Building an 8 port pfsense machine.
-
Hey, I'm kina new to the pfsense world.
I would like to build an 8 port pfsense box,
That would allow for the 8 ports to be bridged
And also provide both 1g wan-lan and lan-lan
Speeds. Later i'de like to add an wifi card.Any suggestions?
Thanks.
-
im not sure if pfsense supports a hardware level bridging on nics (intel nic to be specific)
but if you ask me, ill just add enough nics to my requirement (eg how many networks youre going to connect to your hardware)
you might as well buy a decent switch with that many ports, the amount of money you will be spending buying a extra quad port nic is enough to buy a 2nd hand gigabit switch that has more than 8 ports.
for wifi, well giveup that plan since freebsd literally suck on it driver wise (since most manufacturers doesnt even bother having oem driver for freebsd, its always only linux, the wireless driver you see is probably re-written by hand some of them are hacked together just to make it work enough in client mode which freebsd mostly focuses on), go buy a dedicated ap you will be saving a lot of headache in the long run.
-
Yup agree with both those things.
Using an 8 port switch (or 10 port maybe) will be both cheaper and faster. The only reason to bridge interfaces in pfSense is if you need to filter between devices on the same subnet. It's possible but almost always a bad idea!
Wifi support in FreeBSD, and hence pfSense, is indeed limited. The best you can do is 802.11N with an older Atheros card. If that's sufficient or you have an old card gathering dust anyway then give it a try. An external access point can offer faster speeds and can be positioned for better coverage more easily.
Steve
-
I've been browsing a bit and saw various qotom boards, arent those helpful? And if i already have 1x4port nic and 1x2port nic both intel, would that change the answer? Cant i get some super mini board and throw in the nics?
With a decent cpu can't i bind the ports so all the devices are on the same subnet?
-
its not about can or can't.
its about should or shouldn't.a software firewall isn't a switch. A general purpose network card isn't a switch.
There are pfsense appliances out there (or they will be "soon") that allow you to use/configure the built-in hardware switch.If you care about performance,your energy bill & your wallet: get a switch
-
Yes, you can bridge the interfaces to put them in the same subnet.
It just than in most situations a switch is a better choice for that. If you have NICs to spare and CPU cycles to service them then you can do it.
Steve
-
Yes, you can bridge the interfaces to put them in the same subnet.
It just than in most situations a switch is a better choice for that. If you have NICs to spare and CPU cycles to service them then you can do it.
Steve
I'm doing this in order to reduce clutter and merge several devices into one. Would an core i5 2500k suffice to achieve 1gbps speeds?
-
Don't do it.
-
Here is a box someone just put together that has 8 actual nics, and 8 switch ports.. Though the switch ports would have to be connected to one of the router nics via a patch..
https://forum.pfsense.org/index.php?topic=136258.0
You can get with him on what performance he is getting and details of how he modded the case, etc. But one thing I would do is whatever switch he used, use smart switch vs dumb this would allow you to put any of the switch ports into multiple vlans.
-
Yes, you can bridge the interfaces to put them in the same subnet.
It just than in most situations a switch is a better choice for that. If you have NICs to spare and CPU cycles to service them then you can do it.
Steve
I'm doing this in order to reduce clutter and merge several devices into one. Would an core i5 2500k suffice to achieve 1gbps speeds?
Maybe. Bridging in BSD is not great. Also you're not putting the NICs in the same "subnet" you're putting them in the same broadcast domain (L3 vs L2). Even if you have the CPU to push 1Gb/s on all of your ports, you will still have much higher latency (lag). Get a cheap 12 port gig switch for $20 on ebay and it will be faster and easier to setup. It will also use less power and (if you looking at an i5) make less noise.
Keep in mind bridging in pfSense means you should have an understanding of Layer 2 traffic and broadcast protocols like mDNS.
In short, get the SG-3100 and support the project or look at the qotam boxes and a small switch.
