PfSense on an ASUS 1015PEM
I currently have a spare ASUS 1015PEM netbook lying around.
I have been able to but up into pfSense with it, but it only detects my LAN port, because the WLAN card is a RT3090, which i dont think FreeBSD supports.
My question is, ive been looking at Cervoz's MEC-LAN-M002, because it has two ports
It looks like pfSense supports this type of network card, as it uses two Intel 82583V LAN ports.
my question boils down to this:
Is it worth spending money on the MEC-LAN-M002 card to have two NIC ports and use my ASUS 1015PEM as my router (It has a dual core Intel Atom N550 / 1.5 GHz processor) or should i just go ahead and drop money on building a new mini-itx machine.
Thanks in advance for your guys help and insight.
Don't let this initially sway your answer, but in the future i would like to run SNORT and SQUID along with setting up VPN access. I have a 100Mbps internet connection. For right now, I am mainly needing the two additional ports to run to my wireless AP and a switch.
I would sell it and pick up a 1037U celeron board with dual nics + ram
Where did you find that for sale? How much does it cost?
Adding packages in the future as your talking about might choke the little Atom :P to death. I to would recommend selling it and start off with at less a Intel Core2 Duo Processor.
As for dual nics, I think its overkill in most cases…. if you have a desktop system and dual Ethernet cards available by all means use them.
But for a laptop I would NOT recommend spending that much money on a MEC-LAN-M002 upgrade. You would be better off selling the laptop and upgrading to a faster laptop or desktop system running vlans. Just keep in mind YOU DON'T NEED A POWER HOG TO RUN A FIREWALL.
All you need to run vlans is a 2 Layer switch .... Also the way I view this whole dual Nic thing is with just a 100Mbps internet connection, why you would need more than (1) gigabyte Ethernet port?
I'm running Pfsense on a laptop using vlans and have had no problems what so ever ...... I have run dual Nics in the past using a Express Card and could NOT see a difference what so ever in the performance.
Indeed, you will not get more than ~50Mbps of VPN traffic from that netbook (if you're terminating the VPN at pfSense) and that's without squid or snort.
One more thing…
As for the hardware ..... Used laptops and computers off of Ebay work far better for the simple fact they are Used and heavily discounted , and is some cases just as good as New. Besides FreeBSD does not support most of the latest hardware on the market. FreeBSD is usually about 4 years behind in hardware drivers, and in some areas even longer.
If you do a new custom build, a Cheap ??? entry level build will start somewhere in the $600 range. Do you want to put $600 + bucks in just a freak-en firewall device? :o
If it is for a business that has extra cash to burn and wants something nice. I could see spending $1200 bucks or so for a high-end custom build ….. but still a used HP Elite 8000 off Ebay for $150 bucks will do the same tricks for far less money.
One more thing…
Personally I would rather not use an HP Elite 8000. I would rather build up something on the cheap with the above board.
If you have a PC with DDR2 or DDR3 and a processor that can do at less 1700+ Passmarks that's a good starting point in my option for a beefy Pfsense box utilizing the most popular packages available. I would say for a 100Mbps connect running VPN, snort and squid 1700 Passmark is a good starting point …. Some might would prefer to start in the 2400~3000 passmark CPU range because of the VPN encryption and that's fine.
If its being used at a place of business you may have hundred of users behind Pfsense it may require much more processing ..... Everyone's situation is different.
Computers have become a Commodification ..... Meaning everyone in computer manufacturing are building fast computer components.... Its more about reliability and efficiency that counts.
So to say this computer is faster than that computer is nonsense these days...... The question is how much heavy lifting (processing/Passmarks) do you need to perform to get the the task accomplished.
Their is nothing cheap about building a cheap Custom Computer, this is why you get more value in buying a engineered product from HP or Dell ...... People usual do custom builds because they have money to blow and enjoy doing it. But custom from the business side is because they NEED a exotic custom build for a special application, and there's nothing Cheap about that.
HP Elite 8000 Desktop
Intel Core2 Duo E8600 @ 3.33GHz - 2413 Passmarks
Your motherboard selection
Intel Celeron 1037U @ 1.80GHz - 1733 Passmarks
THEY ARE ALL FAST, IT'S A MATTER OF HOW MUCH WORK IS TO BE PERFORMED.
Some what hijacking the thread here but anyway…
I commend your re-use of IT equipment, far too much ends up in landfill IMHO. I also agree with much of what you're saying, it's certainly hard to beat a laptop in terms of efficiency and then there's the built in console and UPS etc. However one thing I would not agree on is reliability. I'm talking laptops in general here rather than your HP model specifically. Laptops are not designed to run the same number of hours as a rack mount server. The cooling in a laptop is usually designed such that it will run as hot as possible in order to remain as quiet as possible. A rack mount server is pretty much the opposite of that. Hot electrical components fail faster even ones designed to run hot. On the flip side the components in a laptop have to withstand being thrown on to a bed or dropped onto a desk.
None of this would stop me running a laptop it's just an interesting topic. For $150 you could have a spare one just in case and still come under the cost of a new build ;) Though I do think you can build a new, fast box for some where closer to $300 if you try.
I know the build on the Elite Book is quite good … most likely the problem which could occur one day is fan failure, which is not a easy task to replace in a laptop. When the fan goes out I will simply replace it and keep trucking. I bought it used on Ebay, its been up and running for over a year now with no problems. . As for heat, what heat..... this thing is running COOL ..... touching the keyboard its just slightly warm over the CPU area the same can be said for the exhaust fan vent.
If I want to add additional laptops, one running as an Web server and the other as an FreeNAS box I simply stack them ..... These 12" Elite Books look great stacked ;D
Packages: Pfblocker & Snort
With Power-D running CPU stays a consistent 42 Celsius
CPU runs between 300 mhz to 800 mhz and averages about 500 mhz
What I have is a bit overkill for the packages I'm running on Pfsense but laptop + WIFI only sucks up 17 watts with low voltage components.
Looking at your CPU it does seem particularly efficient. :)
Just by chance the Intel maximum amount of heat generated by the CPU (TDP 17 Watts) is the total laptop power consumption. ???
Not just the CPU is low voltage but also the Intel Chip Set …. I assume the memory is also.
Wow, I am sorry I spaced out on you guys. I really appreciate all your posts. I didn't know anyone had replied to this post (I didn't have notifications enabled, sorry).
I think it is best to sell the netbook and get something new. I like the 1037U board idea and there is also this thread: Gigabyte Intros Bay Trail J1800 Based Mini-ITX Board https://forum.pfsense.org/index.php/topic,72305.0.html
I have a HP G60-120US and a Dell Inspiron 1545 that ive tried running pfsense on, but i kept running into complications- where i have one ethernet port and the wireless card isn't supported, or in the case of the HP G60, the wireless nic would only work in wireless g mode (its an atheros card).
But i am not going to give up hope. I have been looking into pfsense for months, and ive run it on several test vms. Ive been running dd-wrt in the past, but I am really set on having pfsense set up. I have been really impressed with what pfsense can do, especially all the packages it offers. the Linux action show season 28 episode 9 did a pretty good review on pfsense as well.
I think i'm going to look into the 1037U or J1800 based board. It just for me, this pfsense firewall is the first thing I am setting up on my home network, and I don't want it to be a bottleneck for any future projects.
Thanks again to all of you.
The Bay trail boards look like great candidates for a low power firewall but they are not well tested (if at all). They would almost certainly require the 2.1.1 pre-release version of pfSense due to the NICs on most of them.
Some of the new Supermicro boards look to be ideally speced, very low power, DC input, onboard 4x Intel NICs, but they'll be expensive and are completely untested as far as I'm aware.
I like those Supermicros. Its nice they come with that many NICs out of the box. I like the idea of having the DC input already on the board. id rather not have to get a pico psu..but that's not always an easy thing to find from what I've looked at.
The prices are a bit steep, but they already come with all the NICs id probably need, and they have quite a bit of legroom for future improvements.
As far as the testing goes, ill have to keep my eyes and ears open. id rather be safe than sorry. i dont want to get burned on a new purchase and it not work and not be able to get a RMA.
Thanks for sharing that link.
The more I look into it the more promising these new Atoms look. Looking at Supermicro's offerings all have 4X Intel Gigabit NICs but that's because they are built into the SoC, it's very easy to implement them at very little extra cost.
Then you have a choice of 4 or 8 Cores (C25XX or C27XX) and of either turbo boost or Intel Quickassist (CXX50 or CXX58). NO idea what, if any, of quickassist might be supported by FreeBSD any time soon so might as well go for the extra 200MHz turbo.
Edit: Quickassist not supported yet: https://forum.pfsense.org/index.php/topic,69181.msg382457.html#msg382457
The best thing is that because this is all on board the SoC, far more integrated than previous Atoms, I'm sure Jetway et al will be producing very similar boards at a likely lower cost.
Those supermicros are better than my esxi hypervisor haha (asus p6t motherboard with 17 920 CPU, 24GBs of RAM). I looked at that 8 core machine (C27xx) and it uses 20watts…thats awesome http://www.webhostingtalk.com/showthread.php?t=1340107.
I am a tight wad. i try to keep an eye on watt consumption since this rig will be running 24/7.
I'd like to see how much a comparable jetway would cost. I do like that they have the NICs onboard, i just hope they work as well as a PCI NIC would.
In comparison to that GIGABYTE board mentioned in my last post, it would cost
$60+ dollars for the gigabyte board
$45 for 4GBs of RAM to start with
$60~ for a Pico psu (and a power brick)
$100-$150 for a 4 port Intel NIC
I think if i specced out the cost for the supermicro
$60 pico PSU
I think the gigabyte's celeron cpu and the supermicros atom cpu are clocked high enough to handle openvpn decently. Does more cores help out, or is it more like one core is used specifically for openvpn. Therefore having a higher clocked CPU would be better? The main downside to this ive seen is that the CPUs usually call for higher watt usage. like this guy has a dual core AMD, but its 65watts
I always weigh the odds and think about things for a while before i purchase them. Then i still get buyers remorse afterwards :D