Building pfsense box - a few questions…



  • Hi!

    I'm building my first pfsense box for home/small business use. I'm sorry if some of these questions are newbieish.

    I wan't to use dual WAN, so I need at least 3 ethernet ports. For the job, I have found this NIC:

    http://www.ebay.com/itm/Intel-Long-Bracket-DELL-HP-NC360T-DUAL-PORT-PCI-E-GIGABIT-CARD-412646-001-/320982406044?pt=US_Internal_Network_Cards&hash=item4abc0ad39c

    Questions:

    When I have a single NIC card with 2 ports like the one above - how will it work in pfsense - will it act/show up like 2 seperate NICs?

    Are there any downsides to using a dual port NIC than 2 seperate cards?

    Two of my highest priorities of making this box is power consumption and price. I don't much like the ALIX systems as they kinda limit the usage of the box for other purposes (if I later on should decide to use for something else). Besides Intel Atom boards, which CPU's could I use? If embedded, the board must have at least 1 PCIe x4 port.

    I want to use a SSD drive. I was thinking of buying a cheap used Intel 40GB SSD or something. I read on this forum that the older Intel SSD's was a good choice for server builds as they would last longer. But should I look for any particular models?

    Thanks in advance!



  • 1 - Yes
    2 - No
    3 - Hardware depends on your bandwidth, client number and features. Please be specific about this so we can help you.
    4 - Never buy an used SSD and even if it is new using an SSD in a Firewall might not be a good idea.



  • "4 - Never buy an used SSD and even if it is new using an SSD in a Firewall might not be a good idea."

    I'd say never buy a used MLC SSD, but given the choice of a new MLC SSD and a used SLC SSD, the lightly used SLC might probably be more durable despite being older.



  • For cost and power balance a repurposed notebook is pretty difficult to beat.  Even some new low end notebooks could be difficult to beat.  They include, keyboard, display and built-in UPS (battery).

    Add a VLAN capable switch such as Cisco SG200 or SG300 series and you're pretty well set.



  • @digis:

    Two of my highest priorities of making this box is power consumption and price. I don't much like the ALIX systems as they kinda limit the usage of the box for other purposes (if I later on should decide to use for something else). Besides Intel Atom boards, which CPU's could I use? If embedded, the board must have at least 1 PCIe x4 port.

    I'm using an HP DC7800 that has a core 2 duo. Draws around 35-40 watts at idle. An i3 would probably draw less, but I got this box off eBay for a little over $100 and then added an intel PCIE dual port NIC (just cut the bracket down to half height). The total setup was less than $150. Very quiet and it has been rock solid reliable.

    @digis:

    I want to use a SSD drive. I was thinking of buying a cheap used Intel 40GB SSD or something. I read on this forum that the older Intel SSD's was a good choice for server builds as they would last longer. But should I look for any particular models?

    After several cheaper SSD's died, I picked up an Intel 320 Series 40 GB,Internal,2.5". So far (about 6 months) it has been fine.



  • LOW mileage SLC SSD…

    SLC isn't a brand - its a technology.

    Most that are sold to consumers are MLC.  Most people who buy MLC will tell you they are the bomb and then several months to one year later, they will tell you they bombed.

    For the Intel and Samsung SLC SSDs, I can hardly if ever find a report of failure.



  • Forget all the worries about this MLC/SLC.  Even the newer intel enterprise drives are going MLC (DC S3500) and samsung drives are going tlc. 
    SSD reliability is all about quality of the NAND / Controller wear leveling and build quality.  If you are not writing a huge amount to the ssd (pfsense), then as long as it's a reputable brand, don't worry.  I bought many drives and only in a few write workloads have I had to worry about it.
      I had an kingston/intel 40gb running pfsense 1.2.x (no trim) with no issues for years before I went virtual with pfsense.  I am still running pfsense on an ssd and have not had one die, and I've only used 1% of the life in a year with pfsense and 2 other vm's.

    If you are running a business and high writes on something like a sql server, then I would worry.  This fear mongering on these forums is incredible.



  • He is probably right.  Get yourself one of those kingspec SSDs off ebay.  Should be good.
    People buy MLC because they can afford it, not because its the best choice.
    I've killed my MLC SSDs much much much unimaginably faster than my HDDs and thats a fact (for me).
    Given my experiences, I can't agree with you.  (I do re-write alot)



  • @tirsojrp:

    1 - Yes
    2 - No
    3 - Hardware depends on your bandwidth, client number and features. Please be specific about this so we can help you.
    4 - Never buy an used SSD and even if it is new using an SSD in a Firewall might not be a good idea.

    I have a 14 Mbit DSL line and a 70 Mbit cable line which I'm gonna use as loadbalancing and failover. There will be 4-5 clients on, 3 of which will be able to connect via VPN. Besides VPN, it's gonna handle firewall rules, port forwarding, DHCP, wireless N.

    @NOYB:

    For cost and power balance a repurposed notebook is pretty difficult to beat.  Even some new low end notebooks could be difficult to beat.  They include, keyboard, display and built-in UPS (battery).

    Add a VLAN capable switch such as Cisco SG200 or SG300 series and you're pretty well set.

    I thought about that, but that presents a problem when it comes to adding more ports. I need at least 3 ethernet ports (2 x wan, 1 x lan)

    @tester_02:

    Forget all the worries about this MLC/SLC.  Even the newer intel enterprise drives are going MLC (DC S3500) and samsung drives are going tlc. 
    SSD reliability is all about quality of the NAND / Controller wear leveling and build quality.  If you are not writing a huge amount to the ssd (pfsense), then as long as it's a reputable brand, don't worry.  I bought many drives and only in a few write workloads have I had to worry about it.
      I had an kingston/intel 40gb running pfsense 1.2.x (no trim) with no issues for years before I went virtual with pfsense.  I am still running pfsense on an ssd and have not had one die, and I've only used 1% of the life in a year with pfsense and 2 other vm's.

    If you are running a business and high writes on something like a sql server, then I would worry.  This fear mongering on these forums is incredible.

    The Intel SSD i was looking at was a 320 series 40GB. It's a new unit (replacement for a defective unit) and costs about $80.

    As I see it, I need the following:

    At least 3 gigabit ports (onboard NIC or pcie NIC doesn't matter)
    Wireless N (again, onboard or PCIe NIC doesn't matter)
    Some type of screen output
    Energy efficient CPU (is a intel atom powerful enough?)



  • The point of "VLAN capable switch" is that the use uf VLANs can allow a single NIC on your router box to connect to 3 (or more) different networks, at the same time, and treat them all as different networks on the router box.

    The switch takes care of providing a place to plug in the 3 (or more)cables.


  • Netgate Administrator

    An Atom will firewall/NAT 500-600Mbps so well able to handle your total 84Mbps WANs. However you will not get that if you're using VPNs as you are. The best OpenVPN speed you're likely to see would be ~50Mbps and that would use all the CPU, nothing left to route other traffic. Step up to a low end Sandy Bridge, G620 for example, and you'll have no problem. A system built with a such a CPU can be surprisingly cheap and sometimes not much more costly to run.

    Steve


Log in to reply