Building a new pfSense router from scratch

pftdm007

Hello there! ;)

I am far from being an expert in networking applications or hardware so please bear with me through this thread!

I currently use pfsense on an old IBM netvista box (pentium 4 @ 2.4GHz , 256MB ram, 30GB IDE HDD) that I paid less than $15…  Everything works perfectly.  However, I'd like to build a new machine to replace this machine and have smaller footprint and be more energy efficient.  After all, it runs 24/7.  I really don't see why running a whole desktop for only pfsense.

I use pfsense for DHCP server, and firewall, squid, squidguard and ntop.  Nothing else... Like I said, my needs are pretty primitive and I am not an advanced user so no intensive functions or needs.

-I have a cable connection, 10Mbps DL /600Kbps UL
-I have 4 computers and 2 network printers on my network
-All machines (mines at least) uses Slackware Linux, my girlfriend's laptop uses Win7
-I mainly use NFS between the machines to mount shares (for example to read media between my htpc & my server)

I am thinking about getting one of these mini-ITX mobo & CPU combos with everything integrated (video, LAN, etc).
-No need for sound.
-No need for firewire

Of course I need 2 LAN ports (I cant really justify Gigabit because it is not likely that 1000Mbps will be required for the internet soon...)
I am searching for fanless (no fans , all passive cooling as much as possible)
Should I get a HDD? or use flash memory?
Last requirement, but not the least, budget !  Since my existing machine works perfectly and I dont really need to upgrade I dont want to spend too much money for such simple duty.  I am thiking around $120 to $150 for everything (mobo, CPU, ram, hdd, case, PSU...)  Over that price it would defeat the purpose of having an energy efficient box to save power/money....

Anything else I should consider?  What about compatibility with pfsense?

Thanks to everybody who reply to this thread!

dreamslacker

I was about to recommend the ALIX until I saw that you needed Squid.

You can either go for the Intel D945GSEJT or the D510M0 (needs one more cheapo NIC; a 2nd hand Intel Pro100/VE would suffice) as fanless solutions.
However, you'll probably need a HDD for the Squid caching and that would probably need some form of cooling.  I reckon you minimally need a casing with a slow moving fan or large vents to keep the HDD running cool and happy.

Newer laptop drives can probably get by without much airflow.
If you aren't adverse to some cutting or drilling, drill 4 holes on the side panel and slap the hdd on with a thermal pad in-between.  Effectively using the side panel as a heatsink for the HDD.

Delex

Some of the ALIX have a 44 pin IDE interface, so they are still an option.

pftdm007

Guys,  thanks to both of you for the replies!

When I was talking about squid, its only because a few months ago, while trying to setup my router, I got interested in blocking some specific websites and squid along with squidguard was apparently the solution for me…  Still today it is setup correctly (II think) but doesnt work.

If I understand correctly, squid caches and stores a lot of data, thats why a HDD is necessary???

I looked at the ALIX boards, looks pretty nice!  pretty much what I am searching for, but the HDD/squid dilemma is a good example where I dont want to cut in hardware to save money/power and get stuck in 1, 3 or 5 years to rebuild a new machine because the one I built does not have the basic requirements like a HDD port.

I assume you guys are in the US?  I am in Canada.  Where do you buy your parts?

Delex

Correct, some of the packages including squid generate a lot of read/write cycles, it is not impossible to use them on a flash card setup but these cards have a limited amount of write cycles before they start to die off. Therefore it is better to use a real HD.

I buy my parts mostly in Germany (found a web shop there that does not charge you 15 Euro for a 15 cm 44 pins IDE flat cable) and have it shipped over to my house in NL.

dreamslacker

@Delex:

Some of the ALIX have a 44 pin IDE interface, so they are still an option.

Yeah, I kinda forgot about that.

Full install with embedded kernel on another machine and transfer the drive over, right?

Delex

Full install with embedded kernel on another machine and transfer the drive over, right?

Exactly. I have several embedded systems (Soekris and Alix) running and upgraded some of them with a HD to be able to use packages (squid, freeswitch, etc), works fine for me.

pftdm007

I looked at several mobo's & cpu combos and found these in local shops and online for pretty cheap (all under $80CAD)
ASRock PV530
VIA PV530 Processor (1.8 GHz)
VIA VX900 Chipset
DDR3 800 DDR2 800/667/533 Mhz
VIA Chrome9 HD Graphics 5.1 CH
HD Audio
2x SATAII 3.0 Gb/s
2x USB 2.0
Micro ATX form factor

IMO its kinda overkill, not price wise but feature wise… Power requirements might be through the roof and I have no experience with Asrock so I would venture in unknown territory...

Then there is 2 Intel based mobo's:

Intel D410PT
1 x PCI
6 x USB 2.0
1 x RJ-45 Network
2 x SATA/300
2 x DDR2-800/DDR2-667 4 GB
Mini ITX
64-bit Processing
Intel NM10 Express chipset
Intel Atom D410 CPU
Onboard Intel GMA 3150 256 MB video controller

Intel LAD425KTW
2 x DDR2-1066/DDR2-800 4 GB
Intel NM10 Express chipset
Intel Atom D425 CPU
1 x 10/100
7 x USB 2.0
2 x SATA/300
1 x PCI
1 x PCI-E minicard

I kinda like the D410PT but it doesnt have PCI-E and has only 1 LAN port so adding a second NIC would mean standard PCI..

What you guys think about that?

EDIT: I'm kinda confused… the last 2 mobo's are supposed to be intel based but have realteck lan controllers....  the pfSense documentation does not recommend realtek lan controllers due to lower processing capacity.   Should I take this into consideration?

dreamslacker

The D410/ D425 will comfortably outpace the VIA unless you need IPSEC where the Padlock engine would give an advantage.  They also consume less power.

If you can, try for a D510M0.  It shouldn't be that pricey now that the D525 is out.

As to the Realtek NICs on the Pineviews, they will work fine for the speeds you're looking at - 10M/ 600K.  In fact, the boards will probably be good even for a 50M symmetric line.

Don't fret over the PCI bus so much.  Even an Intel Pro/100VE PCI fast ethernet adapter is enough for your WAN connection.  2nd hand units are a dime a dozen.  You can probably pick them up from used bargain bins for less than CAD$5 each.  I get them new free from my supplier because no one buys them anymore.

I've a D945GCLF2 running an Intel MT dual-GBe NIC (the onboard Realtek IC died after roasting for >1 year) on the PCI bus and it's working just fine with a 10M symmetric fibre-optic connection and 40 clients gaming, downloading and streaming videos behind it.  All of these and the average load on the processor is only about 2% - 5%.

Another thing to note, the D425 uses DDR3 Sodimms.

pftdm007

I guess I'll settle for a D510MO since they have it at my local store for 79.99

I am wondering what kind of PSU and hard drive to put in there??  I have no experience with this form factor at all.  For the HDD can I use a laptop drive ?  Or do I need an adapter to ocnvert 12V to 5V?  Forums on the web are confusing at best with contradictory  data….

dreamslacker

@lpallard:

I guess I'll settle for a D510MO since they have it at my local store for 79.99

I am wondering what kind of PSU and hard drive to put in there??  I have no experience with this form factor at all.  For the HDD can I use a laptop drive ?  Or do I need an adapter to ocnvert 12V to 5V?  Forums on the web are confusing at best with contradictory  data….

You'll need a SATA harddrive for the D410/ 425/ 510/ 525 boards.  The same connectors are present on both 2.5" (laptop) and 3.5" (desktop) SATA harddrives.  The PSU is the same as with a full size (m)ATX desktop.
i.e.  You can put a Mini-ITX motherboard into an ATX desktop tower casing (it's backward compatible).

A 2.5"  SATA laptop hdd:

And it's 3.5" counterpart:

Notice how the connectors are identical?  The SATA power connector carries 3.3v, 5v & 12v so you don't need any special adapters or regulators to use a 2.5" laptop sata drive with a regular PC.  It is only in laptops where the reverse is not true (laptops only provide 5v on the connector).

Now..  Lets look at Mini-ITX vs Micro-ATX vs ATX mountings:

You will note that the first 2 are a subset of the ATX form factor and use the same mounting holes.  Hence, it follows that you can mount them in any ATX casing.

In short, you can probably slap the D510M0 into the Netvista and re-use the casing and PSU.  This is subjected to the exact model of Netvista you have.  If it uses an internal riser card, you're out of luck.
If it looks like the following, then you can definitely stick the mini-ITX in there:

pftdm007

dreamslacker, thanks for all the valuable info!!

I have a hard time to find decent pricing for the components and did a quick calculation.  Basically, the cheapest setup would be:

a D410 Atom based mobo (the Intel D410PT)
a second hand laptop sata HDD (80GB)
a second hand stick of 512MB DDR2(667) RAM
reusing the Intel Pro10/100 adapter in my current pfsense machine
and the case would be a used HTPC case (mini-itx) from a buddy that is looking to get rid of … or reuse my netvista's case & psu as you suggested.  Either ways, it is free.

All that, with shipping (the mobo is N/A everywhere around here) would come up to CAD$190.  So my ROI would be almost 3 years (2.8 )  Tough to justify spending almost $200 on a router  just to save $75 per year.   Especially if I assume a life of 5 years for an average PC.

The price of electricity is pretty cheap here.

I guess I'll wait for some shell shockers and buy at rebate!

Finally would there be some cheaper solutions (mainly the mobo) for my needs?  What about the embedded boards or the ALIX?  I have no clue about these....  The Atom based boards are after all PC main-boards with people using them as normal computers.  For my usage even a $90 mobo is overkill.

dreamslacker

From Mini-box, an Alix 2D2 (2 FE NICs) is US$129.  A simple metal casing for it is US$12.95, the power brick is US$9.95.

That's a total of US$151.90 excluding shipping and the HDD.  IMO, it probably works out to the same cost and is a slower machine if you ever need to upgrade your line.

If you don't actually mind a Micro-ATX option, I think you might just be able to get much more for your money.  A G31 micro-atx with an E5400 works out to be cheaper than the D510M0.  Being a 45nm chip, it doesn't take up that much power and in fact, will have a smaller carbon footprint than the Atoms in the long run.

pftdm007

Yeah thats right, the ALIX options are all overcost compared to the Atom solutions.  The best ROI resides with Atom D410 based machine and a barebone foxconn machine on newegg.ca with a D410 cpu would cost approx. $150 shipped to my door & including a 2nd hand HDD & RAM.  I would only need to find a laptop HDD and one stick of 1GB DDR2 ram.

http://www.newegg.ca/Product/Product.aspx?Item=N82E16856119027

The MicroATX boards are not CPU equipped and are starting at $50 + shipping so by the time I add a CPU I am very close to a Atom kit.

dreamslacker

@lpallard:

The MicroATX boards are not CPU equipped and are starting at $50 + shipping so by the time I add a CPU I am very close to a Atom kit.

Yes.  However, you must consider that the performance per watt is way higher with the 45nm chips.
i.e.  An E5400 might consume more absolute power during processing than an Atom but it takes so much less time to do the same task as an Atom that the total amount of energy (kWh) expended is actually lesser.
Of course, for a low throughput pfsense box, this is not quite the case.

For instance, if the Atom system draws 20 watts to complete a said task in 1hr, then it uses 20 units (kWh) of power.  If the E5400 draws 60 watts to complete the same task in 10 minutes, then it only consumes 10 units of power.  i.e.  the E5400 setup is actually twice as energy efficient but only if you load both setups consistently.  That's why you don't see Atom clusters taking over in datacenters.

If you think that you might be getting faster internet some time soon, or if you want to run extra heavy packages like SNORT, HAVP or run VPN, the discrete options might be a better choice.

Hope this helps.

pftdm007

This thread is getting very interesting, at least IMO..

I might be overthinking this (my normal behavior) but..

the E5400 series might have more power per watt and therefore process faster at high power VS the atoms being lower power and slower but really, at idle, how is the difference?

The E5400 might process twice as fast at high power and idle the rest of the time, but if it idle at 2, 3 or even 4 times more power than the atom at peak processing, the E5400 would not be acceptable right?

dreamslacker

@lpallard:

This thread is getting very interesting, at least IMO..

I might be overthinking this (my normal behavior) but..

the E5400 series might have more power per watt and therefore process faster at high power VS the atoms being lower power and slower but really, at idle, how is the difference?

The E5400 might process twice as fast at high power and idle the rest of the time, but if it idle at 2, 3 or even 4 times more power than the atom at peak processing, the E5400 would not be acceptable right?

You're not wrong in that respect - which is why I said it's not happening on a low throughput pfsense box.  However, if you do run stuff like Snort or IPSEC then (throughput aside) it would be much more evident.

I just get irritated by the stupid hoohah over the alleged power efficiency of the Atoms.