PfSense Router Build on a Intel D510
-
I've had this setup for while and would like to share with the masses.. I'm currently running pfSense 2.1 Dev on the below hardware. I've had the box up and running for almost 2 years and its gone thru many changes… Mostly software changes as this box first ran pfSense 1.2.3 then 2.0Beta to get the LCD display to work then 2.0BetaIPv6... It currently runs 2.1Dev which includes the IPv6 code. I've never had a high uptime because I'm always making changes but it did have a 36 day uptime once because I away for training with my reserve unit. My first router box running pfsense 1.2, had a year up-time since I never messed with it after its setup.
This box has 4 Intel NICs, 2 on the MB and 2 on a PCIe card. I'm using 3 ports today, WAN, LAN, and another is a VLAN trunk. The VLAN trunk allowed me to setup my Linksys/Cisco Router(running DD-WRT, AP setup only) with a Guest Wireless VLAN. I didn't want to setup another wireless AP for guests, and since I can setup virtual Interfaces on the AP and tie it to a VLAN; it just seem the right way to go about it. I plan on adding another VLAN for cameras. I use OpenVPN in 2 forms, 1 for remote access and another is a Site-to-Site to my brother's network so I can mess with from time to time... And to give remote support...lol. As a test, I was able to connect my Verizon 3G USB stick and setup a WAN fail-over. I've removed 3G USB stick since i used that stick when i'm on the road.
I use traffic-shaper to its fullest. With the setup I have, I can be VPN into work moving files, watching a Netflix stream, playing xbox 360, and downloading 5 torrents with no hiccups. Of course this is over a 50/5 cable modem pipe so that helps too. I setup the "limiter" function so guest that are using the wireless can't hog bw, they get a 5/512k pipe.
With the help of other members on the forum, I was able to get the LCD display to work. Which is why I got this case to start with... Small factor, and able to display stats on its screen.
I also setup pound on the box as a reverse-proxy. There is a pfSense packages that does this but I couldn't get it run so i found pound to just work. It allows me to have a FQDN route to different boxes on my network all via port 80. In the past I would use IIS on my server to allow me to have different web sites on the same IP.. But I also wanted to see my TED5000(electric monitoring device) thru the internet. I was able to do with assigning a different port in NAT rules then have it direct to boxes IP on port 80.. But with this setup I had to remember different port numbers and open many ports on my firewall. Now with pound, all my traffic comes in via port 80. Pound looks at the FQDN and points that FQDN to the internal IP I assigned it to. Now if you browse to my public IP on port 80, nothing is displayed because pound is looking for a FQDN to process the request. Does this make my box less secure, maybe. But i've thrown every thing I have and can't break in... Working for a ISP, we have many tools to use from ;-)
Example all using port 80:
www.homeip.net - 192.168.0.10
ted.homesip.net - 192.168.0.15
whs.homeip.net - 192.168.0.100Case: M300-LCD Enclosure with Bootable CF Reader, 1 PCI Slot and 2x20 LCD Display
MB: Supermicro X7SPA-HF-O Atom Dual-Core D510/ Intel 945GC/ RAID/ V&2GbE/ Mini-ITX Motherboard
Memory: x2 Kingston 2GB 200-Pin DDR2 SO-DIMM DDR2 667 (PC2 5300) Laptop Memory Model KVR667D2S5/2G
HD: Seagate 160GB (ST9160314AS) 5400rpm SATA2 8MB Notebook
PS: picoPSU-150-XT Power Supply 80W AC-DC Power Adapter Kit
Extras: Intel Dual Port Server NIC, PCIe (Can't remember the model as I already had it)
A special over-price PCIe ribbon riser so I can use the PCIe slot with this tiny case. Need to open the case back up and take a photopfSense Packages:
arpwatch
Backup
Country Block
Cron
imspector
iperf
LCDproc (hacked to get the LCD in the case to work)
mailreport
nmap
Notes (Comes in handy!)
RRD Summary
Shellcmd
TFTP
vnstat2ntop (not running right now)
snort (not running right now)Ports i've added to the system:
pound (resersve proxy for http/https, allows me to direct different FQDN via port 80 to differnt boxes on the network)
monit (monitors the system,re-start services if they are down)
freeipmi (allows me to access the ipmi chip for watchdog and temps within pfsense)lcd setup:
http://forum.pfsense.org/index.php/topic,23919.msg173074.html#msg173074pound setup:
http://forum.pfsense.org/index.php/topic,33566.0.htmlwatchdog/freeipmi setup:
http://forum.pfsense.org/index.php/topic,34056.0.htmlSome photos:
The cable modem is the thin tall one, the other modem is for my phone..and the verizon 3G usb stick and the box off to the side my a QNAP 109-II with 2TB drive it in :-)
current load
states
uptime
the dashboard
P.S Not sure if this should be posted in Hardware but there isn't a user hardware gallery topic
-
Very informative. Thank you. I'll use this post as a resource for my next build.
-
Nice Post ;)
-
Tag for reference. Very nice!!
Darkk
-
Nice.
You are using Version 2.1?
If i Update my Firewall I have version 2.0 RC3. Where can I get the Version 2.1? -
Nice.
You are using Version 2.1?
If i Update my Firewall I have version 2.0 RC3. Where can I get the Version 2.1?This post should be able to help you out http://forum.pfsense.org/index.php/topic,38896.0.html
-
Since this topic is already on the right course, I decided to post here instead of making a new thread. I was wondering what to buy to get the cheapest possible build, similar to yours. A D525 board costs about 66€ around here and has one onboard NIC. So basically the hardest part is the storage and PSU/chassis. Any suggestions where to get those cheap?(I don't mind ordering internationally) Also, can an external USB flashdrive be used instead of HDD?
-
Since this topic is already on the right course, I decided to post here instead of making a new thread. I was wondering what to buy to get the cheapest possible build, similar to yours. A D525 board costs about 66€ around here and has one onboard NIC. So basically the hardest part is the storage and PSU/chassis. Any suggestions where to get those cheap?(I don't mind ordering internationally) Also, can an external USB flashdrive be used instead of HDD?
http://www.mini-box.com/site/index.html
-
Since this topic is already on the right course, I decided to post here instead of making a new thread. I was wondering what to buy to get the cheapest possible build, similar to yours. A D525 board costs about 66€ around here and has one onboard NIC. So basically the hardest part is the storage and PSU/chassis. Any suggestions where to get those cheap?(I don't mind ordering internationally) Also, can an external USB flashdrive be used instead of HDD?
I would suggest the Mini-Box case as well. That is what I'm currently using. I'm currenty booting off of a 2GB Sony MicroVault Tiny flash drive.