Planning Dell Mini Tower quad Core
-
New to pfSense however, I have been with Mikrotik for over five years. My plan is for a firewall PC/router using Dell mini tower quad core i7 with 8GB RAM because price wise I can get cheaper those ultra PC/router. I am also planning adding a fiber optic card since fiber gigabit Internet is available in my city.
This system will serve as an in-between ISP and my Mikrotik, mostly for Snort…I also like the schedule feature in firewall for VPN. The system is for my home and in-home office. My thinking is, I would like to create a layer effect, with three routers...the pfSense, Mikrotik (RB850G), and an Apple Extreme...the latter two are routers I already have.
Of course, I get heat and possible noise with the Dell; however, I am shopping for one with a hard drive so I could add a 128GB SSD. I am seeking feedback of this plan, and any pertinent consideration...thanks in advance.
-
New to pfSense however, I have been with Mikrotik for over five years.
You might be able to use the pfSense instead of the RB850Gx2 at the WAN area, or vice versa.
But in normal a dual router solution will not be the best set up in all areas, it can be helping out
often but not ever and in all situations.I can get cheaper those ultra PC/router.
For how many you will able to get this box?
This system will serve as an in-between ISP and my Mikrotik, mostly for Snort…
In your situation I would also march along that road! But not only Snort counts here in this game play.
You should be telling us first more or about all packets you may need to be installed or that will be used.am also planning adding a fiber optic card since fiber gigabit Internet is available in my city.
You might be able to inset many different one for sure! If I would need one I will be using a PCIe 2.0 x1 card
with a single SFP slot that might be better then old server pulled cards that often needs PCIe 2.0 x4.The system is for my home and in-home office. My thinking is, I would like to create a layer effect, with three routers…the pfSense, Mikrotik (RB850G), and an Apple Extreme...the latter two are routers I already have.
I would be aware of creating a triple NAT solution. I would place the pfSense at the WAN front and behind of this
I would install behind the RB850Gx2 for saving the office environment. otherwise you could be only using the
pfSense and you might be also able to go with VLANs and a inserted miniPCIe mSATA and WiFi card too.- OpenLDAP for cable wired clients
- Radius Server for private wireless clients
- Captive Portal with vouchers for external WiFi guest clients
Might be enough security to secure the whole network and a WiFi guest network too.
Perhaps a smaller Cisco SG300-10 will be nice for routing the whole LAN segment with
wire speed, but with a Intel i7 CPU you might be also having enough power for that.Again it would be better to go only with the pfSense and if really needed with one more router behind it
like the RB850Gx2 you could also disable NAT at the MikroTik router and work only with firewall and mangle rules. -
@BlueKobold:
New to pfSense however, I have been with Mikrotik for over five years.
You might be able to use the pfSense instead of the RB850Gx2 at the WAN area, or vice versa.
But in normal a dual router solution will not be the best set up in all areas, it can be helping out
often but not ever and in all situations.Yes, the plan is ISP >pfSense (WAN) > Mikrotik > Apple Extreme (bridge mode/wireless access =primary and guess). All Apple devices connect to the Extreme, such as Mac Mini server and AppleTV (wired) and MacBook pro, iPad, and iPhone (wireless). I am still figuring out the setup configuration as ideally, I would like for WAN to leave the pfSense and enter the Mikrotik as WAN; however, I realized that won't most likely work because the pfSense has some features I would like to capitalize on such as the scheduling firewall opening and closing certain ports. What I originally wanted was for the WAN traffic as it passes through pfSense to be Snorted before it gets to the Mikrotik, the LAN master.
I can get cheaper those ultra PC/router.
For how many you will able to get this box?
The prices I have seen on eBay ranges from $200 - 400, whereas, I can get a Dell Optiplex 2nd generation quad i7 between $125 - 180, depending on memory installed.
This system will serve as an in-between ISP and my Mikrotik, mostly for Snort…
In your situation I would also march along that road! But not only Snort counts here in this game play. You should be telling us first more or about all packets you may need to be installed or that will be used.
Well, I was thinking of adding to pfSense, just Snort and Sophos…so far.
am also planning adding a fiber optic card since fiber gigabit Internet is available in my city.
You might be able to inset many different one for sure! If I would need one I will be using a PCIe 2.0 x1 card with a single SFP slot that might be better then old server pulled cards that often needs PCIe 2.0 x4.
Great that you mentioned this as some cards on eBay (I am watching) seem that they came from servers. Also, the reason for the mini tower is for the expansion slot and will need two…fiber WAN and Ethernet LAN.
The system is for my home and in-home office. My thinking is, I would like to create a layer effect, with three routers…the pfSense, Mikrotik (RB850G), and an Apple Extreme...the latter two are routers I already have.
I would be aware of creating a triple NAT solution. I would place the pfSense at the WAN front and behind of this
I would install behind the RB850Gx2 for saving the office environment. otherwise you could be only using the
pfSense and you might be also able to go with VLANs and a inserted miniPCIe mSATA and WiFi card too.- OpenLDAP for cable wired clients
- Radius Server for private wireless clients
- Captive Portal with vouchers for external WiFi guest clients
Might be enough security to secure the whole network and a WiFi guest network too.
Perhaps a smaller Cisco SG300-10 will be nice for routing the whole LAN segment with
wire speed, but with a Intel i7 CPU you might be also having enough power for that.Again it would be better to go only with the pfSense and if really needed with one more router behind it
like the RB850Gx2 you could also disable NAT at the MikroTik router and work only with firewall and mangle rules.Yes, I am aware of the NAT problems as I encountered that in my current setup with the Mikrotik and the Apple Extreme long time ago. Mac Mini server likes when the Extreme is in charge; however, I need the more robust Mikrotik to be in charge. I am sure I will face that again as pfSense will want to be in charge and control NAT…that why I said above that my original pass through the pfSense WAN might not work. So, this why I came here to get the best modification to my original plan, which will really be about how pfSense work in harmony with Mikrotik...for example, how could I create a VPN where the client logs into pfSense then hands off to Mikrotik for a second log in.
-
Well, after doing some research, I discovered the Dell Opticplex I would need to meet the requirement of having PCLe 2.0 x1 would cost $450 - 500 or more. Well, that's approximately the same price for the Mac Mini quad core i7 that has a better form factor and aesthetics also fits nicely with my platform of devices.
I would run/configure WAN on an Ethernet to thunderbolt adapter and LAN on internal Ethernet port. I wish I could have found a fiber optic to thunderbolt adapter. So, the fiber optic plan from ISP directly to the router got scrapped as it would make sense after purchasing the Mac Mini to spend on a fiber optic to Ethernet converter which can cost over $300 for the gigabit speed.
-
Well, after doing some research, I discovered the Dell Opticplex I would need to meet the requirement of having PCLe 2.0 x1 would cost $450 - 500 or more.
The look more for a small Xeon D-15x8 platform such as the SYS-E200-D8 or SYS-E300-D8 or something similiar like this
perhaps a self made one. It is the best bet for low power and/or real 1 GBit/s. Also a small Xeon capable mini-ITX board will
do that Job right. -
@BlueKobold:
Well, after doing some research, I discovered the Dell Opticplex I would need to meet the requirement of having PCLe 2.0 x1 would cost $450 - 500 or more.
The look more for a small Xeon D-15x8 platform such as the SYS-E200-D8 or SYS-E300-D8 or something similiar like this
perhaps a self made one. It is the best bet for low power and/or real 1 GBit/s. Also a small Xeon capable mini-ITX board will
do that Job right.I have made my mind up to get a 2011/12 Apple Mac Mini quad core i7…unless there is compatibility issues...seeing that OS X and pfSense are both based on freeBSD, I doubt I'll have issues.
-
@BlueKobold:
Well, after doing some research, I discovered the Dell Opticplex I would need to meet the requirement of having PCLe 2.0 x1 would cost $450 - 500 or more.
The look more for a small Xeon D-15x8 platform such as the SYS-E200-D8 or SYS-E300-D8 or something similiar like this
perhaps a self made one. It is the best bet for low power and/or real 1 GBit/s. Also a small Xeon capable mini-ITX board will
do that Job right.Well BlueKobold, I am changing my mind again…now thinking of a Dell PowerEdge R710 (used)...it's less than half of the price of a Mac Mini quad core i7 (used)...however, it's a serious overkill for my home/office...fun toy to play with though.