Random pfsense questions.

[9C1 Newbee]

I'd like to know about pfsense. I ran across this forum.

https://forum.pfsense.org/index.php?board=5.0

Or is there a more preferred place to get info?

I have a feeling people in his forum could point me in the right direction. I think my old server, Dell T105 would work out nice. I assume I will need to add an additional NIC for a total of 2.

If I am understanding correctly, you can run this behind a firewall or in front of a firewall. That makes no pfsense to me.

 

[pirateghost]

Pfsense would be your router and firewall. You don't need anything else in front of it. Except your modem

#stayparanoid

 

[cyberjock]

Ug.. this isn't the pfsense forum but:

• Consider your power usage when using a machine. One of the last-gen Atoms will give you about 350Mbit of throughput and draw <10w (numbers from my system and taken by me). Before you go throwing full-fledged hardware at pfsense realize you don't need to (and shouldn't) because of power considerations.
• I'm using pfsense on a 30GB SSD with 2GB of RAM and I've never even hit 512MB used. pfsense is supposed to be for very low power users.
• If you want to experiment with the T105 just to prove you know what you are doing before throwing money definitely go that route.
• Intel NICs are basically king. My board has dual Intel NIC built-in.
• You don't need lots of RAM or the 64 bit version unless you plan to deploy this in some very large project. In fact the 64 bit version is limited in what packages you can install and the 32 bit version is preferred.

 

[9C1 Newbee]

That is a pretty cool little motherboard. For the $30 I'd be putting toward a NIC ,might be better spent for that. Plus, that would fit nice in the panel I have outside.

I have been poking around a bit more. Seems like it is pretty darn simple to set up. Looks like there isn't much you really have to mess with.

 

[cyberjock]

Nope. If you plan to use it as a router and nothing else it's pretty simple. If you were able to figure out FreeNAS you should be able to figure out pfsense. There are lots of advanced features (VPN, DNS server, etc.) but they are relatively easy to figure out if you know how those work. If you don't you can do some Googling and usually find enough info to read to figure it out. There's also a book coming out soon (already released?) that goes through pfsense in-depth.

That motherboard is amazing for pfsense. I've made 6 of them with that exact board, never a complaint from anyone. ;)

I used http://www.mini-box.com/M350-universal-mini-itx-enclosure as a case and a PicoPSU for the power supply. If you have a monitor you plan to dedicate to the box or use via KVM you can actually connect that case to the back of a monitor if it has the holes for it. Mine is also completely silent as I opted for a SSD(bought a used 32GB Intel on ebay) and didn't install a fan. Never had heat problems either. I won't lie, it's creepy when you press the power button and see the power LED come on but no noise. Haha.

It does use SO-DIMMs so you may have to buy one if you don't have a spare lying around. I had a 2GB stick lying around and I threw it in there and never looked at it again.

Again, go 32-bit.. it's faster and less resource-intensive. I'm running 32-bit myself and I have no intention of upgrading to 64-bit.

 

[DaPlumber]

I wanted to get back into pfSense a few months ago and I eventually wound up buying one of these: http://store.netgate.com/NetgateAPU2.aspx In much the same way iXsystems is to FreeNAS, Netgate is to pfSense and that is their equivalent of the FreeNAS mini. As you can see it has 2GB RAM and a dual core x86 CPU, and it barely breathes for my "Power" usage at home, I have a 100+Mbps CM uplink and I run VPN, snort (anti-intrusion), and a few other packages. The UI is pretty polished, especially the modular dashboard. I'd love to see FreeNAS stealing a few ideas on that score... ;)

 

[panz]

My pfSense configuration, suitable to use with pfBlocker and Snort

motherboard: MSI C847MS-E33 Micro ATX (with Intel Celeron CPU 847 @ 1.10 GHz) ~ PSU: Corsair VS350 ~ RAM: Kingston KVR1333D3E9S 4096 MB 240-pin DIMM DDR3 SDRAM 1.5 volt ~ NIC: Intel EXPI9301CTBLK (LAN) ~ NIC: D-Link DFE-528TX (WiFi) ~ Hard Disk: Western Digital WD10JFCX Red ~ Case: Cooler Master HAF XB ~ power consumption: 21 Watts.

 

[DaPlumber]

I wanted to get back into pfSense a few months ago and I eventually wound up buying one of these: http://store.netgate.com/NetgateAPU2.aspx In much the same way iXsystems is to FreeNAS, Netgate is to pfSense and that is their equivalent of the FreeNAS mini. As you can see it has 2GB RAM and a dual core x86 CPU, and it barely breathes for my "Power" usage at home, I have a 100+Mbps CM uplink and I run VPN, snort (anti-intrusion), and a few other packages. The UI is pretty polished, especially the modular dashboard. I'd love to see FreeNAS stealing a few ideas on that score... ;)

Just to stir the pot a bit the APU2 uses a Realtek chipset (RTL8111E) for its Gigabit ports. It seems to be quite capable of driving those ports at pretty close to line speeds with synthetic testing. Since pfSense is FreeBSD based as well I'm curious as to why a Realtek chipset should be so fast and stable in that environment whereas it seems to have a less than stellar reputation under FreeNAS? It's a puzzlement...

 

[panz]

My WAN interface is a Realtek too, but I have an ADSL, so I don't need more speed.

 

[DaPlumber]

My WAN interface is a Realtek too, but I have an ADSL, so I don't need more speed.

Oh yeah, the WAN side could care less until SOMEONE runs some kind of fibre to my curb, or Comcast really improves their head end and backhaul and drops their pricing to a non-monopolistic level. However I was talking about synthetic gigabit LAN testing between the APU2 and its Realtek and the iXsystems mini and its Intel. Switch is a dumb Netgear with a decent buffer. Color me surprised because my experience with Realtek across multiple OS' has also been less than stellar.

 

[DaPlumber]

BTW pfSense 2.1.4 is out, mostly a patch and update release. Upgrade went like butter like usual. :D

 

[cyberjock]

My board (listed above) was tested to do 330Mbit/sec throughput on my own real-world testing. :D

 

[DaPlumber]

Nice.

 

[thewiep]

Ug.. this isn't the pfsense forum but:

• Consider your power usage when using a machine. One of the last-gen Atoms will give you about 350Mbit of throughput and draw <10w (numbers from my system and taken by me). Before you go throwing full-fledged hardware at pfsense realize you don't need to (and shouldn't) because of power considerations.
• I'm using pfsense on a 30GB SSD with 2GB of RAM and I've never even hit 512MB used. pfsense is supposed to be for very low power users.
• If you want to experiment with the T105 just to prove you know what you are doing before throwing money definitely go that route.
• Intel NICs are basically king. My board has dual Intel NIC built-in.
• You don't need lots of RAM or the 64 bit version unless you plan to deploy this in some very large project. In fact the 64 bit version is limited in what packages you can install and the 32 bit version is preferred.

This thread has got me interested in pfSense and I want one :)

Could you also post which PicoPSU you have installed?
They have quite some choice..

I prefer using a setup from an experienced user, I based my FreeNAS box on the recommendations from the link in your sig and also your setup.
I wouldn't mind doing the same for a pfSense box :)

Btw. do you also have a wireless card in it?

 

[Ericloewe]

Btw. do you also have a wireless card in it?

Forget about it. It's not worth the trouble. Get a decent router with an access point mode (I highly recommend Asus' RT-N66U and, to a lesser extent, RT-AC66U and RT-AC68U). You wouldn't even be able to get wireless n cards to operate, except at g speeds - if you find one that's even compatible.

 

[thewiep]

Get a decent router with an access point mode (I highly recommend Asus' RT-N66U and, to a lesser extent, RT-AC66U and RT-AC68U).

Thanks for the recommendation!
I indeed read about issues with wireless..
So a modem -> pfSense box -> switch -> RT-N66U (as AP only for wireless needs)?
And connect all the other stuff to the switch?

 

[Ericloewe]

Thanks for the recommendation!
I indeed read about issues with wireless..
So a modem -> pfSense box -> switch -> RT-N66U (as AP only for wireless needs)?
And connect all the other stuff to the switch?

Yup, that's exactly the setup I'm using, works like a charm.

Asus' high-end (and some not-so-high-end models, but you'd have to double check) have an Access Point mode that turns off all routing/firewall features and even allows you to use the WAN port as the uplink, leaving all four LAN ports free for nearby wired devices.

 

[Black Ninja]

My board (listed above) was tested to do 330Mbit/sec throughput on my own real-world testing. :D

You mention above about the case , ram and the ssd but not what CPU is driving it.

 

[Black Ninja]

Yup, that's exactly the setup I'm using, works like a charm.

Asus' high-end (and some not-so-high-end models, but you'd have to double check) have an Access Point mode that turns off all routing/firewall features and even allows you to use the WAN port as the uplink, leaving all four LAN ports free for nearby wired devices.

That's my setup too !:)

 

[cyberjock]

You mention above about the case , ram and the ssd but not what CPU is driving it.

Intel Atom D2500.