Planning first pfsense build



  • I hope I'm in the right part of the forum, if not please feel free to move me to the right part.

    Hey I would like to use pfsense and I've got a few questions.
    I've got a nas running openmedivault and would like to run pfsense in vm on the nas.
    I know there are some drawbacks to running pfsense on non dedicated system, but for the time being I can live with those.
    I've done some research on the topic and would like to confirm my findings.

    Questions:

    1. I need a modem/router which can be used a pure modem (eg speedport 300)?
    2. Do I need three Ethernet ports on my nas: 1. Wan 2. Lan to switch 3. switch to nas
    3. Is the Intel PRO/1000 PT Dualport a good choice
    4. If I want to use a land line it would be easiest if I were to run an asterix server on pfsense and use sip or voip phones (eg. mobile phones with apps) ?

    Are there any other hardware requirements or major aspects I forgot?



  • I would run all those servers on a good machine with a vmware install.



  • Welcome to the pfSense forum! :)

    1. Yes, you will probably need a modem. (ADSL, Cable)
    2. Maybe, it depends how familiar you are with VLANs and whether you have a managed switch that supports VLANs. You would probably be fine with 2 interfaces and a standard switch, assuming you want the NAS on the LAN.
    3. Probably. Check the FreeBSD hardware compatability list to confirm. Intel is usually the preferred choice. :)
    4. Sorry, I cannot help you with this one.


  • @schpongo:

    1. I need a modem/router which can be used a pure modem (eg speedport 300)?

    I don't speak German, but if that is ADSL you may be able to fit this PCI modem to an all-in-one system (I have no idea if it would work for a virtualised system, but it appears to pfSense as a Realtek 10/100 network interface) - https://forum.pfsense.org/index.php?topic=79929.msg436451#msg436451



  • On issue 4, how will you be using your sip server?  For phones internal to your network or for phones external to your network?



  • @kejianshi:

    I would run all those servers on a good machine with a vmware install.

    The nas isn't anything special. It's a low power intel j1900 quad core celeron but I think it should do fine.

    @Nullity:

    Welcome to the pfSense forum! :)

    1. Yes, you will probably need a modem. (ADSL, Cable)
    2. Maybe, it depends how familiar you are with VLANs and whether you have a managed switch that supports VLANs. You would probably be fine with 2 interfaces and a standard switch, assuming you want the NAS on the LAN.
    3. Probably. Check the FreeBSD hardware compatability list to confirm. Intel is usually the preferred choice. :)
    4. Sorry, I cannot help you with this one.
    1. I'm not very familiar with vlans (but that can be changed) and don't have a managed switch
      So for the time being three ports would be easiest?

    @jonesr:

    @schpongo:

    1. I need a modem/router which can be used a pure modem (eg speedport 300)?

    I don't speak German, but if that is ADSL you may be able to fit this PCI modem to an all-in-one system (I have no idea if it would work for a virtualised system, but it appears to pfSense as a Realtek 10/100 network interface) - https://forum.pfsense.org/index.php?topic=79929.msg436451#msg436451

    Ah I'm sorry i mentioned the wrong modem I meant the speedport 300hs. I've got a vdsl connection.

    @kejianshi:

    On issue 4, how will you be using your sip server?  For phones internal to your network or for phones external to your network?

    This is were I'm most uncertain.
    At the moment I've got a router modem combination which allows me to plug in a phone.
    The nas obviously doesn't have that feature so I went and googled for a solution.
    If I understood my findings correctly vdsl uses voip (compared to isdn) to allow usage of land lines and that pfsense supports this in some form.



  • Not know if your phones will be in your house or not is a pretty big uncertainty.



  • Ah sorry, I misread your post :)
    I want to use the sip phone within the bounds of my network and my home.



  • Then you could run something like asterisknow behind pfsense in a VM, chose a trunk provider and run all the phones you want inside the house.  NAT wouldn't present a problem (as long as your trunk provider wasn't all screwed up).



  • Thanks for all the answers.
    Now I just need to find a vdsl modem I can get used for a few bucks, that doesn't consume too much power.
    The mentioned speeport 300hs seems to consume 24 watts according to some user reports.
    That is way to much.



  • Which provider do you use?
    If it's Telekom than be careful with your choice of VDSL modems. They will be using vectoring in the future and not all modems support that.
    There's an ALLNET device (126S or so) which is not confirmed to be upgradable.
    A Zyxel device mentioned here in the forum somewhere should work.



  • @jahonix:

    Which provider do you use?
    If it's Telekom than be careful with your choice of VDSL modems. They will be using vectoring in the future and not all modems support that.
    There's an ALLNET device (126S or so) which is not confirmed to be upgradable.
    A Zyxel device mentioned here in the forum somewhere should work.

    I'm a customer at Vodafone and don't know if they are using dsl vectoring or planning on using it.
    I'll have to look into dsl vectoring. I've never heard of the concept and am very glad you brought up.

    But if dsl vectoring is imminent and I'll have to get a more expensive modem. :(
    I actually just wanted to play around with pfsense in a live environment to gain some experience with it.
    But if I have to invest close to 100 euros (modem+nic) for a small project, for which I've got no "real" need.

    I'll post an update on my findings on dsl vectoring.

    Edit:
    I've looked into the topic of dsl vectoring. My current Modem/Router (easy box 904 xdsl) does support dsl vectoring.
    But I don't know if I currently have vdsl vectorung (or vdsl2). I'm paying for a max of 50mbit so I think I have vdsl but I'm not sure.
    My question is how do I find out if I have vdsl vectoring.



  • Currently only Telekom plans to roll out vectoring in GER, nagging all other players in the field.



  • @jahonix:

    Currently only Telekom plans to roll out vectoring in GER, nagging all other players in the field.

    I've read mixed reoprts on that but for the time I'll assume that I don't have dsl vectoring.
    But I've got one more question.
    What else do I need to configure the sip server on pfsense.
    I've got my sip username:"my home phone numer" and the password from vodafone.
    Do I need anything else to set up the sip server?



  • @schpongo:

    I hope I'm in the right part of the forum, if not please feel free to move me to the right part.

    Hey I would like to use pfsense and I've got a few questions.
    I've got a nas running openmedivault and would like to run pfsense in vm on the nas.
    I know there are some drawbacks to running pfsense on non dedicated system, but for the time being I can live with those.
    I've done some research on the topic and would like to confirm my findings.

    Questions:

    1. I need a modem/router which can be used a pure modem (eg speedport 300)?
    2. Do I need three Ethernet ports on my nas: 1. Wan 2. Lan to switch 3. switch to nas
    3. Is the Intel PRO/1000 PT Dualport a good choice
    4. If I want to use a land line it would be easiest if I were to run an asterix server on pfsense and use sip or voip phones (eg. mobile phones with apps) ?

    Are there any other hardware requirements or major aspects I forgot?

    Intel card is good, but be careful about the driver and hardware itself, I do have the same card on FreeNAS (also FreeBSD 10.x based), while having a high traffic my machine reboots! This issue never happen in my Linux build, but when I replace with another batch of card, problem disappears! So make sure you give your card plenty of load to test with before putting it to production.



  • Drawbacks? on running pfSense in VM on a FreeNAS box.

    Not trying to be a downer here but that is way beyond ?drawbacks?  If you want to have a functional household as far as Internet access then put the pfsense on a dedicated box period!!!  That would be like saying I want to put my normal bank account inside of a bitcoin account or I want to put my car ontop of a bullet train.  Both things I cannot afford to delegate the risk over and into a grossly complicated higher risk system.

    The NetGate - ADI engineering RCC-VE-2440 is the best price per performance there is, 4 GigE ports, all intel, plenty of horsepower in the CPU, and the darn thing runs at 8-9 watts.

    Compare that to a FreeNAS high-powered ECC server class hardware running 120 watts with a annual electric bill of $158.  8 watts will run you $10.52 - Savings over 5 years = $737



  • Those options you mentioned seem very solid.
    But I think I would surpass my goals with them.
    I'm not running the system in any kind of business environment, the pfsense install merely serves Internet to my two doormats and me.

    I would have thought that running pfsense in a vm is is an upgrade to running a cheap home router in terms of security.
    But if I'm wrong please correct me :)



  • There is nothing wrong with running pfSense inside a VM. The performance may take a bit of a hit but it will work fine. For a home setting the performance difference won't even be noticeable unless your hardware is terrible. The main concern is to make sure you have enough NICs in the host box to be able to dedicate two to pfSense.

    If the FreeNAS box is going to be on all the time anyway there are no power savings to be had by getting a dedicated box for pfSense. If fact it would actually cost you more power.  There is a reason businesses use ESXi, HyperV, and Xen so much. Consolidating hardware just makes financial sense.

    Also, $158 a year for a 120 watt machine that is on 24 hours a day is a bit high. Where I am that same box would only cost $111.42 per year if left running 24/7. This cuts the 5 year savings down to ~$522. Account for the cost of the Netgate and you are left with only $169 in savings, which you won't start to see until after the three year mark. If you also need wifi you are looking at either reusing the crappy consumer grade router as an AP, spending money on a wifi adapter for the Netgate, or buying a real AP. A real AP is by far the better choice but that cuts the savings down to only ~$105, which you won't see until year five.

    Besides we don't know how much power his FreeNAS box draws. For all we know it could be an Atom C2000 or Celeron J1900 system in the sub 30 watt range.



  • @antillie:

    There is nothing wrong with running pfSense inside a VM. The performance may take a bit of a hit but it will work fine. For a home setting the performance difference won't even be noticeable unless your hardware is terrible. The main concern is to make sure you have enough NICs in the host box to be able to dedicate two to pfSense.

    If the FreeNAS box is going to be on all the time anyway there are no power savings to be had by getting a dedicated box for pfSense. If fact it would actually cost you more power.  There is a reason businesses use ESXi, HyperV, and Xen so much. Consolidating hardware just makes financial sense.

    Also, $158 a year for a 120 watt machine that is on 24 hours a day is a bit high. Where I am that same box would only cost $111.42 per year if left running 24/7. This cuts the 5 year savings down to ~$522. Account for the cost of the Netgate and you are left with only $169 in savings, which you won't start to see until after the three year mark. If you also need wifi you are looking at either reusing the crappy consumer grade router as an AP, spending money on a wifi adapter for the Netgate, or buying a real AP. A real AP is by far the better choice but that cuts the savings down to only ~$105, which you won't see until year five.

    Besides we don't know how much power his FreeNAS box draws. For all we know it could be an Atom C2000 or Celeron J1900 system in the sub 30 watt range.

    Yes, power consumption is one of my main main concerns, as I pay almost twice as much for electricity as you (0,254 euros per KWh)
    That is also the reason why I'm running a Celeron J1900, which with out my nic and all drives at idle only sips 16W (with a better psu it can go down to 9W).
    And my Nas already runs 24/7 so the increase in power consumption is minimal.

    I'm running a Linksys EA6300 as an AP. It does a fine job.
    I would like to upgrade to a Ubiquiti AP but I would need a 5GHz model as I live in a very densely populated area but am not willing to spend the 200euros.



  • Have a look at Ruckus Wireless Zoneflex 7363 APs on eBay. They regularly sell for something like 120,- to 170,- Eur, are dual-band and offer great coverage due to their beam steering technology.
    I live in a high density WLAN area as well (approx. 30 APs around) and still manage to get streaming audio to 8 or so Squeezeboxes wirelessly - unfortunately they only support 2.4GHz.


Log in to reply