[ Show your pfSenses! ] - Thread - (bandwidth warning!)



  • I'd like to raise a pfSense show-off thread. I'm gonna start off with my just build up replacement for my virtual pfSense (moved from ESXi back to hardware)

    • Intel D2500CC (2x 1,8 Ghz)
    • 4 GB Ram
    • 3x Gbit NIC
    • 128 GB SSD
    • 75W power supply
    • pfSense 2.1 (pfSense-memstick-2.1-BETA1-amd64-20121221-0526.img.gz)



  • Ok, here is my setup:

    Cable Modem (Cisco/Linksys DPC-3008) sitting on top of machine.

    Hardware:
    Intel Core i3 3220 - 22nm Ivy Bridge - Dual Core 3.3Ghz - HT Disabled
    ASRock Z77 Extreme 3
    2x2GB DDR3 1333
    64GB OCZ Summit SSD (Samsung Controller)
    2x Intel PCI-E Gigabit Ethernet Adapters
    Plextor DVD-RW
    300W Seasonic 80+ Bronze PSU
    Generic Case

    Guts:

    Below is a shot of the whole setup.
    NOTE: The large Compaq server (8-way P3 Xeon) AND the Disk Array sittong on top of it ARE NOT IN USE. They are functioning ONLY AS A SHELF!

    NetGear GS108P PoE Switch
    2x Dlink DAP-2553 Wifi AP's using PoE from the GS108P (one for 2.4Ghz, the other for 5Ghz)
    And the grey rectangle with green sticker on it sitting next to the monitor is the DirecTV DECA adapter. (Connects the DirecTV DECA network, which is ethernet over COAX that co-exists with the sat signals, to the rest of my network.) This way my DVR's all grab IP's from my pfSense box and have full internet access.

    The monitor and keyboard are for when I need to manually go in there and work on something, which is pretty rare. :)



  • Oh damn - you want the people totally show off? I see - lets continue with me:

    My complete setup (2 Wi-Fi-APs missing here)

    • Cable Modem (Cisco EPC-3212)
    • TP-WR1043ND (Public AP - Routing traffic through vpntunnel.se)

    You can see (or its hidden):

    • 24 Port Management Switch
    • TP-WR1043ND (SamKnows bandwidth measurement)
    • RIPE Atlas node (Network measurement)
    • Raspberry PI + DVB-C Stick to monitor network segment usage of my local internet provider
    • mini-LCD Monitor to monitor network statistics

    • ESXi 5.1 WhiteBox (Core i5, 16 GB Ram / 2x 3 TB + 2x 64 GB SSD)
    • 12 TB Raid-5 Firewire-NAS (hidden on the right)
    • Yes i need to clean the ESXi :)



  • Hey, I just posted my router ;) I have a Ubuntu Server running ZFS, a windows server, and a dedicated linux folding@home box as well. :) I can put more pics later.

    Tell me more about the "Raspberry PI + DVB-C Stick to monitor network segment usage of my local internet provider" that is pretty cool… What kinda stats can you see?



  • @extide:

    Hey, I just posted my router ;) I have a Ubuntu Server running ZFS, a windows server, and a dedicated linux folding@home box as well. :) I can put more pics later.

    Tell me more about the "Raspberry PI + DVB-C Stick to monitor network segment usage of my local internet provider" that is pretty cool… What kinda stats can you see?

    Because i'm using internet via a cable modem you can monitor the network usage of your network segment. The reason is because cable is a shared medium and every single customer in your segment can see every single bit (multicast), although its encrypted. So what u can do is the following:

    Take a DVB-C-Stick (i prefer sundtek.de because of its full linux support), then u tune your dvb-c stick to the same frequency as your cable modem (in europe thats usally 546 - 602 mhz), toggle modulation and use dvbsnoop to read off the statistics of the frequency-channel.

    Result:



  • Yes, I understand how cablemodems and DOCSIS networks work, but I had no idea you could get a device to monitor the stuff like that! I am totally going to get one of those and set it up on one of my linux boxes!

    Cool, looks like I can get a PCI-E one also. I may have to rig up some stuff to read the current DS/US channels from the cable modem and then feed that to dvbsnoop to get the infos. How are you making that graph? Are you manually doing it with RRDTOOL or is there some software out there for doing this specifically?

    Thanks for the info BTW!



  • @extide:

    Yes, I understand how cablemodems and DOCSIS networks work, but I had no idea you could get a device to monitor the stuff like that! I am totally going to get one of those and set it up on one of my linux boxes!

    Cool, waiting for your stats. If you need assitance (complete ready scripts for Cisco-Modems + RRDTools) just msg me. Oh and - dont forget to monitor your signal to noise :)



  • Ok, sweet, I have a Cisco DPC 3008 so hopefully I wont need to modify the scripts much to grab the stats. It's funny, in another thread I posted on here today I asked if there was some software to grab this info from the cable modem and insert it into a DB so you can graph it over time. So, yes, I would love those scripts, thanks!

    So, are you just using a coax splitter, standard -3.5dB one? Going to the DVB-C stick and the other side to the modem ?



  • No wait - its a Coax splitter for your TV-Signal, not the one for the modem. You should have a multimedia-splitter already at your wall (1x modem, 1x tv, 1x radio) you split the tv one! And yes, its a standarf 3.5dB splitter, so you should keep care of your stats. Maybe some adjustment of your cablenetwork is needed (increase the power on your cable amplifier and use an -3,5 attenuator for your cable modem).
    For me it worked just out of the box, without modifying anything, because its just - 3.5dB :)

    IF YOU MODIFY YOUR AMPLIFIER - KEEP AN EYE ON THE SLOPE :)

    So u got

    PIN_
    –---O-----
    ----/------
    LOG___TV

    Regarding your question: Using RRDTool with complete custom (self written) templates and also own scripts to feed the RRD (which i can supply).

    Photo:



  • Cray XD1 with 11,000 interfaces running pfsense 2.1 snapshot.



  • Good idea for a thread. We're going to gather pictures from a variety of threads like these in the future and create some kind of micro-site showing off people's deployments. In the mean time, might as well get another thread going.  :)

    Here's our primary colocation facility, where this site and most of our others run, as well as the snapshot and release build servers. The firewalls are virtual in ESX, a HA pair with primary on one ESX server and secondary on another.





  • Sweeeeeeet :o Thats what i'm trying to accomplish but i still need more money (although my setup is already too fat for home networking) ;)


  • Netgate Administrator

    Well I can't pass up this opportunity.

    Yes, I have a problem. I'm trying to cut down.  ;)

    Steve



  • @stephenw10:

    Well I can't pass up this opportunity.

    Yes, I have a problem. I'm trying to cut down.  ;)

    haha  Those aren't running the Watchguard software I presume?  ;D


  • Netgate Administrator

    I'd love to say none of them are but the X-edge boxes at the top are Arm based and I haven't managed to hack a workable OpenWRT image onto them. Yet.  ;)

    Steve



  • Well I wish I had a fancy setup. Here is a a pic of my pfSense box.

    SUPERMICRO SYS-5015A-EHF-D525 1U Intel Atom D525 Dual Gigabit LAN w/ IPMI Server
    4 gig ram
    Intel EXPI9402PT 10/ 100/ 1000Mbps PCI-Express PRO/1000 PT Dual Port Server Adapter
    two 250gig WD black 2.5 inch drives mirrored
    1500AV UPS (not shown) for 1.5 hours of backup time.
    And for the heck of it a Crystalfontz display. :-D
    Have gigabit wireless access point as well hooked up. (not shown)

    Don't make fun of my makeshift fan bracket (zip ties in vent). lol The system is "passively cooled"  and I didn't like the 65°C so i put a case fan in and now its 40°C. Not exactly where i would want it but much better.



  • @fLoo:

    No wait - its a Coax splitter for your TV-Signal, not the one for the modem. You should have a multimedia-splitter already at your wall (1x modem, 1x tv, 1x radio) you split the tv one! And yes, its a standarf 3.5dB splitter, so you should keep care of your stats. Maybe some adjustment of your cablenetwork is needed (increase the power on your cable amplifier and use an -3,5 attenuator for your cable modem).
    For me it worked just out of the box, without modifying anything, because its just - 3.5dB :)

    IF YOU MODIFY YOUR AMPLIFIER - KEEP AN EYE ON THE SLOPE :)

    So u got

    PIN_
    –---O-----
    ----/------
    LOG___TV

    Regarding your question: Using RRDTool with complete custom (self written) templates and also own scripts to feed the RRD (which i can supply).

    Photo:

    Heh, sounds like you guys have a slightly different cable setup over there. I have no cable amplifier, and I do not use the cable for my TV's (I use DirecTV for TV), so my coax is one single lin from the drop to the modem, no splitters no amps, nothing, its just raw right into it. So, yeah, I will be using a little simple 2-way slitter. But, my wife will be pissed if I buy the DVB-C card/stick right now so it will be a little bit. I WILL be working on making a scraper for my modem stat page, and then use that data to feed into the RRD graphs, though.



  • Colocation setup:

    pfSense 2.1-DEV based cluster running on two TYAN Transport servers ;D

    Basic information:

    • 1x CPU: Intel(R) Pentium(R) 4 CPU 3.00GHz (2992.51-MHz 686-class CPU)

    • 2x Intel(R) PRO/1000 Legacy Network Connection (1.0.3)

    • 1x 3Com 3c905B-FX/SC Fast Etherlink XL (PFSYNC, XMLRPC via Fiber Optical)

    • real memory  = 4294967296 (4096 MB)

    The switching stack was built using two NETGEAR GS724TS (stacked via HDMI). The firmware is a pure pain but when tamed it somehow gets the job done. It's the cheapest stack I found and using LACP accross multiple physical units is definitely a big plus! Our provider runs LACP for our uplink as well so even the wan connection survives a dead unit :)

    The entire setup is considered stable and runs for almost 13 months now w/o any service interruptions (e.g. crashes or similar).




    @Home:

    • 1x PCEngines Alix 2D13, 4GB CF

    • 1x HP Switch 1900-8G (formely known as 3com OfficeConnect 3CDSG8)

    • 1x Linksys WRT54G running DD-WRT (Kamikaze)

    • 1x WRT54G running DD-WRT (some release)

    • 1x APC SmartUPS 500VA (in the back)


  • Netgate Administrator

    Nice.  :)

    @syro:

    1x Linksys WRT54G running DD-WRT (Kamikaze)

    Isn't 'Kamikaze' an OpenWRT code name?

    Steve



  • @stephenw10:

    Nice.  :)

    @syro:

    1x Linksys WRT54G running DD-WRT (Kamikaze)

    Isn't 'Kamikaze' an OpenWRT code name?

    Steve

    Yeah, damn straight ;)

    Fixed it, thanks!



  • pfSense is on the right for my home setup.  White box running a Q8400 processor and 4GB RAM on a Gigabyte GA-G31M-S2L.

    Its twin brother on the left is my FreeNAS server and the Dell 755 in the middle runs XBMC to my living room TV.




  • Figured I would join in on the fun.. Just a little box keeping my network safe while allowing me to enter when i'm not home…

    Case: M300-LCD Enclosure with Bootable CF Reader, 1 PCI Slot and 2x20 LCD Display
    MB: Supermicro X7SPA-HF-O Atom Dual-Core D510/ Intel 945GC/ RAID/ V&2GbE/ Mini-ITX Motherboard
    Memory: x2 Kingston 2GB 200-Pin DDR2 SO-DIMM DDR2 667 (PC2 5300) Laptop Memory Model KVR667D2S5/2G
    HD: Seagate 160GB (ST9160314AS) 5400rpm SATA2 8MB Notebook
    PS: picoPSU-150-XT Power Supply 80W AC-DC Power Adapter Kit
    Extras: Intel Dual Port Server NIC, PCIe (Can't remember the model as I already had it)

    You'll notice 2 cable modems.. The Arris is my phone and internet modem.. The RCA modem and Netgear WiFi is for TWC Intelligent Home only

    I posted this a while back about my setup... Needs an update tho since i'm using different packages now... http://forum.pfsense.org/index.php/topic,39362.0.html

    ![2012-12-27 06.02.191.jpg](/public/imported_attachments/1/2012-12-27 06.02.191.jpg)
    ![2012-12-27 06.02.191.jpg_thumb](/public/imported_attachments/1/2012-12-27 06.02.191.jpg_thumb)



  • First post and first pfsense build!
    -mobo and internals:  intel 2500CC motherboard with an Atom CPU, dual Intel gbit NICs, 4gigs RAM, 64gig SSD
    -case:  Antec ISK-300
    -pfsense 2.0.2

    Other components:
    -Motorola SB6120 cable modem
    -Netgear GS108 gigabit switch
    -Linksys WRT54GL running DD-WRT in wireless AP mode
    -2x Belkin AV200 powerline adapters
    -2x Zyxel AV500 poweline adapters



  • Here is my Setup:

    The Pfsense Firewall is the fourth box down

    case: NORCO RPC-230 2U Rackmount Server Case 1 External 5.25" Drive Bays - OEM
    processor: AMD Athlon™ X2 Dual Core Processor BE-2350
    NIC:Intel PWLA8492MTBLK5 PRO/1000 MT Dual Port Server Adapter 10/ 100/ 1000Mbps PCI 2 x RJ45 - OEM
    Motherboard:MSI Fuzzy RS690T Socket AM2 Mini-ITX Motherboard
    LCD Screen: CrystalFontz 635

    RAM: 4GB
    SYBA SD-ADA40001 SATA II To Compact Flash Adapter
    8GB Scandisk CF
    125 GB Sata WD Hard Disk for proxy

    Also in this photo starting from the top going down

    HD Homerun Prime 6cc - cutout of picture
    Cisco 2500 access server
    HD Homerun Prime 6cc - Cable Card Tuner
    Dell Optiplex PC - Used as HTPC
    Pfsense Firewall
    Windows Server 2012 running Hyper-V (Windows 7 Host)
    Windows Server 2008 R2 NAS (6 Hard Disk around 12 TB)
    Denon Reciever for Home Theater
    48 Port Network Patch Bay
    Wire Management Panel
    HP Procurve 2810-24G Managed Switch
    HP Procurve 2600-8 PoE Managed Switch
    HP Procurve 2600-8 PoE Managed Switch
    Cisco 2821 router /w DSP, T1 controller, 2 FXO ports
    Redcomm PBX with 2 T1 Trunk cards and 4 Pots Trunk Cards

    With this setup I have IP TV since Comcast is taking to long! I'm a cord cutter
    but I need live TV so this gives me the best of both worlds. All my cable boxes
    are Windows 7 HTPCs. I have a Cisco 7940 VoIP phones and I use the Cisco 2821
    As a Voice gateway to connect to the outside world via Magic Jack. I also have a T1 trunk to the PBX so I can practice connecting to legacy equipment. I have attached a picture of my setup because I'm not sure if the link that I have provided of the picture will show up, it's not showing up when I preview this message. I also have netbook with a netzoom usb fax modem not pictured here for inserting callerID (Win7callerID) information on top of the TV when people call. There is also a Xbox 360 and a Nintendo Wii in this closet. I also have a two cable modems 100 Mbps service and 50 Mbps Service from Comcast.

    PS. Most of the equipment is backed up by UPS power.




  • ^  :o Best Home Setup thus far, congrats Mike

    ;)



  • Thanks, I forgot to add I have Cisco Call Manager 4.3 and 8 running in a VM controlling the phones. I'm thinking about adding a asterisk box for the Voice mail capabilities and seeing if I can integrate that with call manager since I don't have Unity. Anyone who has done this already please pm me.


  • Netgate Administrator

    I agree it's an impressive rack!  ;)
    Dare I ask how much power that draws? Do you run all of that 24/7?

    Steve



  • When I built the room I added 20 Amp services dedicated to just the room. Not sure how much current it draws but by electric bill is about $250 in the winter and close to $400 in summer with air conditioner running. I run everything but the PBX all the time. By the way for wireless I use the EnGenius EAP600 High-Powered Dual-Band Indoor Wireless-N AP.

    I think its worth it though. I'm not much of a partier and I don't through my money away on strippers I just like to play around with things and make them work. Hopefully I will find my dream job where my boss will buy me what ever I want and I can play with things at work. I have a pretty fancy lab at work too, where I have a IPsec tunnel. One of these days I will get around to document that for you guys too. I do think it's telling that I have a Cisco 2821 series router but I would rather use Pfsense for my router / firewall than use Cisco. Don't get me wrong I'm a big Cisco fan but I am really liking what you guys at Pfsense are doing and I am telling all my Cisco Fan boy friends about you guys. Keep it up!



  • Built three new boxes for wall mounting

    Intel D2500CC
    Intel Atom Dual Core 1.86 GHz
    4 GB DDR3 1066 MHz
    40GB Intel 320 SSD

    My box at home
    Telia 100/100 Mbit
    Netgear GS108Tv2
    Cisco WAP121 for wifi



  • Nice looking case. What is Inteno? I searched it on bing.com and only found reference to a open source platform, and something about a broadband service in Sweden.



  • Looks like a Switch with the optional Fiber tray.

    http://www.inteno.se/Store/tabid/141/categoryid/130/productid/442/Default.aspx



  • @mikeisfly:

    Nice looking case. What is Inteno? I searched it on bing.com and only found reference to a open source platform, and something about a broadband service in Sweden.

    Looks like a specialized box for a particular IPTV solution.

    http://www.inteno.se/store/tabid/141/categoryid/130/productid/444/default.aspx
    http://www.mariehem.net/nyheter/2012/03/inteno-boxen-och-inkoppling-av-ip-tv (translation may be required)



  • they are used as a switch here in sweden when you have fiber.

    for Internet, TV, and extra box for ip phone



  • i5 @ 2.67GHz

    • Captive Portal

    • Vlan

    • three PPPoE

    • OpenVPN Server





  • Rebel Alliance Global Moderator

    Wanted to join the fun - don't have pic of hardware handy, but mine is just a VM anyway running on

    HP N40L
    AMD Turion II Neo N40L 1.5GHz 2-Core
    8GB Ram
    Embedded NC107i PCI Express Gigabit Ethernet Server Adapter
    2nd Nic - INTEL EXPI9301CT
    HDD 250GB, 2TB, 2x 750GB




  • will send a pics if i can get my Alpha 500 something to work with pfSense.

    heres a cool pic of the über gfx card



  • Netgate Administrator



  • on the far right, p4, pico power supply, no video (onboard or otherwise).  with no video, it surprisingly efficient.  I had another p4 with onboard video, and it used twice the power, no matter if you were using the video or not.

    the far left is a high efficiency 12v power supply.  powers the router, switch, wireless, and some other stuff.




  • Hi!
    here is my solution:

    2 x Appliance pfSense 2.0.3

    Hardware
    Processor: Intel Core 2 Duo 2,8 GHz 65 watt
    RAM: 4 GB DDR3 SDRAM
    HDD: 2.5" SATA 160 GB
    Ethernet: 8 x 10/100/1000

    Configuration
    4 x WAN
    1 X LAN
    1 x SYNC

    Cluster CARP + Multi Wan
    10 x VLAN
    DHCP
    DNS
    Snort IDS
    Content filter Squid + Squidguard
    Captive Portal + Vouchers
    HAVP Antivirus

    Fabio



  • Okay I have been upgrading my home network, just ordered AUD180 worth of Cat6 cables to replace the ageing cat 5 stuff as I have just upgraded the switch to gigabit and I also am getting a 1RU cable management tray for the gap between the switch and rack mount box running pfsense

    I have also just replaced my Smoothwall OS with pfSense and haven't looked back.

    Here are a few photos of what i have so far, some of the stuff like the gaming console's are currently wireless but they will be hard wired in the next few weeks when the cables arrive.

    This is the  Main desk in the house, it is for my wife's work station which is on the left running dual head monitors and my Sons gaming PC is at the right, near the printer and in the far left corner is the cabinet I built from an old fire control panel to house the network gear and server, a few close ups of the cabinet to follow, the desk is a bit rough as I built it myself and I am not a carpenter lol

    The Network cabinet built in to the end of the desk, the server, pfsense box and switch are inside and I am going to mount an android 7" tablet and Bluetooth keyboard in the right of the cabinet for SSH and web admin.. on top of the cabinet from left to right is the wireless AP, VOIP ATA and the ADSL modem with Nokia 9500 that I use as a SSH terminal via WiFi. In the yellow box in the cabinet is some spare rack hardware and network cable tester.

    Close up of appliances on top of cabinet

    Cabinet opened up, the inside is a bit rough looking as I had to cut it up with a grinder to make it a rack mount cabinet, I will be painting the inside of the cabinet flat black and will be putting a light smoke tint on the glass as it is glass and not perspex, it wont scratch so will buy some car tint and put it on the inside of the glass

    Close up of the inside of the cabinet, freeNAS file server on left then the pfsense box in the 1RU computer, cable management tray will go in when I get the new cables between the firewall and switch which is a 3com 2924 gigabit managed switch

    And finally a photo of my HAM radio shack, or at least the computer work station section, the radios are around the other side, my HAM shack is an 8 foot by 8 foot tin garden shed :)