Firewall appliance under $200 BYOP (Bring your own parts)



  • I have looked at the prepackaged solutions for using with pfsense but I was wondering if someone had successfully built a comparable firewall appliance from scratch for around $150 - $200.  I am looking for something with can be a micro ATX or similar/smaller with 4 NICS 1 video/1 Com/2 USB.  Can take celeron or Pentium 4/D.  No need for CD-ROM since I should be able to connect one via USB if need be.  External power supply a plus.

    This is primarily for my SMB customers who are between 5-30 Users.  Maybe a vpn tunnel or 2.  Maybe some VOIP in the future for smaller clients.  Most users just use the internet connection for email (Exchange Server)  or browsing.  Remote desktop or logmein.  Something that if the need arises or a module comes out which requires more computing power I can easily upgrade and or switch parts out or just have a system which will be able to provide the power needed 3-4 years to come.

    Thanks



  • I always have problems using USB CD ROMs. Maybe thats just me.



  • Well, I don't know about your target price, but options include:

    1. FX5620 (requires just some form of storage - HDD or CF)
    2. Jetway Mini-ITX boards with a 3 port add-on board in a case of your choice

    I've got an FX5620 as my pfSense box and it works well (if a touch hot - it is entirely passively cooled though) - installs just fine from a USB CD-ROM.



  • USB CD-ROM's don't work (with pfSense or FreeBSD right now).

    Cry Havok: how did you get it to work? It's a known FreeBSD problem with a PR open on it. I guess there may be a very, very few that work. What specific drive do you have? You're the first person that's ever reported success with USB CD-ROM drives. There are a number of threads on here with people trying them and they don't work.

    kapara: for that price range, if I were looking for something with more juice than a WRAP, I think I would go with a small Dell desktop. I've had excellent luck with FreeBSD and Optiplex GX150's.

    Here's a box for $130 shipped. http://cgi.ebay.com/Dell-GX150-DHP-1-0-GHZ-128-RAM-20-GBHD-DVD-ROM_W0QQitemZ120128046148QQihZ002QQcategoryZ140070QQrdZ1QQcmdZViewItem

    Here's an Intel low profile PCI NIC (the small case GX150 linked above only takes half height/low profile PCI cards)
    just the first one I found, it's an Intel card, $17 shipped.
    http://cgi.ebay.com/IBM-Intel-Low-Profile-PCI-10-100-Ethernet-card_W0QQitemZ170120202763QQihZ007QQcategoryZ58303QQrdZ1QQcmdZViewItem

    That gives you a two interface box that'll push 100 Mb wire speed for under $150.



  • @cmb:

    USB CD-ROM's don't work (with pfSense or FreeBSD right now).

    Cry Havok: how did you get it to work?

    I plugged it in ;)

    @cmb:

    It's a known FreeBSD problem with a PR open on it. I guess there may be a very, very few that work. What specific drive do you have? You're the first person that's ever reported success with USB CD-ROM drives. There are a number of threads on here with people trying them and they don't work.

    Not sure - I borrowed it.  I'll see if I can find out, but it'll probably be a week or 2.  It may be related to the platform - FX5620 - that I used it with, as well as the particular model of CD-ROM I used.



  • I have an FX5620 donated by LinITX, I'll have to see if my drive works on it. I have a Philips USB 2.0 SPD3100CC, 16X DVD +/- RW, and it hasn't worked on 3 systems I've tried it with, both pfsense and FreeBSD. I haven't tried the FX5620 yet though.

    Thanks for the info, if you find out exactly what make and model drive worked for you, it'd be great if you could post back.



  • Question then if no CD-ROM.  Could I build out a system on one machine and then transfer the HD or Flash to the new machine?  Would pfsense have a problem with the fact that the the system had different hardware?

    Thanks,

    Mark



  • @cmb:

    kapara: for that price range, if I were looking for something with more juice than a WRAP, I think I would go with a small Dell desktop. I've had excellent luck with FreeBSD and Optiplex GX150's.

    Here's a box for $130 shipped. http://cgi.ebay.com/Dell-GX150-DHP-1-0-GHZ-128-RAM-20-GBHD-DVD-ROM_W0QQitemZ120128046148QQihZ002QQcategoryZ140070QQrdZ1QQcmdZViewItem

    Here's an Intel low profile PCI NIC (the small case GX150 linked above only takes half height/low profile PCI cards)
    just the first one I found, it's an Intel card, $17 shipped.
    http://cgi.ebay.com/IBM-Intel-Low-Profile-PCI-10-100-Ethernet-card_W0QQitemZ170120202763QQihZ007QQcategoryZ58303QQrdZ1QQcmdZViewItem

    I second that. I have it running on a GX150 right now for a small business. It has one onboard NIC and two PCI slots. Right now I have two interfaces running on a compaq dual PCI NIC. So there is potential for the 4 interfaces you needed. This is definitely the most cost effective solution while maintaining a smaller than usual footprint. The dimensions of my unit are 17"x15"x4.25".



  • @kapara:

    Question then if no CD-ROM.  Could I build out a system on one machine and then transfer the HD or Flash to the new machine?  Would pfsense have a problem with the fact that the the system had different hardware?

    The only problem that might pose is if the hard drive changes. i.e. if it's primary IDE master drive in the destination system, and you install it with the HD as slave on the secondary IDE controller, it's not going to boot in the destination system. Even that you can work around though, if necessary. It's easier to just make sure it's the same in source and destination.



  • I'm going to suggest a picmg board. They have about the size of a double length isa card and can be got on ebay for a good deal. If you drop it into a backplane you can add as many nics as you want. http://cgi.ebay.com/PEAK-6320A-SBC-SINGLE-BOARD-COMPUTER-DUAL-P-3-CPU-CARD_W0QQitemZ300123906368QQihZ020QQcategoryZ1484QQrdZ1QQcmdZViewItem is a dual 370 on with on onboard nic. For a backplane you can get them in any size but, I would recommend something like this http://cgi.ebay.com/BackPlane-Boards-PICMG-PCI-4S-4-SLOTS-Passive-BP-NEW_W0QQitemZ270035587335QQihZ017QQcategoryZ11175QQrdZ1QQssPageNameZWD1VQQcmdZViewItem


Log in to reply