Need Guidance on yet another pfSense Hardware

  • greetings to all,

    I have heard pfsense for some time ago and this will be my first try to do DIY.
    I am asking for guidance on the hardware of which I would like to run pfsense.

    before we go to the hardware, I would like to let you know what will pfsense will be used for:

    -> traffic control/shaping [required 1st priority]:
    –---> limit/throttle download/streaming/browsing
    -----> lowest possible latency for online games

    -> squid cache [required 2nd priority]:
    –---> save bandwidth due to repetitive site browsing
    -----> to cache online game updates

    -> squidguard [or equivalent][3rd priority]:
    –---> to prevent browsing to malicious sites
    -----> prevent p0rn site access and the likes

    -> captive portal [4th priority]:
    –---> to have the ability to have vouchers for neighbors for access on wifi

    -> HAVP [optional]
    –---> will install this if above 4 will work [have read that its not that effective]

    -> OpenVPN [optional][good to have]
    –---> a sort of additional WAN access [via USB dongle/3g/4g]

    -> Snort [optional]
    –---> just to tryout if it permits

    -> monitor stuff
    -----> get/display bandwidth/browsing stuff on a certain ip/pc/connection

    here will be the hardware [preliminary]:
    -> intel G630
    -> 32Gb SSD sata drive + 160gb normal sata drive
    -> 8gb to 16gb of DDR3 RAM [tentative]
    -> I have built-in realtek nic to use + 3x pci-e intel lan [single port] + 1x old pci [dual port] all giga lan

    I know that some of the packages will need AES NI and the intel G630 might not be that sufficient.
    The 32Gb ssd will be used as the main installation for OS and the 160gb will be used for squid and other write intensive things.
    Will the 32gb ssd sufficient for OS and packages?
    Will the G630 intel proc will be sufficient for this? if not, will a XEON E3-1220L be good enough then?

    I have a 4mbps down and .8mbps up internet speed.
    number of computers: 4 for gaming, 1 for personal use [may grow to 10]
    number of wifi device: less than 4 currently, if captive portal is deployed, it will be around 10 to 15 units [bandwidth access via wifi will be very minimal]

    I would love to hear any comments/advise/recommendations for this.
    any additional info you need?, let me know

    thanks and best regads,

  • You will not benefit from the AES-nI with the speeds you stated with regards to VPN.  Use openvpn if you want to save yourself some grief!

    As to the other aspects I will leave that up to someone else.

  • @gratis.obake:

    -> squid cache [required 2nd priority]:
    –---> save bandwidth due to repetitive site browsing
    -----> to cache online game updates

    We have a 50 Mbps up/down connection and are running a squid server on a Linux VM in Hyper-V (Server has two E5-2640v2s clocked @ 2 GHZ. The G630 is probably close in performance per core, I just have a lot more cores than you do). Load is currently .13 over the last 5 minutes (Which I believe translates to 13% of 1 CPU). In the last 3.5 hours since we opened we've averaged about 12.76 HTTP requests per second and 1.95 Mbps of incoming HTTP traffic.

    We have quite a few rules (Delay Pools, ad-blocking, etc), so I figure yours would be somewhat similar if we don't count SquidGuard.

    You should have enough CPU for Squid.

    I can't say definitively, because I've never run squidguard or the captive portal, but the G630 should be enough for OpenVPN, Squid, and the traffic shaping/routing.

  • thanks for the replies…, will definitely take note on this.

    would like t hear from others about the 32Gb ssd as its OS, should this be enough? considering its only mostly for readonly stuff as I will be having another regular hdd for squid and other write intensive stuff.

Log in to reply