I've had this setup for while and would like to share with the masses.. I'm currently running pfSense 2.1 Dev on the below hardware. I've had the box up and running for almost 2 years and its gone thru many changes... Mostly software changes as this box first ran pfSense 1.2.3 then 2.0Beta to get the LCD display to work then 2.0BetaIPv6... It currently runs 2.1Dev which includes the IPv6 code. I've never had a high uptime because I'm always making changes but it did have a 36 day uptime once because I away for training with my reserve unit. My first router box running pfsense 1.2, had a year up-time since I never messed with it after its setup.
This box has 4 Intel NICs, 2 on the MB and 2 on a PCIe card. I'm using 3 ports today, WAN, LAN, and another is a VLAN trunk. The VLAN trunk allowed me to setup my Linksys/Cisco Router(running DD-WRT, AP setup only) with a Guest Wireless VLAN. I didn't want to setup another wireless AP for guests, and since I can setup virtual Interfaces on the AP and tie it to a VLAN; it just seem the right way to go about it. I plan on adding another VLAN for cameras. I use OpenVPN in 2 forms, 1 for remote access and another is a Site-to-Site to my brother's network so I can mess with from time to time... And to give remote support...lol. As a test, I was able to connect my Verizon 3G USB stick and setup a WAN fail-over. I've removed 3G USB stick since i used that stick when i'm on the road.
I use traffic-shaper to its fullest. With the setup I have, I can be VPN into work moving files, watching a Netflix stream, playing xbox 360, and downloading 5 torrents with no hiccups. Of course this is over a 50/5 cable modem pipe so that helps too. I setup the "limiter" function so guest that are using the wireless can't hog bw, they get a 5/512k pipe.
With the help of other members on the pfsense forum, I was able to get the LCD display to work. Which is why I got this case to start with... Small factor, and able to display stats on its screen.
I also setup pound on the box as a reverse-proxy. There is a pfSense packages that does this but I couldn't get it run so i found pound to just work. It allows me to have a FQDN route to different boxes on my network all via port 80. In the past I would use IIS on my server to allow me to have different web sites on the same IP.. But I also wanted to see my TED5000(electric monitoring device) thru the internet. I was able to do with assigning a different port in NAT rules then have it direct to boxes IP on port 80.. But with this setup I had to remember different port numbers and open many ports on my firewall. Now with pound, all my traffic comes in via port 80. Pound looks at the FQDN and points that FQDN to the internal IP I assigned it to. Now if you browse to my public IP on port 80, nothing is displayed because pound is looking for a FQDN to process the request. Does this make my box less secure, maybe. But i've thrown every thing I have and can't break in... Working for a ISP, we have many tools to use from ;-)
Example all using port 80:
www.homeip.net - 192.168.0.10
ted.homesip.net - 192.168.0.15
whs.homeip.net - 192.168.0.100
Power usage: about 21watts
Case: M300-LCD Enclosure with Bootable CF Reader, 1 PCI Slot and 2x20 LCD Display
MB: Supermicro X7SPA-HF-O Atom Dual-Core D510/ Intel 945GC/ RAID/ V&2GbE/ Mini-ITX Motherboard
Memory: x2 Kingston 2GB 200-Pin DDR2 SO-DIMM DDR2 667 (PC2 5300) Laptop Memory Model KVR667D2S5/2G
HD: Seagate 160GB (ST9160314AS) 5400rpm SATA2 8MB Notebook
PS: picoPSU-150-XT Power Supply 80W AC-DC Power Adapter Kit
Extras: Intel Dual Port Server NIC, PCIe (Can't remember the model as I already had it)
A special over-price PCIe ribbon riser so I can use the PCIe slot with this tiny case. Need to open the case back up and take a photo
pfSense Packages:
arpwatch
Backup
Country Block
Cron
imspector
iperf
LCDproc (hacked to get the LCD in the case to work)
mailreport
nmap
Notes (Comes in handy!)
RRD Summary
Shellcmd
TFTP
vnstat2
ntop (not running right now)
snort (not running right now)
Ports i've added to the system:
pound (resersve proxy for http/https, allows me to direct different FQDN via port 80 to differnt boxes on the network)
monit (monitors the system,re-start services if they are down)
freeipmi (allows me to access the ipmi chip for watchdog and temps within pfsense)
lcd setup:
http://forum.pfsense.org/index.php/topic,23919.msg173074.html#msg173074
pound setup:
http://forum.pfsense.org/index.php/topic,33566.0.html
watchdog/freeipmi setup:
http://forum.pfsense.org/index.php/topic,34056.0.html
Some photos:
The cable modem is the thin tall one, the other modem is for my phone..and the verizon 3G usb stick and the box off to the side my a QNAP 109-II with 2TB drive it in
current load
states
uptime
the dashboard
This box has 4 Intel NICs, 2 on the MB and 2 on a PCIe card. I'm using 3 ports today, WAN, LAN, and another is a VLAN trunk. The VLAN trunk allowed me to setup my Linksys/Cisco Router(running DD-WRT, AP setup only) with a Guest Wireless VLAN. I didn't want to setup another wireless AP for guests, and since I can setup virtual Interfaces on the AP and tie it to a VLAN; it just seem the right way to go about it. I plan on adding another VLAN for cameras. I use OpenVPN in 2 forms, 1 for remote access and another is a Site-to-Site to my brother's network so I can mess with from time to time... And to give remote support...lol. As a test, I was able to connect my Verizon 3G USB stick and setup a WAN fail-over. I've removed 3G USB stick since i used that stick when i'm on the road.
I use traffic-shaper to its fullest. With the setup I have, I can be VPN into work moving files, watching a Netflix stream, playing xbox 360, and downloading 5 torrents with no hiccups. Of course this is over a 50/5 cable modem pipe so that helps too. I setup the "limiter" function so guest that are using the wireless can't hog bw, they get a 5/512k pipe.
With the help of other members on the pfsense forum, I was able to get the LCD display to work. Which is why I got this case to start with... Small factor, and able to display stats on its screen.
I also setup pound on the box as a reverse-proxy. There is a pfSense packages that does this but I couldn't get it run so i found pound to just work. It allows me to have a FQDN route to different boxes on my network all via port 80. In the past I would use IIS on my server to allow me to have different web sites on the same IP.. But I also wanted to see my TED5000(electric monitoring device) thru the internet. I was able to do with assigning a different port in NAT rules then have it direct to boxes IP on port 80.. But with this setup I had to remember different port numbers and open many ports on my firewall. Now with pound, all my traffic comes in via port 80. Pound looks at the FQDN and points that FQDN to the internal IP I assigned it to. Now if you browse to my public IP on port 80, nothing is displayed because pound is looking for a FQDN to process the request. Does this make my box less secure, maybe. But i've thrown every thing I have and can't break in... Working for a ISP, we have many tools to use from ;-)
Example all using port 80:
www.homeip.net - 192.168.0.10
ted.homesip.net - 192.168.0.15
whs.homeip.net - 192.168.0.100
Power usage: about 21watts
Case: M300-LCD Enclosure with Bootable CF Reader, 1 PCI Slot and 2x20 LCD Display
MB: Supermicro X7SPA-HF-O Atom Dual-Core D510/ Intel 945GC/ RAID/ V&2GbE/ Mini-ITX Motherboard
Memory: x2 Kingston 2GB 200-Pin DDR2 SO-DIMM DDR2 667 (PC2 5300) Laptop Memory Model KVR667D2S5/2G
HD: Seagate 160GB (ST9160314AS) 5400rpm SATA2 8MB Notebook
PS: picoPSU-150-XT Power Supply 80W AC-DC Power Adapter Kit
Extras: Intel Dual Port Server NIC, PCIe (Can't remember the model as I already had it)
A special over-price PCIe ribbon riser so I can use the PCIe slot with this tiny case. Need to open the case back up and take a photo
pfSense Packages:
arpwatch
Backup
Country Block
Cron
imspector
iperf
LCDproc (hacked to get the LCD in the case to work)
mailreport
nmap
Notes (Comes in handy!)
RRD Summary
Shellcmd
TFTP
vnstat2
ntop (not running right now)
snort (not running right now)
Ports i've added to the system:
pound (resersve proxy for http/https, allows me to direct different FQDN via port 80 to differnt boxes on the network)
monit (monitors the system,re-start services if they are down)
freeipmi (allows me to access the ipmi chip for watchdog and temps within pfsense)
lcd setup:
http://forum.pfsense.org/index.php/topic,23919.msg173074.html#msg173074
pound setup:
http://forum.pfsense.org/index.php/topic,33566.0.html
watchdog/freeipmi setup:
http://forum.pfsense.org/index.php/topic,34056.0.html
Some photos:
The cable modem is the thin tall one, the other modem is for my phone..and the verizon 3G usb stick and the box off to the side my a QNAP 109-II with 2TB drive it in
current load
states
uptime
the dashboard
Last edited: