First time user.



  • I'm basically doing a complete overhaul of my computer(s) setups.
    Started with my main computer/gaming PC, and then just spiralled out of control wanting to rebuild everything. So I've got a few questions on mostly the build I'd like some help with.

    Parts for the new PC are almost bought. And most of the parts from my current build will go in my server. But following that I want to rebuild my HTPC, and build it smaller, build my parents/brother a PC, then also build a router with PFSense. Which will mean I already have two CPU's and two motherboards I can reuse and I'd need to buy one CPU and one motherboard. The ones I currently have are 1155 socket, so it gives me headroom to switch stuff about.

    Motherboards:
    Asus P8H77-i
    Asus P8P67 LE R3

    CPUs:
    G530
    i5 2500

    I think the i5 would be perfect for the brothers/parents build, but the G530 wouldn't be good enough for the HTPC as I want it fanless and a small build (no GPU). But I think it'd be perfect for the router.

    I'll have 8GB of Crucial Ballistix 1333Mhz RAM spare, and although I think that'd be overkill for the router, I'd rather have at least 1600Mhz on the brothers build and at least 1600Mhz on the HTPC (as it'll be running integrated graphics). So is there anyway I could make use of 8GB of RAM with PFSense, or will it literally be pointless? (Home network, four computers, four laptops, five phones and two consoles, two tablets).

    Next is the motherboard, I know the router build would obviously need at least 2 ethernet ports so I've got a few questions on how to go about this, as neither of the motherboards above have two built in. First of all, I'll cover wireless. I intend to upgrade to AC wireless for my home network (parents wont let me run wires all over, which is fair enough, and AC wireless seems to have much better bandwidth compared with wireless N). So, how would a wireless AC card stack up against the performance of say an AC66U router? Would it be on par, worse or better? Secondly, from a little research I've done I'm under the impression a wireless card would only allow one type of connection to it? So I'd then need a wireless AC card, wireless N, Wireless G etc? Is that correct? If that is the case, it'd make more sense just to get an AC66U and have it as an access point? Then I could get a NIC and use the ITX or just get an ITX with two ethernet ports.
    Just thinking about what motherboard setup to have is actually confusing the hell out of me thinking of all the scenarios for it. To note I've also got a N56U router, which I think has brilliant wireless, so another option could be to buy a new ITX motherboard with two on board ethernet ports and get a AC wireless card for it?
    I'm going to leave the motherboard questions for now, until a few of those questions get answered.

    I'll touch on NICs though, every man and his dog seem to recommend Intel NICs on here, any particular reason why? Are they more stable than for example a Realtek one, or is it that they tend to have a better speed/latency?

    Next, HDD/Cache. I've got a 60GB Vertex 2 in my laptop, been needing to upgrade that for awhile, but until now I've had no idea what to do with the 60GB that's in it. Reading the odd topic on here, I've seen the odd one saying 'PFSense killed my SSD'. As far as I'm aware the Vertex 2 does have Trim support, so will I be seeing this fail in a year? Or will it actually hold steady? I've also got a spare 1TB HDD, would that be pointless throwing it in there?

    For now, that's all the questions I've got. But I'll try summarise them all considering this is a pretty lengthy post, so here goes:

    1: Would the G530 CPU be suitable for a home network, running an antivirus and a VPN?
    2: I know 8GB of RAM would be overkill, but is there a way I could make use of it?
    3: Would I need multiple wireless cards if I wanted to run wireless AC, G and N 2.4 and 5Ghz?
    4: Would a wireless AC card perform as good on the AC network compared to an Asus AC66U?
    5: If the answer to three is a yes, would you either A) get an AC66U and use that for wireless or B) use my existing N56U and get an AC wireless card for the AC wireless?
    6: Why are Intel NICs better than others?
    7: Would a 60GB Vertex 2 be both ample storage and reliable?
    8: Would I make any use out of a 1TB HDD?

    Cheers for taking the time to read this.



  • @Jawswing:

    1: Would the G530 CPU be suitable for a home network, running an antivirus and a VPN?
    2: I know 8GB of RAM would be overkill, but is there a way I could make use of it?
    3: Would I need multiple wireless cards if I wanted to run wireless AC, G and N 2.4 and 5Ghz?
    4: Would a wireless AC card perform as good on the AC network compared to an Asus AC66U?
    5: If the answer to three is a yes, would you either A) get an AC66U and use that for wireless or B) use my existing N56U and get an AC wireless card for the AC wireless?
    6: Why are Intel NICs better than others?
    7: Would a 60GB Vertex 2 be both ample storage and reliable?
    8: Would I make any use out of a 1TB HDD?

    1 - Depends on the bandwidth. Please specify.
    2 - #1 + packages
    3, 4, 5 - Forget about wireless cards and use a dedicated AP.
    6 - A lot of reasons, get intel pcie nics.
    7, 8 - Depends on the packages. A flash drive could do the job if the packages you want does not need storage.



  • Well, bandwidth, I'd have three computers plugged in. Two consoles, four laptops, one HTPC, and five phones? Obviously wouldn't all be used at the same time, but lets say a theoretical maximum of 15 devices.
    Packages, I've honestly no idea, never used PFSense before. So I'd need to do research on these. However, I'll be needing a VPN, cache, an antivirus, and adblocker. Don't think I'd really need anything else.


  • Netgate Administrator

    The number of devices or users is not really relevent. A single machine downloading multiple torrents is going to use more bandwidth than 50 people checking their email.  ;) What is the bandwidth of your WAN connection?
    If you are going to separate your internal network (wireless and wired devices for example) with multiple interfaces are you going to want traffic between them at wire speed, possibly 1Gbps?

    If you want adblocking and anitvirus then you're going to be running Squid (web proxy) so you can allow that to use as much ram and disk space as you have, within reason.

    Steve



  • Well, for internal bandwidth I'd be saturating the Gigabit connection frequently, as I'm constantly copying Blu Ray rips from my PC to the server. Said rips would be streamed to the HTPC upstairs wirelessly, and I do intend to get another HTPC eventually, I think the max bandwidth for Blu Rays is 8MB/s, or 64Mbps.
    Torrenting is really light use, my parents use them, lets just say a maximum of four of these a week, and tend to be deleted as soon as they're downloaded.
    Lots and lots of online gaming though.


  • Netgate Administrator

    Ok. Internal bandwidth is only important if you are going to segregate your network somehow. Here at home I have wireless access points on a separate NIC to my wired clients. That way I can control what wirless devices can connect to and allow guests internet access only. That means the traffic has to go through the firewall. If you don't do that then your traffic only go across your switches so the pfSense box never sees it.

    The real question is what is your WAN connection maximum speed? Do you have a cable connection? ADSL? Google Fibre? What is it's speed?

    Steve



  • WAN connection isn't anything amazing. I'm looking at a maximum of about 30Mbps down and 10Mbps up.


  • Netgate Administrator

    Ok!  :)
    So The G530 will easily handle ~50Mbps with whatever packages you care to run. It has been shown to pass >1Gbps of firewall/NAT traffic so it will run at wire speed between internal interfaces if you choose to have more than one. It probably won't run at wirespeed if you wanted to run, say, Snort on an internal interface. You probably don't want to do that anyway and even if you did iy would just mean your large file transfers (if they were across subnets) would be marginally slower.

    In short the G530 will be good for your firewall requirements.

    Steve



  • Okay, so I've done a little research on packages for Pfsense. I've seen Squid pop up a lot for what I want. But what packages would you recommend for the following?
    Antivirus
    Remove ads
    Windows updates
    Cache
    VPN, both setting one up for connecting to a VPN and setting one up so I can connect my phone to my home network (or is this native)

    A question with the adblocker/removing ads though, I occasionally use Quidco, which is a cashback website in the UK, if I were to set up an adblocker would this cause problems with the tracking?
    How much cache would I need for Windows updates, and how well does it work? From the research I've done I've seen a lot of people having problems with caching Windows updates.
    Can you cache to RAM? And how much cache do you guys use in general. Again I'm planning on using a 60GB SSD and 8GB of RAM.

    Slightly off topic, but if anyone would care to answer. How do VPNs work? If I was to say connect to a VPN, I'm in the UK and I was connecting to a VPN in the US, would the traffic first go to the US and then be forwarded to my network?

    Also, I think the best option for me would be to use the existing ITX Asus P8H77-i motherboard. Which has an onboard Realtek 8111F LAN controller. Considerring I have a 30Mbps connection, would I see much improvement getting an Intel nic for the WAN at all? Because it seems a lot easier and cheaper to find a one port Intel nic.  Especially low profile ones.

    And finally, if I were to buy an AC66U or use my existing N56U, I assume I'd be able to use the four LAN ports on these. Would this be advisable? I'd only need three or four wired connections, and it'd save some space/plugs if I were to just use that.


  • Netgate Administrator

    So basically to do that you need the Squid webproxy, Squidguard web filter and ClamAV anti virus packages. To get all those running is probably going to take some tweaking and reading of various how-tos.
    If you are ad-blocking at the firewall it may well cause tracking problems, usually that's a good thing! I find it far easier to run adblocking locally in the browser. That way I can easily whitelist sites that I don't mind the advertising on (like this one!) or disable it when I get to some site that doesn't work at all because some thing is blocked. Increasingly Ebay works less and less with stuff blocked unless you carefully train the filters.
    There is little point in having a huge cache in Squid especially for a relatively slow home connection, you won't see much increase in speed. It would be better to give a large RAM cache, which will be much faster.
    Caching Windows updates can indeed be a problem. They use a CDN so the update files may not come from the same location making it difficult for Squid to know they are the same file. There are various threads and docs on that.

    Yes that's exactly how VPNs work. Though you could configure some stuff to connect directly.

    You may have some issues with an 8111F. I can't remember quite what the current support is but I believe it wasn't supported by 2.0.3.  :-\ Hmm, have to check that. If it is supported you should see any loss at 30Mbps.

    If you use a wireless router as an access point you usually have to use one of the LAN port the connect to it leaving only three but, yes, those are then usable as a LAN switch. Some firmwares allow you to add the WAN port to the LAN switch getting around that problem.

    Steve