Atom-Based pfsense and other Home Network Stuff

OverlordXenu

So, I'm planning to upgrade my home network from a crappy router with DD-WRT on it and some ancient switch to a pfsense-based router and hardware firewall. I want to use the dual-core Atom processor (330), and an Intel NIC. I need a Full Duplex (FDX) gigabit switch with at least one SFP port, and a minimum of 12 gigabit RJ45 ports.

Mobo/CPU
RAM (Cheapest Newegg has that I would buy.)
NIC
PSU
Case
Switch

Have I made some good choices? Is there a better switch I should get? Is there something else I should get for the pfsense build?

My budget is around $600. I plan to use my crappy router as a wireless-G access point. I use my network for intra-network file transfers, VPN (to get around filters), online gaming, legal P2P (my work distrubutes large files over bit torrent), and other normal network use.

Thoughts? Suggestions? Comments?

Thanks!

David_W

All Gigabit is full duplex; there's no such thing as half duplex Gigabit.

Those HP ProCurve 1800 series switches look good for the money. They are what tends to be called a Web Managed Switch or Smart Switch, and lack the full functionality of a Level 2 Managed switch, but they have the features most people need for a good price. In fact, though I don't have one myself, I just suggested the 8 port version to someone in another thread.

My switches are ZyXEL Dimension GS-2024 switches, which are full Level 2 Managed switches. I would have gone for the HP equivalent (HP ProCurve 2810-24G - part number J9021A), but the cost was prohibitive. In practice, I'm not relying on any functionality on the GS-2024 switches that the ProCurve 1800 series doesn't provide as the ZyXEL STP implementation is brain-dead; you can't use STP on or across a port trunk. I live in hope that ZyXEL will fix this in a future firmware upgrade, but I'm not holding my breath. When I've paid for full Level 2 Management, the lack of usable STP in a multi-switch setup is annoying to say the least (it stops things like wireless fail-over of my fibre links from working, also I can't connect switches in a ring for redundancy). SNMP is useful - which is something the ProCurve 1800 series lacks - but I could live without being able to graph traffic moving around my switches.

If you want a 24 port switch that supports 802.1q VLANs, 802.1p Priority and port trunking (LACP is supported according to the specification sheet - I'd guess that static trunks are as well though I haven't checked the manual), the ProCurve 1800 series looks ideal and HP have an excellent reputation.

So far as the NIC goes, you could save money and get a single port server NIC - with VLANs you only need a single NIC port for your whole pfSense machine.

I'm not that familiar with the other bits; I'll leave it to others to comment.

AudiAddict

After switching to pfsense at work I obviously also wanted pfsense at home.. :D

I was also looking for a " compact" system and wanted to try out the atom mobo, but after reading several reviews and problems were having with this board.. I decided to wait.

The LAN on this board is from realtek even though it's a intel board..I've read people having problems with this realtek chip in freebsd/linux. Dropping connections..timeouts etc.

So I would think twice before getting this mobo..and maybe think about using an old desktop pc and add a gbit intel nic there. I got a optiplex gx260 from dell for 30 dollars from ebay and added some more memory and a additional nic..runs perfectly! Onboard gbit.. and doesn't take much power either.

OverlordXenu

I'll be using an Intel NIC anyway.

Thank you David.

I haven't had much sleep lately, so I probably know the answer and have just forgotten it, but what does a fully managed layer two switch have over the HP I found?

Thanks again!

David_W

The 'extras' that come to mind in a 'full' Level 2 Managed switch are STP (these days, that means MSTP and RSTP), monitoring in various guises (minimum of SNMP - these days, typically SNMPv3 and sometimes some sort of flow monitoring protocol), port mirroring (very useful for debugging - that one I would miss), 802.1x capabilities and an SSH interface. I'm sure that there's more you'll spot if you compare specification sheets (I'm not sure how many Web Managed switches support jumbo frames) - but in many deployments, a Web Managed switch is more than enough.

cheesyboofs

FYI - The ProCurve 1800 x supports ssh, jumbo frames and port mirroring, mine's due today thanks to David's for giving me the great idea I shall probably be hassling him when I can't get vlaning working  :o

OverlordXenu

Awesome. I do love jumbo frames! But seriously, that switch sounds like the right switch to me.

Thanks guys!

So no one else thinks it would be a bad idea to use Atom?