pfsense box worth it?

Status
Not open for further replies.
N

Nick R

Joined
Jul 14, 2009
Messages
11,196
Location
NY Capital District
Thinking about building a pfsense box. I still have my ivy celeron sitting around, and I can get an ECS mITX mobo for it for $35, I have some RAM, have a case, have a HDD, and I can get another PCIe NIC for about $30. Right now I have an RT-N66U which handles my DDNS, VPN server, and DHCP as well as firewall. My Active Directory server handles all DNS duty currently. Would it really be worth it performance/feature-wise to go with a pfsense box? I keep flip-flopping back and forth between the two. I don't really even need to do a HDD. I could probably just use a flash drive to cut power consumption even more, and undervolt the CPU.

What do you guys think? Worth it or not?
 
I pestered Rand into building one and he likes it... a lot
grin.gif


That said "worth it" as Rand has alluded to is an open ended question. Does it offer a lot of value over a pre-built? Depends on what you want to do with it.
 
Oh and ivybridge celeron is way overkill my 1037u runs under 1% load with heavy traffic unless I run VPN,proxy, and snort.

base pfsense will run fine on a 500mhz geode processor. 256MB ram

the base package uses about 5% of my 4GB currently installed
heavy duty packages can need upto 16GB of ram.




You should also get a dual intel nic, skip using built in realtek, or any realtek nic.

Server branded dual intel nic costs about... 30$


finally my box uses aprox 16-18w daily average with brief spikes up towards 30w rarely.. thats with a 80+gold psu

psfensecap.JPG
 
Last edited:
I have a pfSense box running a church network here.

We had it running on an IBM 8187, 512mb RAM, and some P4 processor and that was overkill. It worked great and was under 5% util most of the time. I moved it to a IBM eServer because I wanted it on a RAID array since we depend on it. The eServer is pretty old - I picked it up at a surplus auction.

+1 on the avoid Realtek nics. I never had much luck with them.

It is a lot of fun to mess around with. I have debated on making one for home just to tinker with.
 
Agree on getting a two port intel nic off ebay. It will work pretty much guaranteed and you wont have to fiddle with anything.
I just switched to a SSD in my linux router. I did my box the hard way; Manually setting up a Gentoo installation to do it, but same idea.
What I did for the SSD was buy a pullout Samsung MSATA SSD off ebay and then put it in a 2.5" drive adapter. Its a 128GB, but Im doing other things with the box so I needed that much space.
Though, Im also overprovisioning 10%.
Really, you could get away with 32GB no problem.
I can be watching a YT video, command a reboot, and have it come back up before the video stops.
I have a old Athlon X2 4450B and it idles @1GHz most of the time. Using under 1GB of 4GB ram.
My previous machine was a Athlon XP 3000+ with 1GB ram and it did fine. I only retired it due to power usage mainly, but also age.
Also, brutally slow at compiling, but a pfsense box won't have that problem.
networkhead.jpg

That little guy is a Moxa Nport 5110A. Serial device server. Its connected to a serial port with a null modem cable. GRUB and the Linux kernel are configured to output a terminal on that port.
Saved my bacon about two weeks ago I had it go out. I couldnt SSH in, so I connected to the Nport and watched the kernel panic and then reboot over and over.
I was able to fix it right there in under a minute by rolling back to the previous BTRFS snapshot. ( If I didnt have it, I wouldve had to lug probably my 24" LCD out to it and hook up in order to diagnose. As it is not near any other computers.
 
Look at Untangle as well... Love it ...

Never used pfsense, but I used m0nowall
 
Ordered the hardware yesterday, will get it later. Will update. (Update 1: The board I ordered has a Realtek NIC, and I stupidly ordered a PCIe Realtek card. I ordered a couple Intel NICs today and will install it tomorrow. I got a mITX motherboard so only one PCIe slot, will simply utilize the onboard RTL8111E on the WAN side for the time being. The other Intel NIC is going into my server to replace the onboard Realtek NIC that is being used there.
 
any reason you didnt ebay a 2port intel nic for 30$?

still have time.

they have both pci and pci-e versions for 20-30$

many newer realtek's wont work at all.. like the ones on newer boards for haswell.

the RTL8111E should be ok though with pfsense 2.1+

openbsd is not real friendly to new hardware.. for example j1800 or j1900 based boards wont easily work.
 
Last edited:
Set it up last night, and stuck the intel NIC in it tonight, reassigned the interfaces. Works like a charm! Although the setting up openvpn is a pain in the butt. This was such good value. I paid $35 for the motherboard

http://www.newegg.com/Product/Product.as...5-341-_-Product

and I already had the CPU (leftover Celeron G1610), 2GB of Elpida DDR3, a Samsung 500GB HDD, and an old Gateway case. Including the NICS it cost me a grant total of additional $50? Not too bad.

4Kqc0Wg.jpg

ZKsw75p.jpg

XVpNTsR.jpg

16jkHAm.jpg



I also threw the other Intel NIC into my server to help with network transfers.
kHmYWBV.jpg
 
I also relocated my wireless AP (RT-N66U) to a more central location in the house, and added some higher db antennas. Much better/consistent coverage throughout the house now.
 
did you turn on wap mode and disable the router part of the rt-N66u?

pfsense box is also a good way to reuse an old laptop 2.5" drive.. and they use less power.
 
Last edited:
Originally Posted By: Rand
did you turn on wap mode and disable the router part of the rt-N66u?

pfsense box is also a good way to reuse an old laptop 2.5" drive.. and they use less power.


Yes. The N66U is only serving AP duty now, all DHCP/etc is handled by pfsense. Also I don't have any spare 2.5" drives, and the Samsung is fairly low power to begin with, so figured it's good enough. Eventually I may pick up another small SSD and use that instead. (I figure the HDD will probably be the first thing to fail in that box)
 
Originally Posted By: Rand
any reason you didnt ebay a 2port intel nic for 30$?

still have time.

they have both pci and pci-e versions for 20-30$

many newer realtek's wont work at all.. like the ones on newer boards for haswell.

the RTL8111E should be ok though with pfsense 2.1+

openbsd is not real friendly to new hardware.. for example j1800 or j1900 based boards wont easily work.


I did order the intel PRO 1000 dual port NIC and just installed it now. I'm really surprised how hot that little heatsink gets. Considering none of the other NICs I've ever seen have had a heatsink on them.
 
Status
Not open for further replies.

Similar threads

N
  • Locked
Upgraded my server
Replies
12
Views
4K
Colt45ws
N
  • Locked
New Storebox/Server
Replies
10
Views
2K
Nick R
Back
Top