Small Business Router
-
First, I would like to introduce myself to everyone considering I'm brand new here. My name's spence and I work at a small business in which I double as the IT guy. I have to say I love pfsense in every aspect because of what it can offer for the price that my small business can afford compared to other commercial grade firewalls/routers.
I am not new to building my own rigs but this is my first pfsense build. I would really love whatever anyone can offer in the way of critics and advice on my specs for this build. So basically this is a small business router that I have a budget of $700 or less. It has to be pretty powerful because I like building things to last and be able to handle the growth of the company(implementing VOIP, various other servers) and its network.
I decided to go with a little bigger of a build than say a small ITX board build.
Case: http://www.tigerdirect.com/applications/SearchTools/item-details.asp?EdpNo=8466352&CatId=8582
Mobo: Big fan of ASUS boards http://www.newegg.com/Product/Product.aspx?Item=N82E16813131887
CPU: http://www.newegg.com/Product/Product.aspx?Item=N82E16819116782
RAM: Also love G.SKill http://www.newegg.com/Product/Product.aspx?Item=N82E16820231485
SSD: http://www.newegg.com/Product/Product.aspx?Item=N82E16820171739
NIC: Have a few things that need to be wired http://soekris.com/products/lan1841.html
The thing is though that everyone in the office uses wifi and I would really like to have wireless capabilities incorporated but I am not sure what cards are supported or work the best. Im looking for one that can offer b/g/n preferably in a PCIe x1.
As I stated before I would love any critics and advice anyone can offer and it would be very appreciated. Thanks for taking the time to read my post.
-
Hi, Welcome. :)
The onboard NIC on that motherboard will not be supported by 2.0.X, you'll need to run 2.1 to get new enough drivers. That should reach release quite soon so maybe not a problem.
There is currently no support for 802.11N in pfSense at all. Some N cards will run but only at G speeds. External access points can be had for so little these days, even quite nice ones, that fitting a card into the pfSense box only makes sense if you have the hardware already or really want to save every Watt. There are some diagnostic advantages to having a wifi card over a very cheap AP that offers little or no logging.
Multiport NICs are expensive, have you considered using VLANs and a managed switch instead? If your budget allows then using Intel NICs is always recommended.What sort of bandwidth are you hoping to see? Are you planning to run packages?
That CPU should be fine for almost anything though. :)Steve
-
Hi, Welcome. :)
The onboard NIC on that motherboard will not be supported by 2.0.X, you'll need to run 2.1 to get new enough drivers. That should reach release quite soon so maybe not a problem.
There is currently no support for 802.11N in pfSense at all. Some N cards will run but only at G speeds. External access points can be had for so little these days, even quite nice ones, that fitting a card into the pfSense box only makes sense if you have the hardware already or really want to save every Watt. There are some diagnostic advantages to having a wifi card over a very cheap AP that offers little or no logging.
Multiport NICs are expensive, have you considered using VLANs and a managed switch instead? If your budget allows then using Intel NICs is always recommended.What sort of bandwidth are you hoping to see? Are you planning to run packages?
That CPU should be fine for almost anything though. :)Steve
Hello Steve and thanks for your input. Yea I figured as much for that realtek lan port on the mobo, But I was willing to overlook that knowing that 2.1 is around the corner as well as having that internal nic card. Yea I will be getting a switch at some point but not for a while. I am really just focusing on building a router that has all the versatility I need in a small package. The reason for wanting an internal wireless card is once again making everything fit into one little package even though a wireless access point is a good idea. I know that wireless N isnt supported yet but I wasnt really deterred by that fact because as I have stated I like building for the future. It is also not a big deal considering a few pc's on the network don't have the cards to support wireless n yet themselves. I would love to see internal speeds over 54 mbps at the minimum as far as wireless is concerned. Yea I am planning on running packages such as squid, squidgaurd, snort, openvpn and so on. Basically I also want the capability to run whatever packages I will want or need, hence the beefy processor.
-
Any ideas if a card such as this would be supported?
http://www.amazon.com/ATHEROS-AR5B22-Desktop-Adapter-Antenna/dp/B00CP01Q9M
-
If it really is an Atheros AR5B22, I don't see any marking on it to that effect, then it uses the AR9462 chipset. I don't see that chipset mentioned in the ath_hal(4) man page even from the most recent FreeBSD release so I'm guessing no. The ath(4) driver in pfSense 2.1 is a patched version of that from 8.3 release, it has more recent card support.
Steve
-
Hmm, it is mentioned here though: https://wiki.freebsd.org/dev/ath_hal%284%29/HardwareSupport
Not sure if this made it into 2.1RC. :-\Steve
Edit: I don't see it in this patch: https://github.com/pfsense/pfsense-tools/blob/master/patches/RELENG_8_3/ath_9-STABLE.tgz
-
Well I suppose I could always get a mini pcie supported card and use a miniPCIe to Pcie adapter. Any thoughts on a decent miniPCIe card?
-
Nope. ;)
None I can recommed from personal experience. I have a mini-PCI card running in one box. It's an ancient Atheros model I took out of a scrap laptop. Works well, no help for you at all!The best list of working wifi hardware compiled by JimP is here: https://docs.google.com/spreadsheet/ccc?key=0AojFUXcbH0ROdHgwYkFHbkRUdV9hVWljVWl5SXkxbFE&hl=en#gid=0
Steve
-
Ditto. CM9/CM10 miniPCIs work great. For miniPCIe, no idea.
-
Nope. ;)
None I can recommed from personal experience. I have a mini-PCI card running in one box. It's an ancient Atheros model I took out of a scrap laptop. Works well, no help for you at all!The best list of working wifi hardware compiled by JimP is here: https://docs.google.com/spreadsheet/ccc?key=0AojFUXcbH0ROdHgwYkFHbkRUdV9hVWljVWl5SXkxbFE&hl=en#gid=0
Steve
Steve can you double check this and make sure I am reading this right? According to JimP's document it says that this card http://www.amazon.com/D-Link-DWA-556-Express-Desktop-Adapter/dp/B000N4WRFY can work as a wireless access point/support multiple clients and so on. Funny enough if this is the case I have this exact same card in my desktop and have been using it for years lol. Its a great card I can atleast vouch for that as well as being a PCIe x1 card which is what I have been hunting for all along.
-
Spence,
Here is my 2 cents on a build, it should cover current requirements and any future upgrades. They are not new but very doable. Can be got for well under $700. Love ebay.
1) SUPERMICRO 2 x L5320 Xeon QC 1.86GHz 8GB RAM 160GB HDD Server Half Depth Link - http://www.ebay.com/itm/SUPERMICRO-2-x-L5320-Xeon-QC-1-86GHz-8GB-RAM-160GB-HDD-Server-Half-Depth-/321196562724?pt=COMP_EN_Servers&hash=item4ac8ce9924
2) The CPUs should be more than enough for your bandwith needs. Link for the CPUs http://ark.intel.com/products/29767/Intel-Xeon-Processor-L5320-8M-Cache-1_86-GHz-1066-MHz-FSB
3) The system comes with enough RAM 8GB.
4) HD is sata 160GB 7200rpm. If more storage, speed or even raid is needed. The system-board supports raid and two of these should do the trick for redundancy and speed. http://www.ebay.com/itm/300GB-VelociRaptor-10000RPM-16MB-SATA3Gb-s-3-5-Hard-Drive-w-WD-IcePack-Heatsink-/130807300801?pt=US_Internal_Hard_Disk_Drives&hash=item1e74b902c1
If raid is not needed, then one should suffice if additional speed and storage is required.
5) The system-board has Intel
(ESB2/Gilgal) 82563EB Dual-Port Gigabit Ethernet Controller onboard. Adding additional NICs should not be a problem on the board due to it's versatile expansion slots.
Link for risers - http://www.supermicro.com.tw/support/resources/Riser/riser.aspx
For additional NICs, primarily Intel server NICs is recommended.
Intel PRO/1000 MT C32199-004 Quad Port PCI-X Server Network Adapter Card. Link - http://www.ebay.com/itm/Intel-PRO-1000-MT-C32199-004-Quad-Port-PCI-X-Server-Network-Adapter-Card-/151109525877?pt=LH_DefaultDomain_0&hash=item232ed46175
Intel Pro/1000 PT Quad Port PCI-e Server Adapter EXP19404 (N720612) http://www.ebay.com/itm/Intel-Pro-1000-PT-Quad-Port-PCI-e-Server-Adapter-EXP19404-N720612-/290964354740?pt=US_Internal_Network_Cards&hash=item43bed3b6b4
6) For wifi, if the business is small, I would get a unmanaged POE iEEE 802.3af switch and these APs
AP link - http://www.newegg.com/Product/Product.aspx?Item=N82E16833425013
Unmanaged POE switch Allied Telesis AT-FS708/POE 8-Port POE Swtich link - http://www.ebay.com/itm/Allied-Telesis-AT-FS708-POE-8-Port-POE-Swtich-/251241654958?pt=US_Network_Switches&hash=item3a7f2b6aae OR
HP ProCurve Networking Switch 2600 PWR J8762A, link - http://www.ebay.com/itm/HP-ProCurve-Networking-Switch-2600-PWR-J8762A-10-100-1000-T-Mini-GBIC-/121162662331?pt=US_Network_Switches&hash=item1c35db81bb note: this one is managed by web gui.
7) Link for the system-board - http://www.supermicro.com/products/motherboard/xeon1333/5000v/x7dvl-e.cfm
You can move everything to another case if, the case gets to hot. Purchase a mid-tower ATX case, link - http://www.newegg.com/Product/Product.aspx?Item=N82E16811112099, power supply - http://www.newegg.com/Product/Product.aspx?Item=N82E16817151119 and heatsinks - http://www.newegg.com/Product/Product.aspx?Item=N82E16835114056.
You will stay under your $700 even after purchasing the new case, power supply and heatsinks. and have a very powerful system.
As for the wifi, I do not have enough info on the layout of the office space, to either go the way of purchasing APs and POE switch OR the way of PCI-E adaptor. I believe having the AP(s) and POE switch, would give you more options on placement and not have to worry about proper firmware/patching the pfsense. The APs support multiple SSIDs and Vlan tagging.
Hope this did not bore you and good luck. ;D
-
Yes the dwa-556 should work fine. However there is a good chance d-link may have changed the chipset, big manufacturers like to do that! If you search the forum you'll see a number of people using that card. Of course most people only post when they have problems so that's what you'll find, most seem to have fixed it though. Since you already have the card though you can test it without spending anything.
Steve
-
Built in wifi seems to usually be a headache and somewhat slow.
(Not that I've ever used it.)I'd vote to use an AP. (Make sure it doesn't have AP isolation on)
-
Spence,
Here is my 2 cents on a build, it should cover current requirements and any future upgrades. They are not new but very doable. Can be got for well under $700. Love ebay.
1) SUPERMICRO 2 x L5320 Xeon QC 1.86GHz 8GB RAM 160GB HDD Server Half Depth Link - http://www.ebay.com/itm/SUPERMICRO-2-x-L5320-Xeon-QC-1-86GHz-8GB-RAM-160GB-HDD-Server-Half-Depth-/321196562724?pt=COMP_EN_Servers&hash=item4ac8ce9924
2) The CPUs should be more than enough for your bandwith needs. Link for the CPUs http://ark.intel.com/products/29767/Intel-Xeon-Processor-L5320-8M-Cache-1_86-GHz-1066-MHz-FSB
3) The system comes with enough RAM 8GB.
4) HD is sata 160GB 7200rpm. If more storage, speed or even raid is needed. The system-board supports raid and two of these should do the trick for redundancy and speed. http://www.ebay.com/itm/300GB-VelociRaptor-10000RPM-16MB-SATA3Gb-s-3-5-Hard-Drive-w-WD-IcePack-Heatsink-/130807300801?pt=US_Internal_Hard_Disk_Drives&hash=item1e74b902c1
If raid is not needed, then one should suffice if additional speed and storage is required.
5) The system-board has Intel
(ESB2/Gilgal) 82563EB Dual-Port Gigabit Ethernet Controller onboard. Adding additional NICs should not be a problem on the board due to it's versatile expansion slots.
Link for risers - http://www.supermicro.com.tw/support/resources/Riser/riser.aspx
For additional NICs, primarily Intel server NICs is recommended.
Intel PRO/1000 MT C32199-004 Quad Port PCI-X Server Network Adapter Card. Link - http://www.ebay.com/itm/Intel-PRO-1000-MT-C32199-004-Quad-Port-PCI-X-Server-Network-Adapter-Card-/151109525877?pt=LH_DefaultDomain_0&hash=item232ed46175
Intel Pro/1000 PT Quad Port PCI-e Server Adapter EXP19404 (N720612) http://www.ebay.com/itm/Intel-Pro-1000-PT-Quad-Port-PCI-e-Server-Adapter-EXP19404-N720612-/290964354740?pt=US_Internal_Network_Cards&hash=item43bed3b6b4
6) For wifi, if the business is small, I would get a unmanaged POE iEEE 802.3af switch and these APs
AP link - http://www.newegg.com/Product/Product.aspx?Item=N82E16833425013
Unmanaged POE switch Allied Telesis AT-FS708/POE 8-Port POE Swtich link - http://www.ebay.com/itm/Allied-Telesis-AT-FS708-POE-8-Port-POE-Swtich-/251241654958?pt=US_Network_Switches&hash=item3a7f2b6aae OR
HP ProCurve Networking Switch 2600 PWR J8762A, link - http://www.ebay.com/itm/HP-ProCurve-Networking-Switch-2600-PWR-J8762A-10-100-1000-T-Mini-GBIC-/121162662331?pt=US_Network_Switches&hash=item1c35db81bb note: this one is managed by web gui.
7) Link for the system-board - http://www.supermicro.com/products/motherboard/xeon1333/5000v/x7dvl-e.cfm
You can move everything to another case if, the case gets to hot. Purchase a mid-tower ATX case, link - http://www.newegg.com/Product/Product.aspx?Item=N82E16811112099, power supply - http://www.newegg.com/Product/Product.aspx?Item=N82E16817151119 and heatsinks - http://www.newegg.com/Product/Product.aspx?Item=N82E16835114056.
You will stay under your $700 even after purchasing the new case, power supply and heatsinks. and have a very powerful system.
As for the wifi, I do not have enough info on the layout of the office space, to either go the way of purchasing APs and POE switch OR the way of PCI-E adaptor. I believe having the AP(s) and POE switch, would give you more options on placement and not have to worry about proper firmware/patching the pfsense. The APs support multiple SSIDs and Vlan tagging.
Hope this did not bore you and good luck. ;D
You didnt bore me at all, this is a really nice setup, I will have to take it into consideration for sure. Yea those dual quad xeon's would really be nice to have. Ill have to think long and hard about this.
-
First, I would like to introduce myself to everyone considering I'm brand new here. My name's spence and I work at a small business in which I double as the IT guy. I have to say I love pfsense in every aspect because of what it can offer for the price that my small business can afford compared to other commercial grade firewalls/routers.
If it is a small business, I suggest this build:
http://www.supermicro.com/products/system/1u/5015/sys-5015a-ehf-d525.cfm
You can either buy it pre-built or by parts. SuperMicro is entry-line server hardware, seems more stable and reliable than Asus. Asus is hit or miss and targeted for the consumer market. You'll be able to push 600mbps+ through this system, and easily run several heavy processes on the machine too.
It should meet the needs of most small business networks for ~400.00 once you add the 8GB RAM + Hard Drive.
SuperMicro has newer Atom mini-servers too, or i3/i5 if you want overkill system.
-
I think you may be over estimating the capabilities of that Atom based board.
It may be able to push 600Mbps but that will be it's limit and that without running any packages, firewall/NAT only.The OP in this thread said:
@Sp4tan01:I am planning on running packages such as squid, squidgaurd, snort, openvpn and so on. Basically I also want the capability to run whatever packages I will want or need, hence the beefy processor.
I don't really think the Atom satisfies those requirements. ;)
However maybe you have some experiences that show I'm wrong. Are you running an Atom? Packages?
Steve
-
Different people have varying ideas of "Beefy" apparently…
-
Different people have varying ideas of "Beefy" apparently…
Someone hinting about my beefy box ?? 8)
-
I can't find a suitable emoticon… :P
-
Hello to all and I apologize in advance if anyone considers this hijacking the original ops thread… I am new here and been reading for hrs about hardware advice when I saw this thread. After seeing the link that Keasley provided I found this on ebay from the same seller: http://www.ebay.com/itm/SUPERMICRO-2x-L5420-Xeon-QC-2-5GHz-8GB-250GB-1U-Half-Depth-Server-Ca/310747413210?_trksid=p2047675.m1850&_trkparms=aid%3D222007%26algo%3DSIC.MBE%26ao%3D1%26asc%3D17905%26meid%3D1477410650965443319%26pid%3D100011%26prg%3D8262%26rk%3D2%26rkt%3D5%26sd%3D321196562724%26
This is sooo much more powerful than the micro systems I was looking into and ironically its even cheaper so I am just wondering if this unit would also be a good build? By the way my scenario is different than Sp4tan01 since I am just doing a system for my home and looking for good traffic shaping by mac or port, Squid and HAVP... only one other thing would kill this for me and thats if its a loud box... I have a Cisco 2960G switch which doesn't phase me but I don't want to get crazy :)
Thanks in advance