Advice/Help on pfsense build



  • Hey guys thanks in advance for any replies!
    After hunting about google for a router upgrade i stumbled upon this gem of a project/community/OS and im hoping you guys might be able to help me conclude it!

    The Situation:

    • 50Mb Down - 5Mb Up Virgin Media Connection

    • Current using a N1 Vision

    • At least - 10 computers via a switch, 2 or so wireless connections

    • At Worst - 10 computers via a switch, 10 or more wireless connections

    • Serving 10 people

    The Problem:
    The Belkin serves 10 people in the house (of students) so get a pretty good hammering alot of the time, it has a horrible tendancy to crash and its settings arnt the best.
    With the fact of having 10 people, we can have problems with people gaming / working during all hours, whilst others are relaxing or downloading and the bandwidth getting saturated instantly

    The Ideal Solution/What im looking for:
    A replacement to the N1;

    • With stability (which for what ive seen pfsense will provide)

    • Plenty of settings/customizability

    • Ideally, QOS / Traffic Shaping  or some port limiting?

    • Provides a Wireless N (when supported) access point with good range (thus possibly upgradeable antennas?)

    So, what kind of pfsense system would be needed to run this if at all possible?
    ive looked at the ALIX systems, and the possible ITX boards but i have no basis on what sort of spec would be needed for the network load we have.

    Thank in advance again,
    Widz



  • You'll be able to make do with just an Atom D510/ D525 setup and 1GB~2GB of ram.
    Just remember to increase the state table size and you're good to go.

    However, you will probably want to set the Belkin as a dumb AP (disable DHCP server, hook up one of the LAN ports to the LAN side switch of the pfSense box).  There is currently no support for Wifi-N in pfSense.

    For QoS, you'll need to set it as per your requirements.  There is the option of both shaping and limiting in pfSense 2.0.  Furthermore, you can use schedules to shape or limit traffic during certain hours only (useful if your connection gets bursty during off peak hours so you can hardcap during peak hours only).



  • Thanks dreamslacker, the integrated D510 boards are nicely priced, and as for a case that shouldnt be to hard to sort out!
    However the D510MO only has one ethernet port on board, are there any recommended methods/ways to getting 2 more ethernet ports?

    The specs say the board has a mini PCI Express slot, though i can't find its location on the board in any photos…
    assuming it is there would having a Wireless N card in it located with external antennas work in the future?
    and is it possible to have a PCI card to provide those 2 extra ports at a reasonable price?



  • There are Atom motherboards with more than one NIC. Jetway have a range of mini-ITX motherboards (some with Atom CPUs) that will take a daughter card (not PCI card) with 1 or 3 Realtek or Intel NICs.

    See 1721 and 1621 2 port PCI cards at http://www.soekris.com

    A few years ago I purchased a few dual-port PCI NICs on eBay. No idea of current availability.

    I have had satisfactory performance from USB wireless NICs with Ralink RT-3070 chipset but I've recently read a much less favourable report (http://forum.pfsense.org/index.php/topic,34446.0.html).

    About the placement of the mini-PCI Express slot on the D510MO motherboard: see the manual/user's guide which can be downloaded from the Intel web site.


  • Netgate Administrator

    Just get one of these:
    http://cgi.ebay.co.uk/ws/eBayISAPI.dll?ViewItem&item=290545090693
    You know you want to!  ;D

    A bit of hackery involved to get up and running though.

    Steve



  • Thanks for the replies again guys,
    Steve, although after reading that firebox thread, and with that particular ebay been UK based, i'm not sure if i want to delve right to the bottom on hardware tinkering

    However, Wallabybobs' suggestion is more inline with what i was after, however does anyone know a European or UK based seller of them?

    Thus i presume im right in that:
    Motherboard
    DaughterBoard
    are defiantly compatible,

    along with having 2 spare 800mhz/1024mb/4-4-4-12 sticks of DDR2 should cover the ram aspect.

    However, will i need anything speedy on the hardrive front? or will the CF card builds i see about we able to keep up with what im after the system to do?

    And is there anychance Wireless N PCI Card or something similar can work to provide a wireless access point in G mode until N is supported?

    Thanks guys!


  • Netgate Administrator

    @Widz:

    However, will i need anything speedy on the hardrive front? or will the CF card builds i see about we able to keep up with what im after the system to do?

    The CF build (NanoBSD) will be fine. Once it's booted it mostly runs from ram anyway.

    @Widz:

    And is there anychance Wireless N PCI Card or something similar can work to provide a wireless access point in G mode until N is supported?

    That card is a Ralink RT2860. Officially there is no support for this card in FreeBSD however I found this repo with drivers for it and they even claim to support 802.11N.  :o However you'd have to compile them yourself.

    Here's the post in the FreeBSD forum where this driver is discussed.

    Steve

    Edit: Some success reported under pfSense here. Looks like it's flaky at best though.  :(



  • @Widz:

    However, Wallabybobs' suggestion is more inline with what i was after, however does anyone know a European or UK based seller of them?

    http://www.linitx.com are UK based and sell Jetway mini-ITX motherboards and daughter cards.

    I think if you search the wireless forum and the 2.0 forum you will find reports of people using wireless-N capable PCI cards based on an Atheros chipset with the standard ath driver included in pfSense. Such a card will likely be less troublesome than one requiring a non-standard driver.



  • Thanks Steve, and nice find on the N support :O
    thinking about it, i have some old low capacity drives knocking about, so i could do a full install via the live CD, but the CF is still an option.
    Moreover, the jetway board, with it having the very nice feature of a direct DC input, how does one go about powering any drives in the system? i saw that the box contains a molex 4 pin to 2 x stat power connectors, does this plug into the molex i see pictured on the board and give you 2 powered sata connectors?

    the reason i ask about the wireless card is i'm hunting around now to see what the possibility is of a half height bracket card,
    and that has 3 upgradeable/removable antennas on the card… this is all based around what case i can mount it all into, ideally something low profile and flat (thus HTPC-ish)

    however, would a mini PCI card on the jetway board be just as good? and if the card had 3 connectors for pigtails i'd then be able to mod the case to mount the screw connector?


  • Netgate Administrator

    @Widz:

    i saw that the box contains a molex 4 pin to 2 x stat power connectors, does this plug into the molex i see pictured on the board and give you 2 powered sata connectors?

    Yes.  :)

    @Widz:

    however, would a mini PCI card on the jetway board be just as good? and if the card had 3 connectors for pigtails i'd then be able to mod the case to mount the screw connector?

    A lot of wireless access points just use a mini-pci card internally. I'm using one in my Firebox.
    Personally I think it's a better solution than a PCI card as you can mod the case to fit the three antennas in a better position. All three right next to each other round the back of the case is not ideal!  ::)

    I have used mini-itx.com as well as linitx.com without any complaints. A while ago now though, back when any sort of wireless was new and exciting.  :'(

    Steve



  • Hi Widz,

    At last someone I can share my pain with.
    A friend of mine is in almost exactly the same position as you. Using the 'horrible' Vision-N1. He has 4 kids all into gaming and he himself likes to do a lot with his net connection.
    I said I would help him out. After some serious forum browsing I found that the crashing problem with the N1 is related to it trying to sync with NTP time servers out on the net. It does this every two hours and crashes as a result. This problem is accentuated because real time games like to get the proper time from the router which of course goes off and tries to sync (and crashes).
    I've been a keen follower of the pfsense project for a good while but have never dived in. When I saw his problem, I was thinking that something like this might provide a secure and stable router/firewall.

    So I've been reading the forums here and was thinking along the same config as yourself. At first I was thinking about going with an alix2d3 option from linitx.com but they are sold out. That was to keep the cost down but now I'm thinking the

    1. M350 Universal Mini-ITX Enclosure
    2. Jetway JNC96-525 1.8GHz Fanless Mini-ITX Motherboard with 12V DC
    3. 2GB DDR2 800 ULP DIMM
    4. 3 Intel Gigalan daughter board.

    Then I have a couple dilemmas.

    5. Hard disk - Not sure to go with CF or SATA. I'm thinking if I go with SATA I will need to get a fan of some sort? I know I could go for SSD but that ups the price quite significantly.

    6. Wifi - I was pleased to see that there are some positive results with Wireless-N. I was thinking of leaving the Vision-N1 in place as a sole WAP but here's the problem. The NTP protocol on the Vision-N1 can only be turned off by manual killing the process through a hidden webpage (which is messy) and if the router gets power cycled then the process restarts.

    Did you go ahead with your project? Did you decide on including an Atheros chipset?

    Good to know someone has the same problem as me.

    Looking forward to turing that Vision-N1 into one of the most expensive paperweight in town ;)



  • aha, good to hear others think its just a huge fad and waste of money!

    I never bothered to delve into the reasons why the N1 crashes so much but its interesting to see why!

    As for you choice, i picked exactly the same parts and saved the linitx basket. waiting for my next student loan to role round in a week or so to take the plunge.

    For the other parts i was going to source out an old cheapo laptop or desktop hard drive; as the space doesn't have to be huge to support pfsense and I'm not doing anything that's hard drive intensive. Regarding heat, i don't think it would be to high within the case to warrant needing a fan to cool down the HDD, but depending or placement a tiny one would probably help all round.

    Wifi you can get on the board from what i've read by using a mini-PCIE card with external antenna connectors and using it in G mode for the time being until fully supported? plus the N1 as a backup.

    MY plan was to use any provide holes to mount the screw connectors, or use a drill to widen or create new points on the top of the case, tho i was ideally trying to find a tri antenna mini-PCI card

    Hope this helps, and i will defiantly be updating when i get this build going !


Locked