Advantage of full install over embedded?



  • What are the advantages of the Full Install over the Embedded (nanoBSD)?
    I ask b/c I'm considering moving my pfSense install from a HDD to a SSD (MLC) due to lower power consumption, space requirements, and heat. It seems maybe safer for the SSD to run embedded due to less r/w?
    It seems that the embedded would not run squid… Aside from that, I just run Snort, Dansguardian, pfBlocker, Filer, Mailreport, phpSysInfo, and Snort Dashboard Widget.
    Thanks,
    Ari



  • Not all packages work in NanoBSD.  Squid comes to mind, not sure about the rest of what you said.

    Unless you're using a seriously cheap SSD you'll be fine with a full install.  That thread that says "pfSense kills your SSDs" is 100% FUD.

    EDIT:  I run full installs on all my machines, all of which are SSDs, a mix of Intel 311/313 (SLC), Intel 520 (MLC), and "high-quality" compact flash cards (either cheap MLC or good TLC).  Some of those boxes have been running for 3-4 years and include squid.


  • Netgate Administrator

    Squid can be installed on the Nano images but is limited in functionality. It can only filter but not cache. I'm uncertain now but Dansguardian is probably dependant on Squid (I believe it's possible to run it without a proxy). phpsysinfo cannot be installed on nano.

    Steve



  • "Aside from that, I just run Snort, Dansguardian, pfBlocker, Filer, Mailreport, phpSysInfo, and Snort Dashboard Widget."

    • squid is pretty nice to have.

    If you really like packages and enjoy migraine headaches, go with the embedded.



  • @kejianshi:

    "Aside from that, I just run Snort, Dansguardian, pfBlocker, Filer, Mailreport, phpSysInfo, and Snort Dashboard Widget."

    • squid is pretty nice to have.

    If you really like packages and enjoy migraine headaches, go with the embedded.

    One thing that is really nice about the embedded install though is the ease of rolling back to a previous build.  It comes in REAL handy if you run beta snapshots.



  • I'm always amazed when people say "SNORT" and "Embedded" or "nano" in the same sentence…

    However, saying thats not the brightest move to make will invite 1000 HERO members to come prove me wrong.

    Still, I think its asking for aggravation.  Even so far as squid goes, its an annoyance.

    BUT - People do make it work every day here...  So, its far from impossible.

    (P.S.  There are litterally volumes of threads on this site of people going round and round with packages and squid and the way caching is handled and every single one of those people, for the most part, is trying to do something that a single HDD and a full install will knock out, no problem.  Electricity would have to get DAMN expensive for me to go that route at my house.  The 1 guy I really understood needing this so far was a guy who was running totally off solar out in the middle of nowhere in Nepal or something.  Him I understand.  He is on a power diet.  Or in very hot non-air-conditioned environment.  I saw some Russian guys having this problem.  They refer to their HDD replacements as "The next victim")