pfSense custom build hardware with Realtek port dilemma



  • Hi,

    I've just installed pfSense on a custom build mini PC. The motherboard (MSI) has 1 Realtek Ethernet port and I added an Intel NIC with 2 ports. I set up the Intel card to be the WAN and the LAN and I thought about using the Realtek port as OPT1 or something but I remember reading that Realtek drivers for pfSense are quite not stable.

    I even thought about using the Realtek port as the WAN and the 2 Intel ports as LAN and OPT1...

    What should I do? Can I count on the Realtek hardware for home use? And if so then what should the Realtek port be - WAN or OPT1?

    Thank you,



  • Hi,

    I have 5 appliances used as edge fw that are running 24x7 with Realtek NIC for at least 5 years. No issues at all (100 Mbps symmetrical WAN connection). A couple of them in HA achieved an uptime of about 700 days...
    If your OPT1 doesn't use VLANs and will be used for Guests and/or IoT traffic, Realtek NIC could be fine.



  • @psp So what's all the fuss about pfSense and Realtek problems? Intel is just more compatible/faster/better?



  • You question remains valid when you remove "pfSense" out of your phrase.
    pfSense uses "FreeBSD" as it's OS. FreeBSD users, or maybe even every "nix" users do not belong to the Realtek fan club.

    It's just the net talking, see for example https://www.reddit.com/r/freenas/comments/bul9gq/so_are_realtek_nics_just_complete_garbage_when_it/

    It might be the average driver quality - or the hardware - chip and/or transceiver ... or both.
    Or just a proof of concept that dirt cheap means identical quality.



  • @Gertjan That conversation on reddit is quite frightening haha...How can such extreme different views on the same hardware be held? On the one hand people who say it's ok and been working for years without any problems, and on the other hand people who say this is so bad it can even ruin or lock your motherboard lol...Crazy!

    I don't mind trying the Realtek NIC and stop using it if connection is bad or experiencing problems, but when people say it had an effect on their entire motherboard/PC...that's something I don't want.

    So...should I take the risk? hahaha



  • For what it's worth, I'm using an "re1" NIC right now in a production setup. It's a first generation PCI (not express) NIC add-on card.
    I have put it aside, still in the setup but not used any more since a couple of month. Before that, it served a captive portal for 8 years or so. It has seen Terra bytes.
    I never had an issue with it - using the build in FreeBSD driver, or the more recent one proposed on this forum.

    A NIC killing a mother board ? Well ....


  • Netgate Administrator

    Much more likely it will just stop passing traffic if anything happens at all.

    Earlier 100Mb Realtek NICs were genuinely bad, you could almost guaranty they would fail. Their Gigabit stuff is much better but still variable. The original APU had re(4) NICs, I have one and have never seen any issues with it. A lot of people found Realtek's own FreeBSD driver to be the solution to timeout issues. There are a number of threads here about that.
    You will probably find you can't get the full 1Gb bandwidth through it compared to an Intel NIC no matter what though.

    Try it and see.

    Steve



  • @Gertjan said in pfSense custom build hardware with Realtek port dilemma:

    using the build in FreeBSD driver, or the more recent one proposed on this forum

    Can you elaborate more on the one proposed on this forum and how to install it? Maybe a link to the post about it?

    Thank you,


  • Netgate Administrator



  • I doubt you'll see any problems in a home setup. I've use a quad-Realtek MB for 10 years there without issue with Hyper-V. But I picked up a quad-Intel i340 for about 20 bucks on Ebay because why not, especially with their great rep?



  • @stephenw10 I read that post and saw this answer:
    Screen Shot 2019-11-26 at 14.53.29.png

    But someone else asked how to compile the drivers.

    Maybe I'm misunderstanding all of this but it seems to me like there's 2 options to install this driver - (1) Compile these drivers with a pfSense release, creating your "own" compiled version of pfSense. (2) Just simply install the driver onto an existing machine. Correct?



  • Dono where, but the compiled driver file is linked somewhere on the forum.
    For FreeBSD 11.2 (pfSense 2.4.4-p3) and FreeBSD 12 (pfSense 2.5.0).

    Btw : the info you quoted is wrong.
    Read a couple of inches lower in that same thread for the correct info.

    edit : a file like /boot/loader.conf can be updated / upgraded and thus your edits are lost.
    In that case the user supplied driver won't get used, the kernel-build-in one will.

    To make your edits persistent, create and use a file called /boot/loader.conf.local - as stated in the thread you mentioned.


  • Netgate Administrator

    The precompiled binary is attached to the first post in that thread. Copy the kernel module to pfSense and edit loader.conf.local as mentioned to load it.

    You have to trust that that binary file is what it claims to be. I have no reason to think it isn't.
    But otherwise you have to compile it yourself from source using FreeBSD. There are no build tools in pfSense.

    But you should just test the NIC first. It will probably run fine with the included driver.

    Steve



  • @stephenw10

    1. My pfSense version is 2.4.4-RELEASE-p3. The driver we're talking hasn't been made official and thus won't be in this release or even in the upcoming releases, right?

    2. If I understand you correctly, unless I have a running FreeBSD OS, I won't be able to compile this driver and thus have to use that binary file attached to that post?

    3. If I'm correct about both (1,2 above) I think I'll just use the build in driver and test it.

    Thanks,



    1. Right. pfSense uses close-to-stock FreeBSD. Netgate builds pfSense and the used OS from source. A source for the realtek NIC's is integrated.
      Note : The up stream FreeBSD can change or modify their sources whenever they want. If there is a good reason.

    2. Exact again. Read the entire post again. You need to have a pure 'native' FreeBSD system ( start here ), you have to add the 'build tools'. Add the source of this new driver and type the word with which the world is build : make. Then you obtain the 'binaries' for your type of FreeBSD kernel. Copy it over and done.

    3. Good choice. You know an alternative exists - if needed. It's like having a Plan B ....


  • Netgate Administrator

    Yes, on all three points! ๐Ÿ˜‰

    If you use the NIC and see 'watchdog timeout' errors in the system log from the re driver then consider using the alternative driver. It has been shown to work better in that situation.

    Steve



  • 2 last questions (I hope haha):

    1. I've read on few articles that SSD and pfSense logs (or maybe more accurately RRD graphs etc.) are not the best friends to say the least. Perhaps it was relevant many years ago but it made me disable the logs for my home setup. I enable them back only for testing stuff until it works perfectly or when I notice a problem or strange behavior which almost never happens. As a programmer I perfectly know that logs are important haha but for this specific pfSense setup I hardly need them.
      Any input on the SSD wearing out issues with pfSense logs?

    2. Any good benefit, besides compiling drivers for pfSense hahaha, in installing a FreeBSD OS on an old PC?


  • Netgate Administrator

    Any recent SSD should have a write life that far exceeds anything that pfSense can ever do to it. However if you're at all concerned there are somethings you can do to minimise drive writes.

    Remove the SWAP slice during install. pfSense should never use swap anyway but if you exhaust the RAM and it does that's a lot of writes.
    Set /tmp and /var as RAM drives. The majority of writes are there. That's an option in Sys > Adv > Misc.
    Make sure / is mounted noatime. Run mount -p to check. If it isn't edit the fstab to include that.

    Just for the experience of using FreeBSD? ๐Ÿ˜‰ I use a VM for anything like that.

    Steve



  • "RDD" info is not present in the logs.
    "RDD" are fixed size files that change every minute or so. Older pfSense devices (Nano's etc) used storage devices that didn't like to be written at ; that had a none infinite live cycle. Even recent SSD's have these (some) limits.

    pfSense is a firewall - a device that runs stand alone that needs ever ongoing surveillance. It's a security device, not some basic Arduinio-based-Coffee-machine.

    The logs from my pfSense are being send to a syslog collector for later analyses - if needed. This is another device. Could be a NAS, some Widows system or any other "nix" based system.
    For typical 'home' usage the onboard syslog facilities will do fine.

    edit : lol, I'll back off.



  • @stephenw10 said in pfSense custom build hardware with Realtek port dilemma:

    Remove the SWAP slice during install...

    Already did that. Changed from 2g size to 0g during install...if that's the way to do it lol...

    @stephenw10 said in pfSense custom build hardware with Realtek port dilemma:

    If it isn't edit the fstab to include that

    Have no idea how...

    @stephenw10 said in pfSense custom build hardware with Realtek port dilemma:

    I use a VM for anything like that

    Yeah...thought so, I just have some old PCs :)



  • @Gertjan said in pfSense custom build hardware with Realtek port dilemma:

    It's a security device, not some basic Arduinio-based-Coffee-machine

    Hahaha I actually laughed out loud...Yeah, you're right...I was still just experimenting it.

    @Gertjan said in pfSense custom build hardware with Realtek port dilemma:

    send to a syslog collector for later analyses

    I've seen that option under the Logs section (send to syslog server or something). Would a simple old PC with enough storage connected to the local network do the job?

    @Gertjan said in pfSense custom build hardware with Realtek port dilemma:

    For typical 'home' usage the onboard syslog facilities will do fine

    The mini PC where I'm experimenting all of this, has a cheap 240GB Kingston SSD. Syslog server/collector isn't needed, right?

    @Gertjan said in pfSense custom build hardware with Realtek port dilemma:

    edit : lol, I'll back off

    LOL don't give up on me...



  • @techtester-m said in pfSense custom build hardware with Realtek port dilemma:

    I've seen that option under the Logs section (send to syslog server or something). Would a simple old PC with enough storage connected to the local network do the job?

    Yes - some device with any OS (call it Windows) and you'll find the tool. My Syn Diskstation can handle that job also.
    As does any 'linux' based PC, since they all use 'syslog'.

    @techtester-m said in pfSense custom build hardware with Realtek port dilemma:

    The mini PC where I'm experimenting all of this, has a cheap 240GB Kingston SSD.

    Consider make the log files bigger.
    Goto Status > System Logs > Settings and check the second option, Log file size (Bytes)

    Note that these days, pfSense uses fixed size files with circular logging. These files will never grow. Perfect for devices where disk space is an issue.
    Future pfSense (2.50) will use classic "clear" logging - like syslog does. A log file rotating facility will be present. Up to you to choose the number of days / weeks / month to keep. Disk space is less an issue these days.

    @techtester-m said in pfSense custom build hardware with Realtek port dilemma:

    LOL don't give up on me...

    Noop. Said that because @stephenw10 (a frequent poster) was also replying the same thing, but differently at the same moment.

    edit : wtf : @stephenw10 : more then 18 K posts ...๐Ÿ˜ฑ


  • Netgate Administrator

    Go to Diag > Command Prompt and execute mount -p. You should see something like:

    /dev/diskid/DISK-9E18E959s2a /			ufs	rw,noatime 	1 1
    devfs			/dev			devfs	rw		0 0
    /dev/diskid/DISK-9E18E959s1 /boot/u-boot		msdosfs	rw,noatime 	0 0
    /dev/md0		/tmp			ufs	rw		2 2
    /dev/md1		/var			ufs	rw		2 2
    devfs			/var/dhcpd/dev		devfs	rw		0 0
    

    You can see on that SG-3100 the root filesystem / is mounted 'noatime'.
    If yours is not go to Diag > Edit File an open /etc/fstab. Edit the / line to include noatime. So it would probably just be rw. Change it to rw,noatime.
    Note that breaking the fstab with a typo will probably make the system unbootable until it's corrected so.... ๐Ÿ˜‰
    Reboot to apply that change. Run mount -p again to be sure.

    @Gertjan said in pfSense custom build hardware with Realtek port dilemma:

    edit : wtf : @stephenw10 : more then 18 K posts ...๐Ÿ˜ฑ

    Yeah it's a problem. I'm trying to cut down! ๐Ÿ˜

    Steve


Log in to reply