Looking to build a PFsense Firewall
-
I'm having some trouble on finding a computer to run pfsense on with my current internet speed. I currently have a 300mbps down with 25mbps up. I have tried a Dell Optiplex 755 with a core 2 duo at 3.0ghz and 4gb of ram, and an HP 6000 with a core 2 quad at 2.6ghz and 4gb of ram. Both had gig ethernet but the speeds were very inconsistent and would not get up to the 350mbps I get with my plain ol netgear router. I was thinking of getting something along the lines of a system with a 3rd gen Core i5. Any ideas?
-
I'm having some trouble on finding a computer to run pfsense on with my current internet speed. I currently have a 300mbps down with 25mbps up. I have tried a Dell Optiplex 755 with a core 2 duo at 3.0ghz and 4gb of ram, and an HP 6000 with a core 2 quad at 2.6ghz and 4gb of ram. Both had gig ethernet but the speeds were very inconsistent and would not get up to the 350mbps I get with my plain ol netgear router. I was thinking of getting something along the lines of a system with a 3rd gen Core i5. Any ideas?
Those both should have been able to keep up with no trouble, so just changing the hardware again might not fix things. Was this PPPoE by chance? What kind of NICs?
-
I'm having some trouble on finding a computer to run pfsense on with my current internet speed. I currently have a 300mbps down with 25mbps up. I have tried a Dell Optiplex 755 with a core 2 duo at 3.0ghz and 4gb of ram, and an HP 6000 with a core 2 quad at 2.6ghz and 4gb of ram. Both had gig ethernet but the speeds were very inconsistent and would not get up to the 350mbps I get with my plain ol netgear router. I was thinking of getting something along the lines of a system with a 3rd gen Core i5. Any ideas?
Those both should have been able to keep up with no trouble, so just changing the hardware again might not fix things. Was this PPPoE by chance? What kind of NICs?
Using on board Intel gigabit nic for LAN, and a tp link pcie gigabit nic for WAN. I assumed it was the hardware I was using because when I had a 75mbps down connection the 755 worked great. Then once I got the 300mbps down my speed starting being real inconsistent. That's when I tried the HP 6000 and got the same results. But my Netgear router works fine. I just figured it was my hardware.
-
I'm having some trouble on finding a computer to run pfsense on with my current internet speed. I currently have a 300mbps down with 25mbps up. I have tried a Dell Optiplex 755 with a core 2 duo at 3.0ghz and 4gb of ram, and an HP 6000 with a core 2 quad at 2.6ghz and 4gb of ram. Both had gig ethernet but the speeds were very inconsistent and would not get up to the 350mbps I get with my plain ol netgear router. I was thinking of getting something along the lines of a system with a 3rd gen Core i5. Any ideas?
Those both should have been able to keep up with no trouble, so just changing the hardware again might not fix things. Was this PPPoE by chance? What kind of NICs?
Using on board Intel gigabit nic for LAN, and a tp link pcie gigabit nic for WAN. I assumed it was the hardware I was using because when I had a 75mbps down connection the 755 worked great. Then once I got the 300mbps down my speed starting being real inconsistent. That's when I tried the HP 6000 and got the same results. But my Netgear router works fine. I just figured it was my hardware.
I'll assume that means no PPPoE? I'd probably try an intel nic before buying a bunch of new hardware (you can always move it to the new hardware if it doesn't fix the problem!) The tp-link is probably a realtek card, and the freebsd driver support for those is terrible–if you're having problems that's the logical place to start.
-
Yes the TP Link is a Realtek Card. And I'm pretty sure it isn't a PPPoE connection since I am on cable and not DSL.
-
Yes the TP Link is a Realtek Card. And I'm pretty sure it isn't a PPPoE connection since I am on cable and not DSL.
What kind of cable modem do you have?
edit- I ask because many cable users that opt for faster speeds recently are moved to / or purchase modems utilizing the Puma6 chipset which is defective.
http://www.dslreports.com/forum/r31122204-SB6190-Puma6-TCP-UDP-Network-Latency-Issue-Discussion
-
That's honestly kind of surprising to hear. I'd expect neither of those boxes to break a sweat at 300Mbps, even with a Realtek NIC. If you're in the US, ~$20 or so should get you a PCIe-X4 dual Intel NIC like this: https://www.amazon.com/HP-412648-B21-PCI-Express-GigaBit-Adapter/dp/B000J3OPOU. Assuming both of those platforms have integrated graphics, you can vacate the x16 slot on the motherboard (if no other suitable slot is available) and populate it with your new card. I'd try that before just buying another system.
-
I'd expect neither of those boxes to break a sweat at 300Mbps, even with a Realtek NIC.
You underestimate how bad re(4) is; it's not the NIC, it's the driver. :)
Edit to add: there's another option I always forget, which is to try the realtek-provided driver in place of the one included in freebsd. There are some other threads where people have tried it and reported good results, but I've never tried it myself.
-
I'm having some trouble on finding a computer to run pfsense on with my current internet speed. I currently have a 300mbps down with 25mbps up. I have tried a Dell Optiplex 755 with a core 2 duo at 3.0ghz and 4gb of ram, and an HP 6000 with a core 2 quad at 2.6ghz and 4gb of ram. Both had gig ethernet but the speeds were very inconsistent and would not get up to the 350mbps I get with my plain ol netgear router. I was thinking of getting something along the lines of a system with a 3rd gen Core i5. Any ideas?
A 3rd gen i5 offers a lot of horsepower.
On one hand, a device with those specs could be purposed for something else if you chose to at a later date. For pfSense, you would need a lot of users or some high demand applications to require that much power.
I'm using a home built mini-itx Intel j1900 based motherboard with intel NICs. The cpu barely registers as being on. Amazon has one or two prebuilt models that have excellent reviews for less than I spent building mine. Had they been available when I dove in, I would have considered one. I have 8GB ram (excessive) and a 120GB SSD (probably excessive but economical compared to a 64GB).
The old boxes you mention would use a lot of electricity. The nics may or may not be suitable for high speed internet. Intel is said to be best because they have hardware based drivers while Realtec's are software based. The Amazon boxes report about 900mb as a common max (more or less).
-
You underestimate how bad re(4) is; it's not the NIC, it's the driver. :)
Fair enough. And I just told someone on another thread that the bad rap for modern Realtek hardware was undeserved. Guess I can eat my words, at least when it comes to FreeBSD. I've not had any issues with it myself, even with pfSense, but stability != performance, and I don't yet have that 300Mbps WAN connection to deal with. It's really a shame, since the hardware is practically ubiquitous these days for desktops (I have 5 motherboards running in my home right this moment, ranging in age from 10 years to 2 months, and all of them have 1Gbps Realtek NICs onboard). I can pull a 30GB recording from my MythTV backend to my Windows workstation at ~950Mbps steady, and the MythTV box is on a motherboard I bought in 2007 and a Wolfdale CPU I bought in 2010. Both Realtek NICs. I get that desktop hardware is not a main focus for FreeBSD, but c'mon.
-
After I wrote that I looked at some other forums, by coincidence. They wrote the old view of Realtek, which I repeated, is less accurate today than in the past. If true, and it probably is, this makes life much easier when shopping for motherboards. Under typical circumstances, there is no difference, at least for home users.
-
After I wrote that I looked at some other forums, by coincidence. They wrote the old view of Realtek, which I repeated, is less accurate today than in the past. If true, and it probably is, this makes life much easier when shopping for motherboards. Under typical circumstances, there is no difference, at least for home users.
Yeah, the hardware's fine, the driver is at least better than it used to be, and for many people it will work with no problems. My caveats are: 1) if you're buying something really cheap off ebay or whatever sometimes you get what you pay for (whether that's a really cheap motherboard with onboard rtl nic or a really cheap intel nic on a card) and 2) if you are having problems (performance, stability) you should first suspect whatever you saved the most money on. With that caveat in mind, it would be a little nuts to consider the minimum for a home firewall to be to go to a reliable source for a <$100 commodity motherboard+cpu plus a $100-200 intel nic. Even with the higher failure rates for the stuff with sketchy sourcing, it will work fine in a home context for most people–just be aware of the potential for problems, and if you don't want to deal with that at all then just spend the money for someone else to do it (like the appliances from the pfsense store).
-
My experience with realtek is it works ok providing checksum offloading is disabled and the load is not too high, I would expect for a consumer using pfSense on a home network it would not generate a high enough load.
Interestingly someone on the FreeBSD forums discovered there is a newer driver direct from realtek which can be manually compiled and is more stable than the one that ships with the OS.
So yes the issue is the driver not the hardware.
