Need advice regarding hardware requirements <> features needed



  • Hi,

    I'm planning to build a pfsense router/firewall with the following features :

    • 10/15 peoples behind the firewall, 2 VLANS
    • Private and Public Wifi AP
    • Captive Portal and trafic shaping on Public Wifi
    • Squid Proxy enabled for being able to track user activity (legal reasons - public wifi)
    • Maximum throughput : between WAN and LAN : 30Mbps (internet cable connexion)
    • Max 2 simultaneous lightweight openvpn connections

    Do you think that something like Appliance Shop's OPNsense WL (AMD Geode LX 500Mhz, 256Mb RAM, 4GB Flash, Wistron DCMA81)  would be okay for that, provided of course Squid's logs are send to a distant syslog server ?

    Thanks for your advice.

    Matthieu



  • Should suffice. You did mention Squid. This box uses a 512 SLC. For $250 you would be better off with an Atom box (plus it will be much more powerful for future increase in requirements) unless you don't want to assemble it yourself.



  • @asterix:

    Should suffice. You did mention Squid. This box uses a 512 SLC. For $250 you would be better off with an Atom box

    Thanks for your answer. Could you give one or another reference regarding this "atom box" ?


  • Netgate Administrator

    He means any Atom board in a small enclosure. You could easily do this for 260 Euros if you are prepared to build it yourself. It's most fun part in my opinion.  ;)

    Steve



  • Check this thread.

    http://forum.pfsense.org/index.php/topic,49105.0.html

    There are pics on the second page along with prices for all components.



  • Thanks to all of you ! Thanks exactly the kind of advice I needed.

    Since I don't have so much time to build the router (professional use), I'll go for a ready-made enclosure like the OPNsense.



  • U r most welcome.

    To be honest and frank OPNsense seems to be a waste of money. U can assemble the parts (once you have them) in less than an hour. Maybe 2 for a novice. Its no rocket science.



  • Oho ! That's the kind of advice I guess I should take into account ;-) I'll check once more.



  • @pagaille:

    Since I don't have so much time to build the router (professional use), I'll go for a ready-made enclosure like the OPNsense.

    This ^

    @asterix:

    To be honest and frank OPNsense seems to be a waste of money.

    Is precisely why this ^ is not true.

    Time savings up front isn't all that much of a consideration, though picking out all the right parts that are supported and assembling them does take some time. The biggest consideration is when you're buying an appliance from one of our recommended hardware vendors, you know it's someone we're working with directly and testing their hardware including testing new releases in advance. For critical production systems, that's a key factor that's well worth slightly more money. You know for a fact that when you upgrade, that hardware has already been verified to work 100%, and you aren't going to hit some oddity with some unusual combination of hardware and a newer FreeBSD base version and start having problems. Granted that's rare, but it's enough of a consideration that I wouldn't mess with trying to assemble your own hardware. Getting hardware you can have a very high degree of confidence in is well worth the money alone.

    Also, those vendors provide key financial support that keeps the project running. 98% of development work is done by people on our payroll, and they're a big reason we can make that payroll.



  • @pagaille:

    • Squid Proxy enabled for being able to track user activity (legal reasons - public wifi)

    Do you think that something like Appliance Shop's OPNsense WL (AMD Geode LX 500Mhz, 256Mb RAM, 4GB Flash, Wistron DCMA81)  would be okay for that, provided of course Squid's logs are send to a distant syslog server ?

    Reply to self : apparently, running Squid on a CF-based hardware isn't recommended nor possible because of the read-only nature of the embedded version of PFsense.

    Am I wrong ?


  • Netgate Administrator

    You can run Squid on embedded but you can't cache to the CF card.
    That means you run it with no cache, just using it for web filtering/logging or you cache to ram. 256MB is not enough to cache to ram in any meaningful way.

    Steve


Locked