Upgrading pfSense hardware - a few questions
-
Hello,
I've been using pfSense for a few years and love it. I would like to upgrade the hardware that it's running on; have been doing a ton of reading, but, have a few unanswered questions. I'd really appreciate opinions and suggestions.
Parameters:
1. WAN: 35Mbps/35Mbps FIOS; Gigabit LAN. Separate Wireless LAN zone with an Asus RT-N66U bridge.
2. 4 users on LAN, 20 devices, 1 web server - public access, fairly heavily used network WAN-LAN
3. pfSense with snort, squid, clam-av, rrd graphs, pfblocker, fair amount of logging (no syslog server)
4. Always on.Current hardware:
1. Old Asus motherboard with single core Pentium 4 processor - 2.8 GHz
2. 2GB DDR2 RAM
3. 40GB PATA drive
4. two Intel dual port PCI NICsReason for upgrade:
1. High performance
2. Low power consumptionHardware being considered:
1. NM70 mobo with Celeron 1037U embedded processor. Like this ECS mobo - http://www.ecsusa.com/ECSWebSite/Product/Product_Detail.aspx?DetailID=1445&CategoryID=1&DetailName=Feature&MenuID=17&LanID=0.
2. 8GB or 16GB DDR3
3. Intel PCI-E nic (two dual port or one quad port) - not sure if the NM70 based mobo can handle this, or, if I need something else
4. Kingston or Samsung SSD (many 120GB SSDs are on sale for under $80). OR 1TB SATA 6Gb/s hard drive
5. Case, PSU - current boxQuestions:
1. Given the parameters above and all the packages that I will be running, is the Celeron 1037U (Ivy Bridge, 1.8GHz, dual core) adequate? It seems to score very well in benchmarks - even better than some of the newer Haswell Celerons.2. Is the NM70 good enough, or, should I look for a micro ATX board with multiple PCI-E slots?
3. I have plenty of new and lightly used 1 and 2 TB SATA drives lying around. Is there any advantage to using a 120GB SSD instead - considering that I'd have to purchase the SSD just for this.
4. I need at least four interfaces (WAN, LAN, Wifi and DMZ (public web server)) - which Intel dual/quad port NICs would I have the least issues with and not have any performance issues with?
Thanks,
MediocreFred. -
Did some more research and picked up the following while they were on sale over the weekend:
1. Mobo - ASRock B75-ML - http://www.newegg.com/Product/Product.aspx?Item=N82E16813157365
2. CPU - Intel i3 3240 - http://www.newegg.com/Product/Product.aspx?Item=N82E16819116773
3. RAM - 2 x 8GB DDR3 1600
4. Intel 530 180GB SSDWhile not as low power as my original planned hardware (embedded celeron), this appears to be a good balance between power consumption and capability.
Only remaining question is the NICs. The mobo has a PCI-e 3.0 x16 slot, a PCI-e 2.0 x16 slot (@ x4) and two PCI slots. I would like to get two dual port Intel gigabit PCI-e NICs. I find numerous options on ebay, but, am not sure if they will work in the two PCI-e slots on this board and with pfsense. I would appreciate recommendations regarding compatible NICs.
Thanks in anticipation!
-MediocreFred. -
While not as low power as my original planned hardware (embedded celeron), this appears to be a good balance between power consumption and capability.
Personally I think you did just fine, an i3 is an excellent choice and you should be future proofed for sometime running pfSense with packages with ever increasing Internet speeds to come.
In regards to the NIC's, go on eBay and do a search for EXPI9402PTBLK. This will work on both of your PCI-e slots whether it is 2.0 or 3.0. They retail for about $150 but on eBay there are used NICs in fantastic condition to be acquired for around $35. Good luck.
Just noticed your mobo is Mini-ITX. You didnt mention what case you have but if you have a small form factor case then make sure you get those NICs with a low profile bracket. This will up the price just slightly.
-
In regards to the NIC's, go on eBay and do a search for EXPI9402PTBLK. This will work on both of your PCI-e slots whether it is 2.0 or 3.0. They retail for about $150 but on eBay there are used NICs in fantastic condition to be acquired for around $35. Good luck.
Just noticed your mobo is Mini-ITX. You didnt mention what case you have but if you have a small form factor case then make sure you get those NICs with a low profile bracket. This will up the price just slightly.
Thanks for the NIC suggestion. I see a number of Dell and HP branded Intel dual port PGI-e NICs on ebay as well and these appear very competitively priced. Anything to watch out for if I consider one of these?
As for the mobo, the one I purchased (in my second post) - ASRock B75M-GL R2.0 LGA 1155 Intel B75 SATA 6Gb/s USB 3.0 Micro ATX Intel Motherboard with UEFI BIOS - is a micro ATX and the case I will be using is an old Antec mid-tower.
Thanks,
MediocreFred. -
the hp nc360t is their branded equivalent to the EXPI9402PTBLK. you should be able to find it slightly cheaper than the intel variant as it's less well known. hell, I just grabbed an nc364t for 40$ cad + shipping. (the 4-port version of the 360)
-
the hp nc360t is their branded equivalent to the EXPI9402PTBLK. you should be able to find it slightly cheaper than the intel variant as it's less well known. hell, I just grabbed an nc364t for 40$ cad + shipping. (the 4-port version of the 360)
Like this one?
Here's an IBM version and a Dell version.
Before I buy a couple of them, can I please get some confirmation that they will work on my mobo (has one PCI-e 3.0 x16 slot and one PCI-e 2.0 x16 slot at x4).
Thanks,
MediocreFred. -
All of those will work but this one is $10 cheaper x 2 = $20 saved
http://www.ebay.com/itm/HP-NC360T-Dual-Port-PCIe-Card-Gigabit-Server-Adapter-/271336058095?pt=US_Internal_Network_Cards&hash=item3f2ce3acef
And yes they will all work in both of the PCI-e slots on your mobo, 3.0 x16 and 2.0 x16. All PCI-e slots are backwards compatible.
-
All of those will work but this one is $10 cheaper x 2 = $20 saved
http://www.ebay.com/itm/HP-NC360T-Dual-Port-PCIe-Card-Gigabit-Server-Adapter-/271336058095?pt=US_Internal_Network_Cards&hash=item3f2ce3acef
And yes they will all work in both of the PCI-e slots on your mobo, 3.0 x16 and 2.0 x16. All PCI-e slots are backwards compatible.
Good to know that PCI-e slots are backwards compatible and the x4 cards can fit in x16 slots!
I've had terrible luck buying used components from ebay. I just ordered two new NC360Ts for $32 each (made an offer to one of the sellers).
Now that I have all of the hardware components ordered, I am hoping to upgrade the current pfsense box in a week or two; am hoping to be able to install pfSense 2.1 x64 from scratch and restore config settings from my current build (x86). Is this a recommended approach, or, should I be configuring everything from scratch? I have tons of aliases and rules defined that I really don't want to recreate from scratch.
Thanks,
MediocreFred. -
Did some more research and picked up the following while they were on sale over the weekend:
1. Mobo - ASRock B75-ML - http://www.newegg.com/Product/Product.aspx?Item=N82E16813157365
2. CPU - Intel i3 3240 - http://www.newegg.com/Product/Product.aspx?Item=N82E16819116773
3. RAM - 2 x 8GB DDR3 1600
4. Intel 530 180GB SSDYou have the perfect hardware configuration. SSD will help but don't expect miracles. If you like you can go with standard spin disks as well to keep the cost low.
Unless there is a serious hardware issue, you can see this run for many years to come. Throw any package on the available list and it will still perform well. Glad you didn't go with an Atom.
-
Now that I have all of the hardware components ordered, I am hoping to upgrade the current pfsense box in a week or two; am hoping to be able to install pfSense 2.1 x64 from scratch and restore config settings from my current build (x86). Is this a recommended approach, or, should I be configuring everything from scratch? I have tons of aliases and rules defined that I really don't want to recreate from scratch.
Using the 32 bit config will work just fine when you install the 64 bit pfSense on your new SSD. When you make your backup config from your 32 bit box though, select "Do Not Backup RRD Data." 32 bit RRD data wont work on a 64 bit install so no use backing that up at all.
-
I've had terrible luck buying used components from ebay. I just ordered two new NC360Ts for $32 each (made an offer to one of the sellers).
Ebay has feedback for a reason, don't give them the usual "A+++++++++++++!!!!!!!!!!!!!!!!!!!!!!!!!! BEST SELLER EVAR!!!!!!!!!!!!" until after you test the hardware. I let my feedback sit for weeks if need be.
If more people did that, there would be less successful scammers and crap-dumpers on ebay. I have to admit, a 99.x% isn't as good an indicator as you would think because there is some sort of bizarre face saving culture of not giving negative feedback even when deserved out of fear of backlash or some other irrational thinking. Perhaps people could also put useful comments like whether or not it showed up on time and did it have actual packaging w/ antistatic bag when needed or was it just wrapped with a bunch of ups envelopes they stole from the nearest drop box? Its not a huge stretch…
FWIW I've had great luck buying computer parts on ebay, though some of that has been the miracle that a bare card stuffed in a priority envelope with nothing else survived the trip from coast to coast and not due to the seller actually trying. (if you're wondering, those sellers got a neutral and a comment explaining as much)
-
i have to agree w/ebay, read buyers comments b4 buying, got a great deal(<$20) for 2 intel pro gige nics that are pci-x that were branded dell or hp or something as i cant remember. the pci-x were used on servers but fit my pci based mobo and had no issues with them as bsd has drivers for them. im in canada and the prices americans get are so much better and have more selections to choose from
-
Upgraded the hardware over the weekend. Went off without a hitch.
To recap, my new hardware is:
-
Mobo - ASRock B75-ML
-
CPU - Intel i3 3240
-
RAM - 2 x 8GB DDR3 1600
-
Intel 530 180GB SSD
-
NIC - 2 HP nc360t (4 interfaces - WAN, LAN, wifi, dmz
Installed pfSense x64 and was able to import settings from my previous x86 installation. Had a bit of a hiccup with the WAN interface not being able to get an IP (I am one of the few that still has FIOS service over PPPOE - we were promised an upgrade to straight (non-PPPOE) DHCP; while others in the area were upgraded, a few of us weren't); took a bit of "jiggling" to get it to work.
I also enabled AHCI and Trim by following the steps in this post.
Running super smooth now with Snort, pfblocker and a couple of other packages. Haven't installed Squid and ClamAV yet - will do these slowly; the last time I installed them - more than a year back - I had quite a few issues with "good" traffic getting dropped. I am sure the issues were caused by my misconfiguration and not the packages themselves. More reading/planning is required.
Thanks to everybody that replied for all of the information and suggestions.
-MediocreFred. -
-
Upgraded the hardware over the weekend. Went off without a hitch.
Sounds like a nice setup, the MB looks great for the price. How is the sound level on the CPU fan? Any idea how much Watt the setup is using?
-
Sounds like a nice setup, the MB looks great for the price. How is the sound level on the CPU fan? Any idea how much Watt the setup is using?
The CPU fan is barely audible - I do have other computers in the vicinity of the pfSense box, but, I was able to remove the two case fans that were in it with the earlier build. The PSU (an old Antec 400W) also has a fan and that fan is definitely louder than the CPU fan. I guess I could achieve lower power consumption by springing for a new low power (~250-300W), high efficiency (80% Gold or better) PSU, but, it didn't seem worth it. The mobo is perfect - low price, just one SATA3 port that I am using for the ssd and two PCI-e slots for the NICs. I've had very good experiences with ASRock boards in the past - not surprising considering that they are a wholly owned subsidiary of ASUS.
-
Upgraded the hardware over the weekend. Went off without a hitch.
Thanks to everybody that replied for all of the information and suggestions.
Glad it went smooth for you. Now all you need to do is create a signature like mine and put your specs below. 8)