Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    All-in-one homeserver, advisable?

    General pfSense Questions
    6
    38
    6.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      shebang1234
      last edited by

      I see a lot of people here recommend others to run dedicated firewalls and not multipurpose servers. I don't understand why that is the case.

      I am using an old netbook (has enough CPU power to handle everything. Talking about a small network) as a pfsense router/firewall. I want to add a local Asterisk server (for intercom purposes) and a public PHP/Apache server for torrentflux-b4rt.

      Ideally I would've used a couple of VMs and isolated everything, but that'll probably eat up too much power. My netbook isn't capable of running VMs. I don't have a server atm, I'll have to use my workstation instead.

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        Then do so - but pfsense is not going to be a good choice, its designed to be a router/firewall - not a asterisk server, or a web server to or torrent box, etc.

        If you want you can surely install that on the freebsd that pfsense runs on - but it has been highly customized to be a router/firewall only.

        If you want to run an all in one box that also does other stuff.. Look more to something like http://www.clearfoundation.com/Software/overview.html ClearOS or http://www.zentyal.org/ or http://www.amahi.org/

        As to not able to run VMs?  How is that - anything can run vms..  VirtualBox will run on its just fine I would assume or Vmware player/workstation etc.. etc..

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

        1 Reply Last reply Reply Quote 0
        • S
          shebang1234
          last edited by

          @johnpoz:

          Then do so - but pfsense is not going to be a good choice, its designed to be a router/firewall - not a asterisk server, or a web server to or torrent box, etc.

          If you want you can surely install that on the freebsd that pfsense runs on - but it has been highly customized to be a router/firewall only.

          If you want to run an all in one box that also does other stuff.. Look more to something like http://www.clearfoundation.com/Software/overview.html ClearOS or http://www.zentyal.org/ or http://www.amahi.org/

          As to not able to run VMs?  How is that - anything can run vms..  VirtualBox will run on its just fine I would assume or Vmware player/workstation etc.. etc..

          I'll consider those options. For now everything that I needed is available under pfsense packages. And pfsense seems to be extremely easy to configure. It feels like it'll "just work"

          I can't run VMs because my netbook is one of those 32 bit Atoms that wouldn't even be able to handle gigabit routing.
          The CPU doesn't support virtualization and is very slow. It can't even perform decent enough for a single user, I doubt it is going to be able to handle the overhead of the VM OSes.

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            Another home server worth a look is FreeNAS.  It will probably meet all your storage needs and you can install jails, etc, for other applications.  And it's FreeBSD like pfSense.  :)

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • K
              kejianshi
              last edited by

              Sure - A collection of VMs behind a pfsense VM is a perfectly reasonable setup.

              Assuming you have to memory and cpu for it.

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by

                What is the actual cpu?  I think you would be surprised really..  esxi prob even run on it, etc.

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                1 Reply Last reply Reply Quote 0
                • S
                  shebang1234
                  last edited by

                  @Derelict: I don't use Nas. I might need to because of tf-b4rt. I'm interested in the jails feature particularly. Any reason pfsense can't do that?

                  @johnpoz: Like I said my CPU doesn't support virtualisation and is 32 bit. ESXi doesn't support it.

                  It's an Intel Atom N270 with 1 Gb Ram.
                  The netbook is Acer Aspire One ZG5.

                  1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator
                    last edited by

                    Well then use virtualbox or kvm, or QEMU or OpenVZ, etc..  There are plenty of options for 32 bit cpu.

                    Or spend a couple of bucks and get a box you can run VMs on - total investment for my N40L box was like $300, that was with bumping ram to 8gb and extra nics.

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                    1 Reply Last reply Reply Quote 0
                    • K
                      kejianshi
                      last edited by

                      Don't run all that crap on an atom…

                      1 Reply Last reply Reply Quote 0
                      • S
                        shebang1234
                        last edited by

                        @johnpoz:

                        Well then use virtualbox or kvm, or QEMU or OpenVZ, etc..  There are plenty of options for 32 bit cpu.

                        Or spend a couple of bucks and get a box you can run VMs on - total investment for my N40L box was like $300, that was with bumping ram to 8gb and extra nics.

                        @kejianshi:

                        Don't run all that crap on an atom…

                        The CPU is capable of running a couple of server applications that are going to be idle most of the time. VMs on the other hand, I doubt.

                        I have a box that can run VMs, it uses a lot more power. 2.5W TDP on that Atom vs 80W TDP on the server. The server also has peripherals for other VMs (like a 60W GPU). The other VMs don't need high availability as compared to pfsense, asterisk and tf-b4rt.
                        I am adamant on using the netbook because it is capable of running everything I need, I don't have to set up a new system… and because the netbook pretty much can't be used for anything else.

                        ClearOS, amahi etc seem like the best option. I guess I'll give that a shot. Thanks for the help :)

                        1 Reply Last reply Reply Quote 0
                        • johnpozJ
                          johnpoz LAYER 8 Global Moderator
                          last edited by

                          "VMs on the other hand, I doubt."

                          How much do you think a linux distro running apache needs exactly?  99% of the time its not doing anything?  Are you actively going to be doing torrents on this??  I never understand why anyone does this out of their house or even their own connection any more.. Why not throw it on a box in a DC with actually real type connection.. I have a seedbox in the NL that is like 8$ a month with 800GB of storage and gig connection..  Why should I power up anything in my house, use my bandwidth, be it old hardware or not for that kind of pricing?

                          Then if there is something on there I want local - I can max out my download pipe for a couple of minutes and there you go..

                          An intelligent man is sometimes forced to be drunk to spend time with his fools
                          If you get confused: Listen to the Music Play
                          Please don't Chat/PM me for help, unless mod related
                          SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                          1 Reply Last reply Reply Quote 0
                          • S
                            shebang1234
                            last edited by

                            @johnpoz:

                            "VMs on the other hand, I doubt."

                            How much do you think a linux distro running apache needs exactly?  99% of the time its not doing anything?  Are you actively going to be doing torrents on this??  I never understand why anyone does this out of their house or even their own connection any more.. Why not throw it on a box in a DC with actually real type connection.. I have a seedbox in the NL that is like 8$ a month with 800GB of storage and gig connection..  Why should I power up anything in my house, use my bandwidth, be it old hardware or not for that kind of pricing?

                            Then if there is something on there I want local - I can max out my download pipe for a couple of minutes and there you go..

                            I need torrentflux to handle my downloads. Bandwidth is expensive where I live, so one has to deal with overnight downloads on a regular basis.

                            1 Reply Last reply Reply Quote 0
                            • stephenw10S
                              stephenw10 Netgate Administrator
                              last edited by

                              I'd be surprised if there wasn't some virtualisation solution that would work for you. The overhead isn't that much for many cases.
                              What sort of bandwidth are we talking about here? Are you running packages or VPNs? It could be you're approaching the limits of what your Atom can do anyway but if not then try running as a VM.

                              Steve

                              1 Reply Last reply Reply Quote 0
                              • S
                                shebang1234
                                last edited by

                                @stephenw10:

                                I'd be surprised if there wasn't some virtualisation solution that would work for you. The overhead isn't that much for many cases.
                                What sort of bandwidth are we talking about here? Are you running packages or VPNs? It could be you're approaching the limits of what your Atom can do anyway but if not then try running as a VM.

                                Steve

                                WAN1: down: 2mbps up: 512kbps (ADSL)
                                WAN2: down: 7.2mbps (Mobile)
                                WAN3: down: 7.2mbps (Mobile)
                                LAN: Wifi n / 100mbps LAN.

                                WAN1 is limited to 20 GB data transfer, after which it becomes 512mbps d/l. WAN1 is unreliable. After 5 GB of download WAN2 and WAN3 become unusable.

                                CPU usage on my Atom with pfsense and Asterisk is under 7%. I have 3 phones and <15 network devices (closer to 4 on average.)

                                1 Reply Last reply Reply Quote 0
                                • stephenw10S
                                  stephenw10 Netgate Administrator
                                  last edited by

                                  So your maximum throughput is <20Mbps, assuming you're load balancing the three WANs. Even the slowest Atom would have no problems with that as you've seen. If you run Snort or VPNs though that won't be the case.
                                  If you have the time try running as a VM. At the very least any performance results you get would be interesting.

                                  Steve

                                  1 Reply Last reply Reply Quote 0
                                  • S
                                    shebang1234
                                    last edited by

                                    @stephenw10:

                                    So your maximum throughput is <20Mbps, assuming you're load balancing the three WANs. Even the slowest Atom would have no problems with that as you've seen. If you run Snort or VPNs though that won't be the case.
                                    If you have the time try running as a VM. At the very least any performance results you get would be interesting.

                                    Steve

                                    My only choice here is to try virtualbox. My hardware doesn't support any type 1 hypervisor.

                                    Again the ideal thing would be for each server to run in its own VM. That is 3 VMs, or at least 2: one for pfsense and one for Apache/Asterisk.
                                    I don't think running Apache/Asterisk on the VM host would be smart. I'll get myself a lightweight linux os host and try to do this then.

                                    1 Reply Last reply Reply Quote 0
                                    • johnpozJ
                                      johnpoz LAYER 8 Global Moderator
                                      last edited by

                                      @shebang1234:

                                      I don't think running Apache/Asterisk on the VM host would be smart. I'll get myself a lightweight linux os host and try to do this then.

                                      Why??

                                      CPU usage on my Atom with pfsense and Asterisk is under 7%. I have 3 phones and <15 network devices (closer to 4 on average.)

                                      So this is doing NOTHING so why do you think you can not break it out to its own VM??  Your apache is not going to be a site like amazon now is it ;)  So how much do you think it would draw??

                                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                                      If you get confused: Listen to the Music Play
                                      Please don't Chat/PM me for help, unless mod related
                                      SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                                      1 Reply Last reply Reply Quote 0
                                      • S
                                        shebang1234
                                        last edited by

                                        @johnpoz:

                                        @shebang1234:

                                        I don't think running Apache/Asterisk on the VM host would be smart. I'll get myself a lightweight linux os host and try to do this then.

                                        Why??

                                        CPU usage on my Atom with pfsense and Asterisk is under 7%. I have 3 phones and <15 network devices (closer to 4 on average.)

                                        So this is doing NOTHING so why do you think you can not break it out to its own VM??  Your apache is not going to be a site like amazon now is it ;)  So how much do you think it would draw??

                                        What I meant was that I'll have to run 2 VMs at least because Apache and Asterisk on a host that is running a VM with pfsense in it would be a potential security threat.

                                        <rant>Quite honestly, maybe I am just biased, I can't imagine running three different OSes on that machine. I understand that virtualisation can give you near native performance now, I just don't think it can come anywhere close without 64-bit instructions, Vt-x and Vt-d.
                                        I am saying this from previous experiences. I have a hard time keeping the machine responsive with just one OS on it.</rant>

                                        That said, I AM going to try running everything on vbox anyway. If everything works, great! otherwise I'll figure out a different solution.

                                        1 Reply Last reply Reply Quote 0
                                        • johnpozJ
                                          johnpoz LAYER 8 Global Moderator
                                          last edited by

                                          here is my copy of 32bit ubuntu running on my esxi box – if its sitting there idle, its not going to be pulling any cpu, etc.

                                          your other 2 vms are not going to be doing much of anything anyway - so just having the os installed and up an running is not really much overhead, etc.

                                          ubuntuonesxi.png
                                          ubuntuonesxi.png_thumb

                                          An intelligent man is sometimes forced to be drunk to spend time with his fools
                                          If you get confused: Listen to the Music Play
                                          Please don't Chat/PM me for help, unless mod related
                                          SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                                          1 Reply Last reply Reply Quote 0
                                          • K
                                            kejianshi
                                            last edited by

                                            I'd agree that an n2700 is fully capable of doing nothing when several VMs are loaded.

                                            The problem is when all those VMs suddenly have something they should be doing at same time.

                                            Thats when you will be hurting.

                                            When I provision a system, I provision it with the idea of all the VMs working 100% under a full load.

                                            I don't give any consideration to how well they work when idle.

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.