• Just a quick question for the experts here.

    Recently installed 2.0.1 on an old Dell system I had. It has just an old P4 and 2GB memory in it. That should be more than sufficient I believe, as this is only for a 25x5 home connection, however this system is so old it doesn't even run on a SATA drive, it has an old IDE in it. Any issues I should be worried about using this machine or does pfsense mostly a CPU/Memory intensive firewall?

    Thanks!


  • May add some packages later on, but as it is right now it just does some port forwarding for RDP in and such. DHCP and DNS Relay are both off as well, as those are done by a virtual server on a VMware host.


  • I'm running a pfSense 2.1 installation on a similar machine, DELL Inspiron 5100, Pentium(R) 4 2.66 GHz, 2 GB RAM, Broadcom 440x 10/100 Integrated Controller (NIC), with tagged VLAN WAN interface.  Only issue I've run into so far is that MAC spoof on the WAN does not work.  But if needed that is easily worked around by with a config shell command (shellcmd) to set the MAC using ifconfig.  http://forum.pfsense.org/index.php/topic,53927.0.html

    Also I've removed the disk and CD drives and running pfSense on a 4 GB USB flash drive.  Keeping a duplicate flash drive on hand ready to go.

    sync  # Flush Buffers
    dd if=/dev/da0 of=/dev/null bs=1m    # Check for errors
    dd if=/dev/da0 of=/dev/da1 bs=1m    # Duplicate USB Flash Drive


  • I'm going to assume that if pfsense has no issues running off a USB, that an old IDE should suffice? Sounds like drives/drive speed really aren't crucial for performance, moreso the CPU and Memory is.


  • Unless you are short of resources on your VMware host, you could just make another VM for pfSense.


  • My 2nd router, mostly used for exchange mail and a few game servers is already a VM on my first VMware host. I prefer to have my main router to be physical, just as a personal preference. ;)


  • @rustydusty1717:

    Just a quick question for the experts here.

    Recently installed 2.0.1 on an old Dell system I had. It has just an old P4 and 2GB memory in it. That should be more than sufficient I believe, as this is only for a 25x5 home connection, however this system is so old it doesn't even run on a SATA drive, it has an old IDE in it. Any issues I should be worried about using this machine or does pfsense mostly a CPU/Memory intensive firewall?

    Thanks!

    I have several old Dell systems running. One (1.9 gig machine) has an even older Fujitsu 4.3gig drive that just goes and goes. That one runs 2 OpenVPN servers easily and was up to almost 200 days up time when I upgraded the firmware to 2.0.2 (test). Others include a 1.7 and 2.8 gig processors.


  • So I guess mine should be fine then! Final question. I just threw an Intel dual port 10/100 in it to get it up and running. It's currently just running 25x5 cable connection, would it be able to handle a 50x5 without issues or is that pushing the network card? Also, I searched the machine and there's no SATA ports on the mobo, unfortunately  :(. Sticking with IDE on this beast I guess.


  • I don't quite run those speeds but according to this- http://www.pfsense.org/index.php?option=com_content&task=view&id=52&Itemid=49  you should have no problems.  10/100 card is probably almost at its limit but will most likely get you by.

    Ive never run a dual 10/100 on a single pci slot. Do you run both wan and lan on it?


  • Yes, WAN goes to a 4 port switch which is also used by another firewall. LAN goes to a 24 port switch and feeds to the entire home network.


  • Do you run both wan and lan on it?

    I mean on the same card.

    Still shoooould be able to do it with the limiting factor being the PCI speed.

    Anyone…  Bueller??


  • Yes, both on the same card. Dual port intel card. It hasn't started on fire yet  :o

  • Netgate Administrator

    I run a P4-M at 1.2GHz (currently) with 512MB. I can push >250Mbps through it. I have dual WAN 20:1 and 40:2, no problems.
    A single PCI card in a typical desktop 33MHz 32bit slot will be limited by the bus to ~1Gbps. Dual 100Mbps NICs should not present any problem.

    Steve


  • @stephenw10:

    I run a P4-M at 1.2GHz (currently) with 512MB. I can push >250Mbps through it. I have dual WAN 20:1 and 40:2, no problems.
    A single PCI card in a typical desktop 33MHz 32bit slot will be limited by the bus to ~1Gbps. Dual 100Mbps NICs should not present any problem.

    Steve

    Thanks Steve for all the info! FYI, this is a single card, dual ports on it, 10/100. One is WAN, other is LAN. So far no issues at all with my 25x5 connection and no packages (yet).

    What are you running for a drive on yours? I was hoping to find a SATA port on the mobo, but was unsuccessful in doing so. Will have to stick to the IDE for now. That's aboutt the only limiting factor that I can see with my setup as of right now.

  • Netgate Administrator

    I'm running from a CF card using the NanoBSD image. My box has a slot on the board so it's easy.
    Running from IDE is not really a limitation unless perhaps you are running squid where disk read times are important. Even then IDE is better supported (IMHO) than SATA at this point. SATA occasionally causes trouble for people who are running new hardware or stuff from the era when SATA was being introduced when not everything complied with the standards correctly. Any bugs in IDE were ironed out a long time ago.

    Steve


  • Many P4 level Dell desktops had on-board Gb Ethernet, on some models it was on the PCI bus.

    If yours is an Optiplex, it's likely a GX260 (P4, IDE, no SATA; 270's and up had SATA +170 had SATA.)  The 260 has Gb Ethernet onboard on the PCI bus.  Considering your other connections are 10/100 you shouldn't be able to really saturate the PCI bus with a single Gb connection, even if your is an Optiplex GX 260.

    One thing I would worry about, though, is if it has an original (factory) IDE hard drive.  Well, any non-new IDE hard drive.  It's gotta be old.  You don't see a lot of SSD's in IDE these days, but there certainly are a few that are still manufactured and sold, but usually to more industrial type markets.  Supposedly, a GX260 with firmware A09 and newer you might be able to boot it off USB, but I hear that it's not always foolproof.  You could also do a Compact Flash to IDE adapter.  That's what I do on my old PIII Dell Destkop.

    For the most part, though, if you just have an old IDE hard drive sitting around with a copy of pfSense pre-installed and back-up your config fairly often; replacing a failed hard drive wouldn't be all that difficult (though, annoying for others in the house when it fails and you're not home, that's always my luck.)


  • I guess i'll just make sure I have a spare drive kicking around. Luckily all my servers are on a giant UPS incase bad power could ever be a factor in the drive going.

  • Netgate Administrator

    That's a very good point. IDE drives you have to hand are likely to be old.
    New IDE drives can still be had though they are very expensive for their capacity.
    CF-IDE adapters are cheap.  :)

    Steve


  • Ive found that there are quite a few NOS smaller IDE drives out there to be had. But yes they cost a bit more per meg than their new counterparts.

    My 4.3 Fujitsu drive should be approaching 90,000 hrs soon.


  • Wow, that's quite a while on such an old drive! I'm going to just see what happens with the current machine. I have the original router sitting near so if the machine craps out, I can plug the old dlink router in for a temp fix until I can build a better pfsense machine.  :)