[aklug] Re: Small PFSense Router?

Might I ask why you need 3 ports? Do you have two lans to keep separated in
addition to the wan? Just curiosity, as there are many ways to skin a cat.

If you want to play around, then just about anything will work, you don't
even need two NICs if you run it through a switch that supports vlans. That
said, the best I have been able to get as far as throughput on commodity
NICs in a pfSense box is about 700mbit on a supposed 1000mbit connection.
You can speculate as to whether or not that was a limitation on the
hardware or the ISP oversubscribing. I don't have access to anything of
real speed here in AK, so I can't tell you what real throughput it is
capable of... but it is safe to say you will never tax it up here. You will
see a big difference if you push a lot through the VPN or in your raw speed
with good quality Intel NICs, but you could spend as much for your NICs as
you do the little box.

The link you sent looks like it would be a bit on the underpowered side,
and 256mb of ram might work but it would be super tight (see system
requirements <https://www.pfsense.org/hardware/> half way down the page
where 1gb of ram is recommended). It is also helpful to change the mindset
of what this device is designed to do for you... in reality A LOT! So,
while you COULD get a box on par as far as specifications go with something
like a Watchguard or Sonicwall, it doesn't mean you want to handicap
yourself intentionally.

pfSense can change your whole perspective on perimeter devices and the
savings of a hundred watts becomes something you laugh about looking back.
But take that with a grain of salt, coming from a long-term pfSense addict;
to me any firewall appliance (watchguard/sonicwall/netgear/linksys) is
nothing more than a modern BEFSR41 or too high-end for me to even want to
get involved in, i.e. disposable or above my pay grade :-D

Below are some models that I either know someone has used or I had thought
of trying.

https://www.amazon.com/Linux-Ubuntu-Computer-Gigabit-Ethernet/dp/B018LWHBTG
https://www.amazon.com/fanless-Bt4-0-Computer-ethernets-Q190P/dp/B01ARGBA9Q
https://www.amazon.com/ZOTAC-Quad-Core-Graphics-Barebones-ZBOX-CI323NANO-U/dp/B0179S50UU

     ___ _______
    | | |
    | | _ |
    | | |_| |
 ___| | ___|
| | |
|_______|___|

*JP (Jesse Perry)*
voice/txt: 907-748-2200
email: jp@jptechnical.com
web: http://jptechnical.com
support: helpdesk@jptechnical.com

On Tue, Jul 5, 2016 at 2:35 PM, Royce Williams <royce@tycho.org> wrote:

> I'm super happy with this, but the $150 barebones base price, plus 8G
> RAM and a 60GB SSD, it's $220 reasonably populated, on top of a 40W
> power supply, it may not be what you're looking for.
>
> https://www.zotac.com/us/product/mini_pcs/zbox-ci323-nano#spec
>
> But I personally would pay the power cost in exchange for the
> additional room and oomph. There are some low-budget 2-NIC boxes on
> Amazon that you can get, but not that much less expensive for what you
> get.
>
> Only thing I've noticed is a little video flakiness when using VGA
> directly. Also, the NICs are Broadcom and not Intel, so if you're
> pushing high-ish volumne (just a guess, maybe cbrown will chime in
> here, but more than 200Mb/s?), you might look around more.
>
> But you can do full proxy with ClamAV, etc. I'd definitely go pfSense.
> But I'm biased. :)
>
> Royce
>
> On Tue, Jul 5, 2016 at 2:12 PM, Jeremy Austin <jhaustin@gmail.com> wrote:
> > If you want routing, firewall, DHCP, and VPN, in a low energy device, you
> > might try Mikrotik devices. It's ~linux instead of FreeBSD, and no
> > third-party packages (i.e., you don't get a full linux CLI). But lots of
> > bang for the buck. How much VPN bandwidth will you need? That's likely
> to be
> > your bottleneck, and something the ERL would be better at as it has
> hardware
> > acceleration.
> >
> >
> > On Tue, Jul 5, 2016 at 2:06 PM, Christopher Howard
> > <christopher@alaskasi.com> wrote:
> >>
> >> Might Royce or someone be able to give me a little guidance? I wanted to
> >> play around with integrating a PFSense box into our network, chiefly for
> >> routing, firewall, and DHCP... maybe play around with VPN functionality
> too.
> >> I'm trying to find the cheapest one I can get that is still energy
> >> efficient. I need only 3 ports. Would maybe this be a good buy?:
> >>
> >>
> >>
> http://corpshadow.biz/bizstore/alix-combo-kits/alix-2d13-black-combo-kit.html#/compactflash_card-1_gb_cf1slc
> >>
> >> I actually found an ERL which was a great price, but I couldn't make
> >> myself agree to their ridiculous licensing terms, so I'm returning it. I
> >> could probably get by with DD-WRT on one of our old Linksys routers,
> but I'm
> >> rather allured by all the snazzy PFSense screen shots I've been looking
> at
> >> lately. :)
> >>
> >> --
> >> Christopher Howard, Computer Assistant
> >> Alaska Satellite Internet
> >> 3239 La Ree Way, Fairbanks, AK 99709
> >> 907-451-0088 or 888-396-5623 (toll free)
> >> fax: 888-260-3584
> >> mailto:christopher@alaskasi.com
> >> http://www.alaskasatelliteinternet.com
> >
> >
> >
> >
> > --
> > Jeremy Austin
> >
> > (907) 895-2311
> > (907) 803-5422
> > jhaustin@gmail.com
> >
> > Heritage NetWorks
> > Whitestone Power & Communications
> > Vertical Broadband, LLC
> >
> > Schedule a meeting: http://doodle.com/jermudgeon
> ---------
> To unsubscribe, send email to <aklug-request@aklug.org>
> with 'unsubscribe' in the message body.
>
>

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Tue Jul 5 17:27:07 2016