Building a pfSense box



  • What hardware should I use?

    Currently, i have a 25/5 connection, with about 10 users, but that could always go up to 50/10, or even more. With even 20+ users eventually.
    My main choice is to use an intel or AMD CPU. Its either an Intel D2700, or an AMD E-350. I also plan on getting a dual port intel NIC, instead of using the onboard NICs.
    How much RAM is recommended? Should i max out the boards at 8GB, or is that overkill for a simple pfSense box.
    I also want to have a lot of extra performance to add 'features' to this. I will most likely try other distros like Untangle, Smoothwall, and m0n0wall.

    For the case, I would like something as small as possible, while still having room for a PCI NIC.

    I am considering an SSD instead of a regular hard drive. It would make it cooler and quieter, as well as make it use less power. How big does the SSD need to be for a full pfSense installation?

    Sorry for all the questions. and Thanks!



  • Hi,

    I was using a P3 600MHz with 256MB SDRAM (old IBM desktop computer) with 3 x 3COM 100Mbit (dual WAN + LAN) with 60/3 + 6/1.6 for about 5 years holding about 75 websites behind with no problems (about 5-15% cpu usage and 25-40% RAM usage).

    Unless you need to make heavy filtration or VPN (encryption) you don't need a powerful machine. I suggest you to put money inside stable things with less moving parts as possible (CF card or SSD, less fans etc). You can probably get something like a WatchGuard Firebox or kind like hardware. If your NIC are good, they will do most part of the job by themself. Intel and 3COM are well supported.



  • @jtvd78:

    How much RAM is recommended? Should i max out the boards at 8GB, or is that overkill for a simple pfSense box.

    Way overkill, 256MB is probably ample for a "simple" pfSense.

    @jtvd78:

    I am considering an SSD instead of a regular hard drive. It would make it cooler and quieter, as well as make it use less power. How big does the SSD need to be for a full pfSense installation?

    For the last three years I have run a non-embedded pfSense and a few packages from a 1GB solid state disk module.



  • @wallabybob:

    For the last three years I have run a non-embedded pfSense and a few packages from a 1GB solid state disk module.

    Just a question. Does people not use proxy cache on these embedded / small disk systems?



  • @janneb:

    Just a question. Does people not use proxy cache on these embedded / small disk systems?

    I don't. I can't speak for others.

    The original poster asked about "simple" pfSense box. I guess "simple" is a fairly inexact term.



  • @janneb:

    Just a question. Does people not use proxy cache on these embedded / small disk systems?

    One should be using such a system only as non-caching proxy (e.g. in order to filter web traffic)

    Squid is a complex beast and instead of improving, it can actually degrade overall user experience, if not configured properly and on a suitable system.



  • Here's my current plan:

    Motherboard/CPU/GPU: http://www.newegg.com/Product/Product.aspx?Item=N82E16813121596  – $80
    Case/PSU: http://www.newegg.com/Product/Product.aspx?Item=N82E16811129080 -- $90
    SSD: http://www.newegg.com/Product/Product.aspx?Item=N82E16820148610 -- $55
    NIC: http://www.newegg.com/Product/Product.aspx?Item=N82E16833106122 -- $32
    RAM: http://www.newegg.com/Product/Product.aspx?Item=N82E16820226019 -- $23

    How does it look?

    For the motherboard, I have an Intel board, with an Intel Atom D2700 CPU. The case is nothing special. It has a 150W PSU, which is more than plenty for this build. The SSD is a 32GB Crucial m4, which connects to the motherboard with a mSATA Connection. The Motherbaord has one of these connections. I will also max out the board with 4GB of RAM, cuz honestly, the RAM is just so cheap, so why not?
    I couldn't find any decently priced Dual port PCI NICs, so ill use the onboard NIC, and a single PCI NIC.

    Am I missing anything? What would you guys change?



  • Looks really nice to me… good choice to use intel, both stable and compatible and nice idea for the mini-ITX.

    Is there place to put many NIC inside that?



  • @thevoice:

    Looks really nice to me… good choice to use intel, both stable and compatible and nice idea for the mini-ITX.

    Is there place to put many NIC inside that?

    If you look at the case from the back, you can see that there is a low profile expansion slot. Which is just enough for the NIC that I'm using.



  • Perfect, if ever you need more LAN or WAN I think there are low profile network cards… This is the only limitation I can see!



  • This post looks familiar… and your name too.



  • @tirsojrp:

    This post looks familiar… and your name too.

    Hmmm…. I wonder why  :P

    But really, Its good to get a second opinion. Especially from the communities of the two main distros that I am going to try out on my build. Maybe one forum would pick up on something that the other one missed.



  • I built a box similar to what your describing, here's my post of the completed box.

    See if you can use anything in that build….I really like the mini case, although has no provision for PCI card but with dual onboard Intel NICs I have no need for one.



  • @RocKKer:

    I built a box similar to what your describing, here's my post of the completed box.

    See if you can use anything in that build….I really like the mini case, although has no provision for PCI card but with dual onboard Intel NICs I have no need for one.

    I like how your motherboard has dual nics, but I like how my current motherboard has a CPU that is higher clocked and is hyper-threaded. Though, I am leaning towards my motherboard, would it be a better idea to use the one you used?



  • According to this -
    "21-50 Mbps - No less than 500 MHz CPU"

    so from a pure throughput standpoint either cpu gives you plenty headroom, but if you add some services (and is sounds like you may) it could eat up whatever excess cpu you have.

    Either box should be able to handle those different distros, it's the added services that will bog them down.

    Sorry I don't have much info on hyper-threading, gut feeling tells me you want it but I couldn't quantify more than that with anything reasonable.

    For my setup (a home router) a small footprint was desirable and that setup fit the bill.

    BTW - I strongly urge you to include fans and heatsinks (didn't see those in your build list). Passive cooling these boxes is just not enough.



  • I've been looking around, and I've found an alternative to my current board: The Intel DN2800MT Link. It supports mSata over its miniPcie, as well as having regular PCI Express x1. I'm also getting the M350 case, as you recommended. It seems very popular in the MiniITX market. I'm also getting a Riser kit for the case, so I can use full size cards. Link.



  • Supports hyper-threading, cool.

    I like the ability to add a full size PCIe. If Intel would add an additional onboard NIC, that would the perfect firewall/router mboard!

    I think that will be a sweet build!



  • @RocKKer:

    Supports hyper-threading, cool.

    I like the ability to add a full size PCIe. If Intel would add an additional onboard NIC, that would the perfect firewall/router mboard!

    I think that will be a sweet build!

    I'm debating on getting a HP NC360T, and modding it to fit into an x1 slot. They are really cheap on ebay.
    http://forums.servethehome.com/showthread.php?471-Dual-NICs-on-PCIE-x1-slot-recommendation



  • If that HP dual uses the Intel 82571 (like the forum link says) it should work good as a server NIC.

    Looks like a good cheap dual NIC and mod, have to keep that in mind if I ever need a dual NIC solution!


Locked