Overkill build (but the case is so pretty) questions
-
Hi everyone, long time lurker, first time poster.
As I start to worry more about the state of the world and my own privacy (bit paranoid), I'm at the point where I wish to set up a pfSense box. This is for home use, with only myself and my partner using the network. That being said, we have a 'typical' range of devices, couple of phones, laptops, gaming pc, freenas server, PS4, Ubiquiti AC-Pro AP, smart tv etc on a 100/40 connection. From what I have read the build I am about to propose is most definitely overkill for my use but in my mind I can always re-purpose this and build something cheaper down the line. What I am after is your expertise in criticizing the hardware choices be it for fitting issues, better options (similar in nature, not prebuilt devices as I love this case) or hardware issues that stand out. The cost is surely higher than necessary but I have a tendency of going all in and I want this to look pretty :P My previous experience with pfSense is limited to a spare laptop with a USB nic, but I loved the extra control it offered over my standard Netgear D6300 (which, after the addition of the Ubiquiti AP, has been relegated to purely routing). So here goes:
Motherboard: Gigabyte H170N mITX board - $195 https://www.mwave.com.au/product/gigabyte-h170nwifi-lga1151-miniitx-intel-motherboard-ab67455 (other shop has it for $189)
CPU: Intel Pentium G4400 - $80 https://www.mwave.com.au/product/intel-pentium-g4400-dualcore-lga1151-3m-cache-330-ghz-processor-ab68887
RAM: Kingston ValueRAM 4GB ECC - $48.98 https://www.mwave.com.au/product/intel-pentium-g4400-dualcore-lga1151-3m-cache-330-ghz-processor-ab68887
Storage: Intel 540s 120GB m.2 SSD - $82 https://www.mwave.com.au/product/intel-540s-120gb-m2-ssd-ssdsckkw120h6x1-ab80559
Case & PSU: Realan Mini ITX Case with DC Power Supply (and AC Adaptor) - $125 https://www.aliexpress.com/item/Mini-itx-cases-with-power-supply-Mini-Computer-Case-E-Q5/554179001.html & https://www.aliexpress.com/item/120W-dc-dc-solid-power-supply-board/32684549686.htmlTotal Cost: $530
Now while I'm okay with spending this much as I love tinkering with all things IT and I'm sure that once I have this configured I'll be happy to have it around for some time. Are there any parts (new only) that would fit this case and do the trick? Keep in mind I'll be ordering from Australia (for shipping).
Thanks in advance for any helpful criticism :D
-
While I'm sure this unit will do the job for you, I would be more concerned with the day-to-day power usage of this PC versus that of an appliance. It's likely to be an order of magnitude larger for no discernible gain.
-
In terms of dollars/year (your best guess), how much difference are we talking?
-
Look here for example of a ready built. Just add your ssd storage option. You will need to mount a low profile cpu fan. I would go with ddr4 ram as opposed to ddr4 ecc ram in non-ecc mode.
http://www.ebay.ca/itm/MITXPC-Intel-Core-i3-6100-H170-Dual-LAN-Industrial-PC-w-4GB-MX500-H170N-WIFI-/111886265314?hash=item1a0cf0ebe2:g:kGcAAOSwuYVWpu2r
-
Wow that's a very close build. Not having to worry about the assembly (in particular the power supply that I've never dealt with before) is calming to say the least. Definitely a viable alternative. Thank you ;)
-
In terms of dollars/year (your best guess), how much difference are we talking?
Impossible for me to say. It depends on so many local factors. What does power cost where you are? Peak vs non-peak hours, etc etc? I think your spec had a 120W P/S in there. I have no idea how it runs when idle or low load. The SG-2220, for instance, uses about 6W. It may be a negligible amount of money like a few bucks per month, but why waste power for no reason?
-
for ecc ram, you need a xeon chipset - usually a super micro board. go 8gb regular ram
would also add an intel dual lan pcie card from ebay
a zoltac ci323 box with the braswell refresh would work as well, and be cheaper than your current idea (look up zoltac ci325)
alternatively, go with this: https://www.asus.com/ca-en/Motherboards/J3455M-E/
8gb ram and a intel lan card
-
If you are concerned about privacy/security I would go with a coreboot AMD board that doesn't have AMD PSP/Intel ME backdoors.
https://www.coreboot.org/Binary_situation
Any intel system 2008+ will have the intel ME hardware level backdoor that is easily exploitable.
http://hackaday.com/2016/01/22/the-trouble-with-intels-management-engine/I have the AM1ML, its super low cost but it works great. Slot in a quad or six port gigabit nic and you're golden.
-
400 and 500$ for something with 2 nics? Why not just get from the pfsense store..
The 2220 or the 2440.. Or shoot you could pick up the micro 1000 for $149…
-
More interesting would for me the Internet connection speed that should be handled right.
And basing on that much devices I would guess it is better to get an adequate switch that
will be able to route your VLANs by its own power and let the pfSense do the entre WAN
job together with Snort and Squid perhaps that means you should have a closer look to
a Switch like the Cisco SG300 series or the D-Link DGS1510 series that comes on top of
this with 2 SFP+ ports for a fast connection to the FreeNAS unit.Small:
PC Engines APU2C4 - 4 GB
up to nearly ~500 MBit/s WAN
alternate a SG-2200Jetway NF9HG-2930 - 8 GB
up to nearly ~1 GBit/s WAN
alternate a SG-2440Mid ranged:
ASUS Q87T & intel Core i3 @3,0GHz & 8 GB
up to a real ~1 GBit/s WAN
alternate a SG-4860Big ones:
Mini-ITX Board & Intel Xeon E3 (4C) - 8 GB
up to real ~1 GBit/s and VLAN routing with ease
alternate a SG-8860Cisco SG300-10 or SG300-20 would be the best option in my eyes
to realize VLANs with wire speed and a D-Link DGS1510-20 to add
the FreeNAS with 10 GBit7s into the LAN.
