Which hardware?

poningru

Hello all
Looking to buy/build/acquire hardware for a pfsense build, here are my requirements:

1. total cost should be less than $200 (including 3-4 gig intel nics)
2. if possible less than 40-50W idle (better if less)
3. maybe 3-4 nics
4. at least one pci expansion slot for wifi card

Here is what I've been looking at:
A quad core server, HP Compaq dc5750, other desktops
I've also thought about maybe getting a symantec 5420 or a symantec 1660

My processing requirement is for a 9 person house and handling two wan connections, and multiple devices per person.
Maybe a few VPNs.

What do you guys think?

thermo

Low power hardware is fairly recent and your specifications don't seem doable on < $200.
Have you considered an Alix with a smart switch?

tirsojrp

1 - HW1, No way that monster will idle below ~90. And 8 cores is a waste for pfSense.
2 - HW2, More reasonable, will need 2+1 nic or 2+2.
4 - Be aware that pfSense does not support 802.11n. That means you will be stuck with 54mbps, using a separate AP is the best option.

My recommendation:

Intel D2500CCE (dual intel gigabit) 100
Intel dual gigabit PCI                   10
2gb DDR3                                  8
Flash drive                                5
ITX Case with PCI expansion        50

Choose between a ref. N Access point or an MiniPCI-e WiFi card + Antennas

Be aware that I don't know the speeds of those wan connections or if you need more features.

wallabybob

@tirsojrp:

Intel dual gigabit PCI                  10

That is an eBay price? On a "good" day?

There is no way a dual Gigabit PCI card will be able to sustain Gigabit speeds on both ports concurrently. Bursts - yes! This may not be a problem.

tirsojrp

@wallabybob:

@tirsojrp:

Intel dual gigabit PCI                   10

That is an eBay price? On a "good" day?
There is no way a dual Gigabit PCI card will be able to sustain Gigabit speeds on both ports concurrently. Bursts - yes! This may not be a problem.

That's eBay every day price. You are right about the speed. But they are easier to find, way better than 10/100 and can be used for WAN.

wallabybob

@tirsojrp:

and can be used for WAN.

and probably good enough for file transfer, especially to/from rotating media.

dreamslacker

@wallabybob:

That is an eBay price? On a "good" day?

Lots of China resellers selling the MT dual port gigabit adapters "new in box" for about that price including international shipping.  I bought 2 pieces myself some time back.

The actual chip (IC) looks remarked/ sanded down and printed over but the NIC works just fine with the em(4) driver and have been extremely stable in production environments (in both pfSense and Windows).

They are quite possibly just illegally overproduced units or refurbished units but they do work darn fine.

matguy

It's not hard to find older PCI Quad 10/100 cards for very cheap, and they won't saturate the PCI bus (on their own.)

Otherwise, your DC5750 choice is a Athlon, not sure of the power usage on those, but something with a lower end Core2Duo should probably pull around 50watts, maybe 60.  It's easy to find old HP DC5700's, DC5800's, or DC7700's for under $100, with a Core2Duo they're very good on power (watch out for Pentium D's, some will be labeled on ebay as "Duo Core" or similar, they don't seem to idle down as well as C2D's.)  Most of those machines I listed have an x16 (not the DC5700, it looks like it has an x16, but it isn't a "real" x16, it's only for serial video adapters, nothing else works in 'em), an x1 PCI-Express slot and a couple standard PCI slots; they also have a onboard Gb, should be either Intel or a decent Broadcom chip (My 3x 7700's are all Intel, I'm pretty sure my 5700 and 5800 are Intel too, but I think Broadcom was available on all of them.)  The mini towers and the Small desktops are mostly the same machine, especially motherboard wise, just a different case and power supply, the small desktops only take low profile cards, though.  Stay away from the UltraSmall desktops if you want multiple ports at all, some may take a card through a riser, but I wouldn't roll the dice on the riser actually being there.

If you do go that route and really need multiple Intel Gb ports, you can usually find Intel Quad Gb PCI-Express cards for under $100 (though, they may bring your total system power over 50watts; if you see heatsinks on the card, they're there for a reason.)  Duals can be found for well under $50, closer to $30 if Broadcom is ok.  I have a couple dual Broadcom cards sitting around, I should test 'em.  I know they work fine in ESX(i).

For the most part, unless you really have a need for so many ports, I would probably just do a single PCI 10/100 card for WAN and use the onboard Gb for LAN (or single PCI Gb if you really need the bandwidth.)  If you need multiple LAN, maybe you really only need 10/100 for some of them, so a dual or quad 10/100 PCI card might work well; mix with a single PCI-Express Gb if needed.  There's no reason you can't mix and match (in fact, sometimes it makes it easier to tell the interfaces apart when they're using different drivers.)  A PCI 10/100 card is well under $20, Dual often for under $25.

Watch out for PCI-X cards, though.  They're the longer 64 bit cards.  In general, they work in a 32 bit PCI slot too (as long as nothing on the motherboard is in the way, like capacitors, batteries, etc.), but some are keyed for certain voltages.  Most PCI cards are either keyed for 5v or universal 5v/3.3v.  Most PCI slots are 5v.  PCI-X throws out the "most" or even "often" parts, so be sure before you buy.  A lot of the Intel Quad Gb PCI-X cards are 3.3v only, won't work or fit in most standard (5v) PCI slots.  Here's a couple diagrams to show what I mean:

Btw, I don't think I've ever actually seen a 3.3v only 32 bit PCI card nor a 32 bit PCI slot with 3.3v keying nor a 32 bit PCI slot with universal keying.  I'm not sure any of those actually exist in the wild other than maybe some specialized appliance or something.  I would assume that almost all 32 bit PCI slots would be 5v keyed.  Most of the PCI-X slots I can recall seeing, though, seem to be 3.3v keyed.  I certainly do see universal cards in both PCI and PCI-X.

tirsojrp

@matguy:

you can usually find Intel Quad Gb PCI-Express cards for under $100

Now that's eBay on a really good day…

matguy

@tirsojrp:

@matguy:

you can usually find Intel Quad Gb PCI-Express cards for under $100

Now that's eBay on a really good day…

Today must be a good day: http://www.ebay.com/itm/Dell-Intel-H092P-Quad-Port-PCIe-Gigabit-Network-Adapter-Card-w-Bracket-AS-IS-/360504210525?pt=US_Internal_Network_Cards&hash=item53efb9b45d

Edit: Apologies, it appears that it may be defective, mentions something about possible broken capacitors.

This one looks good, though, which may be branded by someone else, but the same card for Exactly $100 with free shipping: http://www.ebay.com/itm/YT674-Intel-PRO-1000-VT-Quad-Port-1Gb-Server-Adapter-PCIE-PCI-E-/150940272128?pt=US_Internal_Network_Cards&hash=item2324bdc600

You can also find good ones pulled from Dell servers that don't have PCI brackets, but that doesn't sound all that useful to me unless I'm planning on buying a low profile bracket anyway.  Nevermind on that one too, looks like someone bought a whole lot of broken cards and is selling them on ebay.  The top half mentions "As is" like a lot of other pulls, but further down it mentions that they're probably broken.  Made my initial research flawed.

The $100 one looks fine.