). That is almost 8 GB of RAM. Then I stopped it and went back to Snort.
It was running on 4 interfaces, with Snort subscription 'security' and all ET rules except for two (I'm playing with it, I know it is overkill). On Suricata, like said, it ran between 70-95%, on Snort it is back to 32%.
There are many people using the M350 it seems to be well tested.
I'm yet to find a board that seems as suitable for a moderately powerful firewall as the DQ77KB. Supermicro have some pretty nice options, for example: http://www.supermicro.com/products/motherboard/celeron/X10/X10SBA.cfm
Don't know if anyone else has tried them yet and they're expensive. There are other manufacturers coming out with similar boards though. Celeron J1800/1900, dual Intel NICs, mini-ITX, DC power-able seems like a sweet spot for a home firewall.Steve
Thanks for this suggestion, Steve ;D It indeed is an expensive board, and given that socket (not 1155), it is probably not upgradeble(?)
I was looking at the supermicro X10SLV: http://www.supermicro.com/products/motherboard/Core/H81/X10SLV.cfm
That is upgradeable I think(?),
Bye,
-
Indeed that is upgradable. Just as an example Asrock make a number of boards for embedded integration some of which are virtually identical the that Supermicro. For example:
http://www.asrock.com/ipc/overview.asp?Model=IMB-180
A different CPU socket but otherwise very similar. No idea where you could buy that though. ::)Steve
-
The similar asrock board is not rangeley, but rather avoton. No quick assist, only two Ethernet, and that asrock board is tuned for storage.
I have had an APU on a 1gps/1gps connection for a few days (yes, to my home), it tops out at just under 300Mbps. The same Mac gets over 900mpbs directly connected.
I'll be replacing the APU shortly.
-
Not jealous of your home gigabit connection at all! ::) is that Google fibre or have you got others offering 1Gbps in Austin now?
I think there would be quite a few people interested in what hardware you choose to run for that connection Jim.Steve
-
This is Grande. AT&T is also offering 1Gbps/1Gbps in ATX, but even though they have fiber on the side of my house, they don't want to offer me the service.
When Google arrives, I'll be keeping both.