Will This Setup Work As I Think It Will?
-
Hey guys,
I am curious if what I am planning to do with actually work..
My hardware for pf box:
MOBO: SUPERMICRO MBD-X7SPA-H-O
http://www.newegg.com/Product/Product.aspx?Item=N82E16813182233RAM: G.SKILL 4GB
http://www.newegg.com/Product/Product.aspx?Item=N82E16820231154SSD: Mushkin Enhanced Callisto Deluxe
http://www.newegg.com/Product/Product.aspx?Item=N82E16820226151Network gear;
Modem: MOTOROLA SB5101U
http://www.newegg.com/Product/Product.aspx?Item=N82E16825122011Switch: GS108T
http://www.newegg.com/Product/Product.aspx?Item=N82E16833122381&cm_re=gs108t--33-122-381--ProductRouters: 2 x Airport Extremes (one in bridge mode)
Proposed Network Setup
Modem -> PF Box -> GS108T Switch ->
Connected to the Switch I would have the 2 airport extremes acting as access point (one for wireless-G, one for wireless-N)
I would also have 3 computers wired to the switch and 1 freenas server
Ideally my computers (both wired and those connected through the ap's) would be able to connect directly trough smb/afp to the server by just going through the switch, so all the data would travel freenas -> switch -> computer, by passing the pfsense box preventing extra lagg.
However, when the computers needed to access the internet they would go computer -> switch -> pf box
I know my hardware is overkill for my usage, however I would rather have it this way to allow me much more headroom if I change settings in the future.
As described above, this is how I believe my setup will work after everything is wired into place. Am I correct in this assumption?
Also, I have purchased the pfsense book to aid me in setting up the network so I won't have to constantly search/ask questions on this forum. I am mostly interested in know if this setup will work like I think before I purchase the hardware to make the pfsense box.
Any help is appreciated.
-
I see no problems with horse power!
Sure it will work fine. -
It's very dependent on your internet connection bandwidth. I believe that an Atom is good for firewall throughput well over 100Mb/s. If you wanted to use VPNs or Snort you may run out of processor power. That board has Intel NICs and that's always a good thing.
With that switch you may want to use VLANs to further segregate your network. For instance you could put your wireless APs on seperate interfaces. It gives you the option to do so int he future.
Only thing I would change is the Apple airports, unless you already have those.
Steve
-
Thanks for the reply,
My internet connection is only 25/5 (should have mentioned that).
I do hope to use snort on this build and possibly some other packages, VPN would be a nice feature also. However, I am the only one on the network that would be using vpn. I already have the airport extremes.
The main reason for wanting this setup, besides the additional security, is the airport extremes don't support wireless-N and wireless-G simultaneously so I wanted to force one to use G and one to use N. Also, with my currently setup there is 3 laptops that backup wireless to the freenas server. I find that when the laptops are backing up it slows my internet connection down to a crawl on my computers (even the ones not currently backing up. This also occurs when I am doing many iops through the server.
I am hoping pfsense will be able to fix this (everything I have read makes me believe it will). I am also hoping to get much better QOS on my internet connection.
I am thinking the atom should be powerful enough for me as I am the only power user on this network, the most demanding thing the 2-4 other users will be doing is watching hulu/netflix streams or a movie/music off of the freenas server.
Will the atom be sufficient for this? Also, the board supports 4gb of ram which I am assuming should be more then enough for snort for this type of usage.
-
If you are using only one interface for Lan and one for Wan then pfsense only has to deal with internet traffic. Any other traffic, streaming from FreeNAS for example, will not be going through your pfsense box so it shouldn't slow down your internet experience at all. You will only be limited by the bus bandwidth in the switch which, isn't listed but, is probably a number of Gb/s.
Edit: From Netgear's website: Bandwidth: 16 Gbps full duplex
What are you using for a switch/hub at the moment?
Steve
-
initially my network only consisted of one airport extreme. However I soon needed additional Ethernet adapters to run cord to additional rooms. Instead of picking up a switch I purchased another airport extreme (partially because I got it for $40 on ebay, and partially because I was unfamiliar with switches at this time)
Currently the 2nd airport extreme is being used in bridge mode giving me additional Ethernet adapters however whenever someting on my network needs to us wireless-G both airports get knocked down to wireless-G, which is noticeable. Also, when I do high iops to my server the airports both get extremely blogged down, so much so where google doesn't do the instant search and instead tells me my internet connection is too slow for that feature.
I also use opendns, but have found this to increase my ping greatly (under 25ms to over 250ms in certain circumstances) I am hoping pfsense may be able to help this, if not I would feel comfortable going back to comcast dns do to the added security provided by pfsense.
My main thing is I don't want operations down in my server to slow down every computer in my network, I also wish to have better QOS so gaming/streaming doesn't get interrupted.
I currently have the GS108T switch but I have not hooked it up let as I would rather do everything in one shot and hooking it up in my current config won't help with the airport extremes dropping from Wireless-N to Wireless-G that I am currently facing.
-
I think it suffices to say that your suggested setup will be far better! :)
Steve
-
Excellent!, that is what I wanted to hear. ;D , who doesn't like buying new hardware.
I will have to order the parts and break open the pfsense book now.
Thanks for all the help, it's very appreciated.
-
i'm using X7SPA-HF mb in my setup… Love this freaking board!! If you can spend another 20 bucks, get the HF board. It includes IPMI management which allows remote KVM and serial console via a java session and you can mount CDs remote.
Using it on pfsense 2.0 with 2megs of memory, 50/5 cable connection, traffic shaping, snort, country-block and a few other packages... cpu is under 10%.
Remember when you are using wireless, all your wireless clients are sharing the bandwidth your access point gives. So if you have 5 clients on a G AP, they are sharing the whole 54mbs pipe. That is probably why the internet seems to be slow when your backups are running..
For a test, run your backups... then preform a speedtest via a wireless clientt then from a hardwire client... You should see a big difference.
-
I was not aware everyone had to share the 54 mbs, that explains alot.
It is going to be a nice change once I get everything up and running. I am looking forward to it. I will have to make sure to decide what devices I want on each AP and filter them out via mac address on the airport extreme. I will probably let my roommate share the wireless-G AP with his wireless printer as that is the device that is making the airport stay in wireless-G. Then I can hog the wireless-N ;D Plus, as he doesn't stream anything from the server, or do backups wireless-G will be plenty for his needs.
I am glad to see a very similar build is working great for you. I have debated the HF version of the board you have however, I have a spare keyboard/monitor/cd drive so it isn't needed. It would be a nice feature to play with though, I've never used IPMI before.
Is IPMI any less secure then a motherboard without it thought?, this would be my only concern.
-
Remember when you are using wireless, all your wireless clients are sharing the bandwidth your access point gives. So if you have 5 clients on a G AP, they are sharing the whole 54mbs pipe.
Yep. And it's half duplex so that's 54Mb/s total in both directions.
They don't put that in the advertising. ::)Steve
-
Well that would explain my less than steller network performances.
Here I am thinking 54mbs per device per direction
when in reality it's 54 divided by about 4 devices divided by 2 directions (making some assumptions about my average traffic both ways here) so it's 1/8 of what I would already consider slow. Learn something new everyday.
All the more reason to build a pfsense box ;D not that I needed anymore justification.
-
I would change your cable modem providing your ISP supports this model
http://www.newegg.com/Product/Product.aspx?Item=N82E16825122009Why buy a DOCSIS 2 modem when you can get a DOCSIS 3.0 modem and be a little more future proof.
Also if you need more speed the DOCSIS 2 modem max is 38Mb/s, and most ISP's offer better packages that require the DOCSIS 3.0 modems.
For example my ISP will only let you go a max of 15Mb/s on a DOCSIS 2.0 modem.
DOCSIS 3.0 and they will let you get a 100Mb connectionSo just some food for though
-
I have thought about getting that model, (should have done it when the model you listed was a shell shocker item).
I already have the one I listed. Assuming my install of pfsense goes well I will most likely up my current bandwidth allotment and then change out modems. I will defiantly put getting that model on my upgrade path.
Once again, thanks to everyone for all help and suggestions. I can not wait to get my build started.
-
when in reality it's 54 divided by about 4 devices divided by 2 directions (making some assumptions about my average traffic both ways here) so it's 1/8 of what I would already consider slow. Learn something new everyday.
Worse than that even, "54" Mbps wireless can only transfer ~27 Mbps of actual traffic at best.
When Is 54 Not Equal to 54?
http://www.oreillynet.com/pub/a/wireless/2003/08/08/wireless_throughput.html
