Alix2d3 - Pfsense+Squid+HAVP



  • Hi all. I already buy the book for this great software, but i want to know if a Alix2d3 have enough power to run a Pfsense+Squid+HAVP in home network with 2 computers in wire and 4 computers by wireless. Can someone tell me if is better buy a wireless card to put in Alix or connect my WNDR3700 in Alix instead? Regards.



  • The problem I had with running squid on these boxes is that you need to disable the squid cache as writing to the CF card a lot will cause it to fail. This was tricky to do. When I followed some instructions, every week or so the squid daemon would crash. I didn't need to reboot the firewall, just needed to press save on the squid settings page (which restarts the squid process).

    Bottom line is you really need squid, not sure if the 2d3 is for you. Of course, if you're not using a CF card, then squid may work fine in the default config :)



  • Thanks jonnytabpni for your answer! In future i will upgrade my connection to fiber 50mb or 100mb. If i use Alix2d3 only with Pfsense, can the board handle this speed or is better i buy a atom board and put a Intel Dual MT? Regards.

    @jonnytabpni:

    The problem I had with running squid on these boxes is that you need to disable the squid cache as writing to the CF card a lot will cause it to fail. This was tricky to do. When I followed some instructions, every week or so the squid daemon would crash. I didn't need to reboot the firewall, just needed to press save on the squid settings page (which restarts the squid process).

    Bottom line is you really need squid, not sure if the 2d3 is for you. Of course, if you're not using a CF card, then squid may work fine in the default config :)



  • There's a great post in the Feedback forum where a guy shows how pfSense does with a 100mb line on relatively inexpensive hardware.  Be aware that squid and HAVP both use a lot of resources (CPU and memory) and don't scale nicely up to high speed lines.  It would be a good idea to consider offloading those functions to a separate, dedicated machine.



  • Hi. Does a Intel D945GSEJT + Atheros Wireless AR5BXB9 300Mbps Mini Pci express card+ Intel Dual MT, have power enough to Pfsense+Squid+HAVP? Our, is better that i only run Pfsense in this machine? I will make upgrade to a 50mb fiber, so can someone tell if this machine is enough to run a Pfense in the future?
    Regards.

    @submicron:

    There's a great post in the Feedback forum where a guy shows how pfSense does with a 100mb line on relatively inexpensive hardware.  Be aware that squid and HAVP both use a lot of resources (CPU and memory) and don't scale nicely up to high speed lines.  It would be a good idea to consider offloading those functions to a separate, dedicated machine.



  • The ALIX 2D3 can support up to a max of 80Mbps real-life throughput. You'll be fine on a 50Mbps line. On a 100Mbps line I'd look elsewhere.

    Sorry, I have no experience with the embedded Intel NICs on those Atoms boards.



  • @jonnytabpni:

    The ALIX 2D3 can support up to a max of 80Mbps real-life throughput. You'll be fine on a 50Mbps line. On a 100Mbps line I'd look elsewhere.

    It can only do 80Mbit/s in one direction.  If there is anything more than ACKs going back up then the FIREWALL throughput drops to around 50Mbit/s in each direction.  Anything like squid, snort, etc. running and it drops even lower.

    @rahex:

    Hi. Does a Intel D945GSEJT + Atheros Wireless AR5BXB9 300Mbps Mini Pci express card+ Intel Dual MT, have power enough to Pfsense+Squid+HAVP? Our, is better that i only run Pfsense in this machine? I will make upgrade to a 50mb fiber, so can someone tell if this machine is enough to run a Pfense in the future?
    Regards.

    The Atom 270 is more than enough for 50Mbit/s symmetric firewall throughput (actually, with Intel NICs it's more than enough for 100Mbit/s) but I really don't think it will fare well with squid & havp at those speeds.  You'll probably have a lot better luck with a 330 or 510 dual-core.



  • The Atom 270 is more than enough for 50Mbit/s symmetric firewall throughput (actually, with Intel NICs it's more than enough for 100Mbit/s) but I really don't think it will fare well with squid & havp at those speeds.  You'll probably have a lot better luck with a 330 or 510 dual-core.

    Hi all. I make a little research and i think is a good selection to work with pfsense. Can someone tell me if i made a good choice to work with  Pfsense+Squid+HAVP + fiber 50Mbit/s and if is possible to stay about 25w

    • picoPSU-90 DC/DC (90 Watt)
    • M350 Mini-ITX enclosure.
    • Intel D525MW (with integrated Atom 2x 1.8Ghz CPU)
    • PCI-Riser Adapter-Set f. M350 enclosure
    • Intel Dual MT
    • ATHEROS AR9280 Dual-Band 300Mbps Mini Pci express card.


  • I use Alix
    in MonoBSD imaged, u disk images in Sizes (512MB, 1GB, 2GB, 4GB)
    But I have a 8GB CF, how do I use the maximum disk?


Locked