Pfsense on atom plattform



  • I was thinking to replace the current pfsense hardware to newer ones. The old one is an P4 3.0 Ghz system, so far its working fine but I think sooner or later the hardware will fail due to its age. I've researched and thinking to get small or embedded machine.

    When I was also looking for an small media player or HTPC I stumbled accross J&W Minix HD PC http://www.jwele.com/motherboard_detail.php?1140
    It already has a case + 12 Volt adapter, Atom Dual Core D2700, Dual Broadcomm Gigabit LAN, Intel GMA 3630 graphics, etc. All of this only about $110, I just need to add 2.5" HDD (or sata to CF interface adaptor + CF) and DDR3 SO-DIMM RAM which only about $20 for 4GB.

    Is this a good idea? will pfsense run/compatible on that machine?



  • http://www.freebsd.org/releases/8.1R/hardware.html

    If it's on the list it should work.
    Atom is based of x86 or x86_64, right? It should work then.
    Broadcom is generaly well supported.
    You'll need another NIC, It's not going to be much of a firewall with one network card.

    I use an ALIX system with no problems. The CPU on my machine is 400 Mhz or so, and 256 megabytes of ram. With that setup that you are suggesting, you should be able to do a full install with it. However, it says on the site that only windows 7 is officially supported. YMMV.
    I can only honestly say with 100 percent certainty that if you are seeking a small embedded style system to install on, you should go with PCEngines Alix series boards.
    I have personally used them and i have had nothing but a wonderful experience for my troubles. Total cost to me was about 250-300 US dollars, I bought a top end wireless card with a high gain antenna and a pre-made enclosure as well as a 2 gb cf card.


  • Netgate Administrator

    It completely depends on what bandwidth you're firewalling.
    An ALIX board will firewall/NAT ~85Mbps.
    The D2700 will do >500Mbps.
    If you want to run packages or VPN that will reduce the throughput.

    I wouldn't worry about the claimed OS support, they just don't want to field hundreds of questions. Though the bios is probably written with Windows in mind. There are people here running D2500 machines.

    What are you running with your current machine?

    Whatever you get you save quite a bit on power costs over a P4.

    Steve



  • @mostlyharmless:

    http://www.freebsd.org/releases/8.1R/hardware.html

    If it's on the list it should work.
    Atom is based of x86 or x86_64, right? It should work then.
    Broadcom is generaly well supported.
    You'll need another NIC, It's not going to be much of a firewall with one network card.

    I use an ALIX system with no problems. The CPU on my machine is 400 Mhz or so, and 256 megabytes of ram. With that setup that you are suggesting, you should be able to do a full install with it. However, it says on the site that only windows 7 is officially supported. YMMV.
    I can only honestly say with 100 percent certainty that if you are seeking a small embedded style system to install on, you should go with PCEngines Alix series boards.
    I have personally used them and i have had nothing but a wonderful experience for my troubles. Total cost to me was about 250-300 US dollars, I bought a top end wireless card with a high gain antenna and a pre-made enclosure as well as a 2 gb cf card.

    Its already got dual broadcomm gigabit LAN port that would be enough for me (I assume this chip has VLAN support in pfsense). I plan to use it on multiple VLANs with some filtered routing between VLANs. I did look up on Alix boards but for similar price I can get miniITX system with more powerful machine to ease my mind.

    @stephenw10:

    It completely depends on what bandwidth you're firewalling.
    An ALIX board will firewall/NAT ~85Mbps.
    The D2700 will do >500Mbps.
    If you want to run packages or VPN that will reduce the throughput.

    I wouldn't worry about the claimed OS support, they just don't want to field hundreds of questions. Though the bios is probably written with Windows in mind. There are people here running D2500 machines.

    What are you running with your current machine?

    Whatever you get you save quite a bit on power costs over a P4.

    Steve

    Ah, the processor should be more than able to fill my needs. That's good to hear. But I looked around, the onboard graphics drivers (gma 3650) only supported windows 7 32 bit. From google search there are many issues with people trying to run linux with onboard graphic because no drivers available in linux. I'm afraid freebsd/pfsense will have similar issues. But the question is, will the onboard graphics has the ability to output a text console on freebsd? I'm going to need that during first time installation and basic setup.

    On the Pentium IV I only has two interfaces, but one of them has 5 VLANs trunk connected to managed switch serving about 70 devices (pc, notebook, printers, ip phones). I'm only use them for DHCP, DNS CACHE, NAT, QoS, filtered routing between VLANs. I don't use squid/web filter on the pfsense machine (I use another machine in the network for proxy/filter).


  • Netgate Administrator

    Output to a text console doesn't require a driver as such, just graphics hardware that is standards compliant.
    However, yes, some people have had trouble with these chips particularly using 64bit.
    I would suggest that you can always use a serial console instead but there isn't a port on that hardware.

    Steve



  • @stephenw10:

    I would suggest that you can always use a serial console instead but there isn't a port on that hardware.

    No, but it looks like there is a serial port header on the motherboard just waiting for a cable to be attached.
    And it looks like there's even a space to cut out for the port on the back of the case.

    The lack of VGA console support is kind of a drag but I can scrap a serial port header out of another box or buy one for $6 then this little mini-itx is looking like a very nice deal for a cheap low-power fanless setup.

    I've got the following in a newegg wish list (Total $183.95):
    OEM Production 2700L2D-MxPC Intel NM10 Black Mini / Booksize Barebone System (currently out of stock)
    http://www.newegg.com/Product/Product.aspx?item=N82E16856205006

    Crucial 1GB 204-Pin DDR3 SO-DIMM DDR3 1066 (PC3 8500) Laptop Memory Model CT12864BC1067
    http://www.newegg.com/Product/Product.aspx?item=N82E16820148195

    SYBA SY-ADA40050 Mini-SATA to 2.5" SATA Adapter
    http://www.newegg.com/Product/Product.aspx?item=N82E16812186184

    Wintec 4GB mSATA Solid State Disk 33100003  (Industrial SSD w/ 4 million hr MTBF!)
    http://www.newegg.com/Product/Product.aspx?item=N82E16820161493

    StarTech PNL9M16 9 Pin Serial Male to 10 Pin Motherboard Header Panel Mount Cable
    http://www.newegg.com/Product/Product.aspx?item=N82E16812400022

    I think that's quite a bit cheaper than a complete ALiX board or similar appliance isnt it?

    If you read the reviews for that barebones several people mention garbled text during pfsense install.  I'm wondering how to get the actual install going though… If it were an embedded setup (nanobsd) then output would go to serial by default and all would be well but I want to do a regular HDD install to the 4GB SSD probably from live boot off a USB stick or I do have a USB CDROM laying around.  Once it's installed it's a simple option in the web interface to change console from VGA to serial but i have to get it booted first to get to the web GUI which is done via the VGA console that I won't be able to see right?  One newegg reviewer was clever enough to boot pfsense in a VM so he could know what the prompts are and make it through the initial boot blindly but I'm thinking there should be an easier way if I've got the serial header hooked up.

    hmmmm.... any thoughts?



  • For some reason there are some compatibility issue running X64 OS on a D2700.

    Although the D2500 is the next logical choice, it only supports 2 threads.

    I would go for the D525 or D510 CPUs.



  • I'd be content to run the x86 version.  And I've not found a D550 w/ case and PSU and everything for as cheap as that $129 deal.  The problem is the GMA3650 HD graphics chip which is integrated into the CPU apparently as I've seen other NM10's with different graphics chips.  Obviously I don't need X support or 3d to run pfSense but people are reporting that the text output of the console is even garbled.  I'm not sure if the boot menu is visible or not but people are saying the install prompts are unreadable.

    I'm just looking for advice on how I can do a hard drive install of the non-embedded version via serial instead of VGA…



  • Just wondering if anyone actually tried one of these "OEM Production" boxes for pfsense? Newegg has one based on the d2550 with dual broadcom nics for $129 (see http://www.newegg.com/Product/Product.aspx?Item=N82E16856205007). Seems like a pretty good deal if the pieces parts are OK… Also wondering (can't tell from the description) if a 2.5" SSD would fit in it?



  • @rjcrowder:

    Just wondering if anyone actually tried one of these "OEM Production" boxes for pfsense? Newegg has one based on the d2550 with dual broadcom nics for $129 (see http://www.newegg.com/Product/Product.aspx?Item=N82E16856205007). Seems like a pretty good deal if the pieces parts are OK… Also wondering (can't tell from the description) if a 2.5" SSD would fit in it?

    That is suprisingly very similar to the one I had (JW Minix HD PC). The case has a slot/mounting holes for 2.5" SSD/HDD  inside.



  • @tesna:

    @rjcrowder:

    Just wondering if anyone actually tried one of these "OEM Production" boxes for pfsense? Newegg has one based on the d2550 with dual broadcom nics for $129 (see http://www.newegg.com/Product/Product.aspx?Item=N82E16856205007). Seems like a pretty good deal if the pieces parts are OK… Also wondering (can't tell from the description) if a 2.5" SSD would fit in it?

    That is suprisingly very similar to the one I had (JW Minix HD PC). The case has a slot/mounting holes for 2.5" SSD/HDD  inside.

    Thanks… If I do it, I'll let you know how it goes.



  • @packeteer:

    For some reason there are some compatibility issue running X64 OS on a D2700.

    Although the D2500 is the next logical choice, it only supports 2 threads.

    I would go for the D525 or D510 CPUs.

    I just wanted to confirm that the D535 is a very nice CPU to use and it can take a lot of load/traffic!
    /E


Log in to reply