• English isn’t my first language, so please excuse any mistakes.

    I'm looking for a PFSense setup which will include at least 3 isolated LAN networks, and a single WAN link. It’s a home-based setup, so there will be a maximum of 20 devices connected at the same time.

    My plan is to buy a Intel DCCP847DYE NUC and a NETGEAR GS108E VLAN capable switch. The 3 isolated networks will be configured as 3 different VLANS at the PFSense box and the GS108E.
    All the “cheaper” motherboards contains or a single NIC, or a Realtek based NIC. Due to the better VLAN support with the Intel LAN NIC, I would like to use an Intel based NIC.

    Do I need an additional NIC for the WAN link if I choose for the Intel DCCP847DYE NUC? Or is it advised to put the WAN on a separate VLAN? If I need to get an extra additional NIC, does the brand of this NIC matter for the single WAN link?

    There is no need to use the PFSense box for proxy or VPN capabilities. Maybe the QoS service will be used.

    Please let me know if you have some better ideas  for me. I’m limited to hardware which will be available in Europe, so getting stuff from the US will be very hard for me. At the moment my budget is 200 EUR / 275 USD.

  • Netgate Administrator

    What bandwidth do you need? Either WAN to LAN or between LANs. The Intel NUCs are all quite high spec so if you aren't going to be using Squid or Snort you may not need anything that powerful.
    There have been some interesting discussions here recently regarding security aspect of using VLANs to separate WAN and LAN connections. I don't have a problem with it, I've never seen a security exploit against a switch firmware. There could be some though. Also if your switch forgets its configuration and goes back to default settings your WAN will become connected to the LAN. I've never seen that either but it's definitely a possibility, some huge power surge perhaps.  :-\


  • The bandwidth WAN to LAN will be 8 Mb/s down and 1 Mb/s up. I don't be able to get higher speeds from the carrier  :(.
    My plan is to isolate the LANs completely, so there is no communication possible between the LANS. Only a connection from the isolated LAN and WAN.

    I choose for the Intel NUC DCCP847DYE (Intel Celeron 847), because it's the one with the lowest specs. The NUC contains a power supply and is a compact device. But some alternative solutions are always welcome.

  • Netgate Administrator

    With an 8/1 connection and not running any big packages you would be fine with almost anything you can get pfSense to run on. Like, for example an Atom or an Alix box.


Log in to reply