Atom hardware in a public library
-
I'm new to pfSense. I came to it after looking around for an open source firewall solution that could be recommended to cash-strapped public libraries; some have no firewalls at all, others have firewalls that are aging & beginning to fail. When looking at hardware, I wanted something that would have low power consumption, no noise, and preferably no moving parts. I wanted a PC, rather than an embedded device, because of the convenience of being able to log to an HDD and the user-friendliness of KVM.
This is what I rolled out at a trial location: 1U fanless (14"-deep case), Intel D945GSEJT Atom 270 1.6GHz, 1MB RAM, 3 USB ports, 1 VGA, 1 DVI, Super Talent 16GB 2.5" SATA SSD HDD. It has just two NICs: the one embedded in the system board and a Netgear GA311NA gigabit (32-bit PCI via a riser card). Both NICs are detected as Realteks during installation. Power comes in via a laptop-style power brick a/c adapter.
Initially we had problems with: keyboard detection, link state detection on the NICs, and output to the VGA port. Although the system board's BIOS was only a year old, it was five revisions behind Intel's latest. I flashed it, using a USB stick in a very simple process, and all the problems went away.
I loaded pfSense 1.2.3 via a portable USB CD-ROM drive and everything is fine; the box is out in the field doing simple NAT, with just a few rules to allow external monitoring & configuration. It connects the library (about 20 hosts on the LAN) to the outside world via managed (single) T-1 service. CPU utilization is minimal; the only package I installed was BandwidthD - so the library's IT admin could get insight on traffic levels from PCs on the inside. In production it runs without the keyboard, monitor or CD-ROM drive.
I regret not having put in a dual port PCI NIC, but cost was a major concern. Next time we'd set up a captive portal on a third interface for wireless hotspot users.
We'll leave it in place for a month & keep an eye on it - hopefully this will provide the basis of something that could be replicated for those that need it.
EDIT: Forgot the link to the hardware specs - http://www.superlogics.com/industrial-computers/quiet-pc-computer/SL-1U-AT-945GSE-LA/286-3412.htm#
-
…and preferably no moving parts. I wanted a PC ... to log to an HDD...
How does that correlate?
-
…and preferably no moving parts. I wanted a PC ... to log to an HDD...
How does that correlate?
That's probably my pfSense noobness shining though. I was under the impression that the embedded version is less flexible in terms of lifetime read-writes; logging, package installation etc.