Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Which CPU to use and suggestions for getting started.

    Scheduled Pinned Locked Moved General pfSense Questions
    8 Posts 4 Posters 959 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      redfox
      last edited by

      I have several older computers and retired servers to choose from.

      HP Elite 8300 with i7 3770

      Lenovo Thinkserver with Xeon E3-1220 v3; Xeon E3-1225 v3; or i3 4130

      and anywhere from 8 - 32 gb ram.

      I have a Intel i350-T4 on the way, and I've a few consumer grade SSD's laying about I can use, or if required, I can pick up a used Intel 80GB 320.

      My internet is 940 Mbps down, 35 Mbps up. We are mostly internet gamers, so ping and latency are very important. I do work from home and I need constant internet access for it. Wifi is provided by Ubiquiti AC-LR, and my current router is an Edgerouter-X. Problem I'm running into is that when I turn on QoS for the edgerouter, it smooths out the lag spikes and bufferbloat, but caps at about 200 Mbps. I've been extremely happy with the edgerouter, but I would like to give this PFsense thing a whirl before I just drop a few hundred bucks on a new router.

      I'm familiar with hardware and computers but fairly new to this type of networking. So other than QoS I'm not sure what I want. I'd like a DNS sinkhole like pihole. I'd like to create separate lans for the PCs and the IoT devices. I'll set up and run whatever ya'll suggest that makes sense. I also want a set and forget type of deal, I get it will need tweaking to run right, but I really don't want to have to monkey with anything routinely.

      Thanks for the help and looking forward to learning about this!

      DaddyGoD mircolinoM 2 Replies Last reply Reply Quote 0
      • DaddyGoD
        DaddyGo @redfox
        last edited by

        @redfox

        Hi,

        You’re in a good place, but don’t think it’ll be easy. 😉
        "To learn, to learn to learn, said Lenin" (really he said, and I'm not Russian :-))
        https://en.wikipedia.org/wiki/Vladimir_Lenin

        beginner curriculum:
        https://docs.netgate.com/manuals/pfsense/en/latest/the-pfsense-book.pdf
        https://www.youtube.com/channel/UC3Cq2kjCWM8odzoIzftS04A/videos

        so, here’s which I would not recommend, because pfSense does it better:

        @redfox "I'd like a DNS sinkhole like pihole."
        instead = Unbound + pfBlockerNG-devel (these are part of pfSense)

        "I get it will need tweaking to run right, but I really don't want to have to monkey with anything routinely."
        It could be yours too, except the monkey, because is mine. 😁

        So if you have already developed your more specific ideas, please let us know and we will help.

        BTW:
        Everything you have described will work and be feasible, but not immediately and tomorrow - you know Lenin 🖐

        Cats bury it so they can't see it!
        (You know what I mean if you have a cat)

        1 Reply Last reply Reply Quote 0
        • R
          redfox
          last edited by

          Thanks for the feedback. See I didn't know that Unbound + pfBlockerNG-devel even existed. Anything else I should know?

          What about my hardware choices?

          DaddyGoD 1 Reply Last reply Reply Quote 0
          • mircolinoM
            mircolino @redfox
            last edited by

            @redfox

            i7 3770, Xeon E3-1225 v3...

            Any of the above would probably be an overkill for pfSense alone and with a TDP of ~80W a waste of energy.

            With one of those processor, 32GB of RAM, 80GB SSD and an Intel i350-T4 you could run a bare metal hypervisor (I'm using Windows Server Hyper-V) and virtualize pfSense, pihole and the controller for your Ubiquiti access point, with minimal latency and no loss of speed.

            My internet is 940 Mbps down, 35 Mbps up.

            If you have Comcast gigabit service and you happen to have a Motorola MB8600 modem you can get >1.2Gbps by aggregating (LACP) port 1 and 2 of the modem.
            In pfSense then you'd apply CoDel limiters to the WAN interface to get a clean A+ quality/bufferbloat 1Gbps connection.

            1 Reply Last reply Reply Quote 1
            • A
              aGeekhere
              last edited by

              Setup pfsense as your DNS server https://docs.netgate.com/pfsense/en/latest/dns/redirecting-all-dns-requests-to-pfsense.html

              Setup to use cloudflare DNS over TLS with pfSense https://www.netgate.com/blog/dns-over-tls-with-pfsense.html

              Proxy and web filtering https://forum.netgate.com/topic/100342/guide-to-filtering-web-content-http-and-https-with-pfsense-2-3/189

              Enable UPnP & NAT-PMP

              That should get you started

              Never Fear, A Geek is Here!

              1 Reply Last reply Reply Quote 0
              • DaddyGoD
                DaddyGo @redfox
                last edited by

                @redfox

                Hardware is a bit powerful for pfSense, but many use it in this form (old PC, MOBO, VM base, etc.)

                The suggestions of the other posters are also good.

                which I would highlight.... @aGeekhere "Enable UPnP & NAT-PMP"

                doing so carefully, is one of the "enemies" of a firewalls - the UPnP & NAT-PMP

                always separate the game machines to a "GAME VLAN" or similar separated interface

                and only enable UPnP & NAT-PMP on this interface

                Cats bury it so they can't see it!
                (You know what I mean if you have a cat)

                R 1 Reply Last reply Reply Quote 0
                • R
                  redfox @DaddyGo
                  last edited by

                  @DaddyGo

                  could you elaborate on this part please:

                  @DaddyGo said in Which CPU to use and suggestions for getting started.:

                  @redfox
                  doing so carefully, is one of the "enemies" of a firewalls - the UPnP & NAT-PMP

                  always separate the game machines to a "GAME VLAN" or similar separated interface

                  and only enable UPnP & NAT-PMP on this interface

                  All of my home computers are also used for playing games. We all share access to a Synology NAS for files and stuff. How would your suggestion work in my situation?

                  DaddyGoD 1 Reply Last reply Reply Quote 0
                  • DaddyGoD
                    DaddyGo @redfox
                    last edited by DaddyGo

                    @redfox

                    let's go step by step 😉
                    read this thread, here I describe exactly how to create the environment for game play:

                    https://forum.netgate.com/topic/153514/nat-issues-when-playing-games-on-two-computers

                    once you have interpreted and have a problem, write and I will help

                    ++++edit:
                    @redfox "How would your suggestion work in my situation?"

                    playing can be dangerous behind a firewall as ports need to be opened
                    but with a good setup this shouldn't be a problem

                    Cats bury it so they can't see it!
                    (You know what I mean if you have a cat)

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.