Looking to build a new pfSense firewall...check my specs for me please

J

JohnYYC

Weaksauce
Joined
Mar 9, 2011
Messages
71
Well as the title says I am looking to build a new pfSense firewall for home. I was looking at getting a Habey Server System Intel Atom N270 1.6GHz . I will throw in a spare 1GB SODIMM and HDD I have laying around at home.

My connection is 100Mbps/5Mbps (will be 10Mbps eventually). I am a moderate torrent user and have 2 or 3 IPSEC tunnels active at all times, each with 128bit Blowfish encryption. I might be adding a few more VPN tunnels in the near future.

Would this machine be able to handle that?
 
Last edited:
I'd really try to get an Intel NIC. You might need more RAM if you want to run Snort: mine is using 65% of 2GB with not that many rules... but if you already have it just use and and upgrade if needed.
 
I have almost the same exact system hardware wise (Aopen DE2700) with a much slower connection. You're probably seriously going to max the CPU out with your usage.
10MBit - no issue but to give you an idea - I'm torrenting at 20-25mbit sustained right now and my CPU usage is hovering around 30-50% usage. I'm running Snort.
I hover around 60%-ish memory usage and I've seen it peg out before.
 
Last edited:
Well I haven't bought any hardware yet thankfully. Would you folks be able to recommend a bare bones kit for say under $300 total? It doesn't have to be from NewEgg.ca but it would be preferred that it be from a Canadian source.
 
pfsense must be a freaken hardware hog then... I run untangle on an HP p4 single core, 2gigs of ram, and 2x 100mbit cards, running my 35meg cable just fine.

I wont say what Im doing, but I am for sure bandwith hungry.
 
Granted I don't do any VPNing through mine but I have a similar box (AOpen DE2700) with Pfsense 123 and I barely get any cpu usage even when running a lot of torrents and other things.
 
Crap if your talking about hardware hog untangle is the same way it takes alot of CPU power/memory just to run it under its firewall rules and other things.
 
ChRoNo16 said:
pfsense must be a freaken hardware hog then... I run untangle on an HP p4 single core, 2gigs of ram, and 2x 100mbit cards, running my 35meg cable just fine.

I wont say what Im doing, but I am for sure bandwith hungry.
Click to expand...

nTop is eating 10% alone continuously.
 
blah, my CPU loads are always nice and low. Sadly I wanted untangle to kill this box so I can build a new 1... it just wont die...
 
You wont have any issues running 100mbit unless you have a lot of connections, what might be killing you is IPSec etc at 100mbit but not the routing and firewalling itself.
//Danne
 
ChRoNo16 said:
pfsense must be a freaken hardware hog then... I run untangle on an HP p4 single core, 2gigs of ram, and 2x 100mbit cards, running my 35meg cable just fine.

I wont say what Im doing, but I am for sure bandwith hungry.
Click to expand...

PFSense is not a hardware hog, it'll go great for most users on an old Pentium II with 128 megs of RAM.

But the OP wants to put some exceptional demands on his....heavy torrenting, and a few IPSec tunnels.

I'd go with a dual core Atom minimum, or an i3, and Intel NICs. realtecs are...yuck! Fine for most users, but push them...and you'll see how a more software based NICs pales in performance to a good hardware based NIC.
 
YeOldeStonecat said:
PFSense is not a hardware hog, it'll go great for most users on an old Pentium II with 128 megs of RAM.

But the OP wants to put some exceptional demands on his....heavy torrenting, and a few IPSec tunnels.

I'd go with a dual core Atom minimum, or an i3, and Intel NICs. realtecs are...yuck! Fine for most users, but push them...and you'll see how a more software based NICs pales in performance to a good hardware based NIC.
Click to expand...

I am not a real heavy torrent user, maybe 5GB a day at most.

Would this configuration work? I will also throw in a Intel dual port nic that I have.

KaVze.jpg
 
Go look at the hardware requirements there buddy on untangle.

Untangle:
1-50 PCs P4 1 GB 80 GB 2+ NICs

Vs

Pfsense
10-20 Mbps - No less than 266 MHz CPU
21-50 Mbps - No less than 500 MHz CPU
51-200 Mbps - No less than 1.0 GHz CPU
201-500 Mbps - server class hardware with PCI-X or PCI-e network adapters, or newer desktop hardware with PCI-e network adapters. No less than 2.0 GHz CPU.
501+ Mbps - server class hardware with PCI-X or PCI-e network adapters. No less than 3.0 GHz CPU.

Now you tell me if untangle isnt a hardware hog.

dashpuppy said:
prove it! I call your bluff..
Click to expand...
 
timreichhart said:
Go look at the hardware requirements there buddy on untangle.

Untangle:
1-50 PCs P4 1 GB 80 GB 2+ NICs

Vs

Pfsense
10-20 Mbps - No less than 266 MHz CPU
21-50 Mbps - No less than 500 MHz CPU
51-200 Mbps - No less than 1.0 GHz CPU
201-500 Mbps - server class hardware with PCI-X or PCI-e network adapters, or newer desktop hardware with PCI-e network adapters. No less than 2.0 GHz CPU.
501+ Mbps - server class hardware with PCI-X or PCI-e network adapters. No less than 3.0 GHz CPU.

Now you tell me if untangle isnt a hardware hog.
Click to expand...

who the hell is going to run a p4 or a PIII, think about it... Untangle will run on a i3 or a atom single or dual core.
 
JohnYYC said:
I am not a real heavy torrent user, maybe 5GB a day at most.

Would this configuration work? I will also throw in a Intel dual port nic that I have.

KaVze.jpg
Click to expand...

Uhh no thats a 775 CPU and a 1155 Socket case/motherboard. Get one one the new Celeron Sandy Bridge CPUs, just not the 440. It has no EIST if I remember correctly.
 
dashpuppy said:
prove it! I call your bluff..
Click to expand...

What do you want me to do to prove it? I've used both and pfSense uses a lot less CPU than Untangle. Torrenting at 50Mb I can get up to 80% CPU use on two 2.66GHz X3400 cores with Untangle. I didn't get near that with pfSense, but pfSense does a lot less.
 
Odd, my Astaro box doesn't break 25% CPU for my 35/35 FIOS, and that is with constant torrents and 350-400GB/mo of transfers overall, even with A/V enabled.

This is on a D510 Atom.
 
rekd0514 said:
Uhh no thats a 775 CPU and a 1155 Socket case/motherboard. Get one one the new Celeron Sandy Bridge CPUs, just not the 440. It has no EIST if I remember correctly.
Click to expand...

I wasn't paying attention. Got that all fixed now. So this should all be good now if I am not mistaken?

0CYle.jpg
 
switch back to the original Shuttle SH61R4 and you are good. You will also need a HDD/SSD/CF card as well.
 
rekd0514 said:
switch back to the original Shuttle SH61R4 and you are good. You will also need a HDD/SSD/CF card as well.
Click to expand...

Switched back to the SH61R4. I have a 80GB notebook hard drive that I will use.

I will get this all ordered.

Thanks for all your help [H]ard|Forum. You guys rock!
 
Not to hijack the thread but I have a very similar build in mind.

Once I finish my new PC I'll have a spare Q6600 and four 1GB RAM sticks.
I also have a 40GB SATA II SSD and a dual Intel NIC PCIe card.
Would tossing these into a Shuttle SG41J4 make for a good Untangle/Pfsense box?

I would use 2 of my RAM sticks and disable the onboard LAN.

I would run AV/Firewall/NAT Router but no QOS.
Rarely ever run uTorrent, but I do stream Netflix.
I'm the only user with an occasional guest.
I also access my ReadyNAS Pro via ReadyNAS Remote when traveling.

Finally, 2GB of (800) RAM good or should I use more?
 
MinPins said:
Not to hijack the thread but I have a very similar build in mind.

Once I finish my new PC I'll have a spare Q6600 and four 1GB RAM sticks.
I also have a 40GB SATA II SSD and a dual Intel NIC PCIe card.
Would tossing these into a Shuttle SG41J4 make for a good Untangle/Pfsense box?

I would use 2 of my RAM sticks and disable the onboard LAN.

I would run AV/Firewall/NAT Router but no QOS.
Rarely ever run uTorrent, but I do stream Netflix.
I'm the only user with an occasional guest.
I also access my ReadyNAS Pro via ReadyNAS Remote when traveling.

Finally, 2GB of (800) RAM good or should I use more?
Click to expand...

The q6600 is way overkill, but it will work fine for pfsense. The Shuttle has a PCIe and PCI slot, so you should be good there as well. The 2GB of memory is plenty unless you do crazy addons and such with pfsense. That Shuttle takes DDR3 though, so DDR2 800 won't work.
 
adi said:
Odd, my Astaro box doesn't break 25% CPU for my 35/35 FIOS, and that is with constant torrents and 350-400GB/mo of transfers overall, even with A/V enabled.

This is on a D510 Atom.
Click to expand...

D510 is quicker than a N270 but how are you measuring CPU usage?
I push 500-750GB a month.
 
OP should go with an i3 system. I've said before when these threads come up that the power difference between an atom system and an i3 system at idle is bascially nil. But with the i3 you have that added power when needed.
 
Chibo said:
D510 is quicker than a N270 but how are you measuring CPU usage?
I push 500-750GB a month.
Click to expand...

Astaro has hardware graph for CPU, memory, network usage, etc. When it starts up from a cold boot it will be above 50% for about 10 seconds, then it settles below 20% for the majority of the time.

Spikes above 25% are reboots:


This is from August when I moved to new apartment, all on 35/35 FIOS, single user.

It looks like the N270 is single core, a dual core atom should handle a somewhat heavy home workload just fine, although newer i3/i5 have better performance and still very low power usage.
 
jadams said:
OP should go with an i3 system. I've said before when these threads come up that the power difference between an atom system and an i3 system at idle is bascially nil. But with the i3 you have that added power when needed.
Click to expand...

Agreed, except now there are Celeron and Pentium Sandy Bridge options that are better if you are looking at keeping cost as low as possible. They have most of the power of an i3, at half the cost, lower power usage, and will get the job done easily for WHS/pfsense/etc. IMO they are what you should be looking at unless you plan to re-purpose someday, but by then something more powerful and efficient will likely be out. :)
 
adi said:
Astaro has hardware graph for CPU, memory, network usage, etc. When it starts up from a cold boot it will be above 50% for about 10 seconds, then it settles below 20% for the majority of the time.

Spikes above 25% are reboots:


This is from August when I moved to new apartment, all on 35/35 FIOS, single user.
Click to expand...

That's CPU usage averaged across days, post a graph from a daily report with some decent transfers going - I'd imagine it sits much higher than 25% with a decent transfer going.
Peg out the CPU for an hour and have it mostly idle the rest of the day will have it looking like the load is incredibly low at that scale.

This is what 25mbit looks like on pfSense. ntop is the real culprit cpu usage wise - this is unencrypted usenet though, so not too taxing on it.
A4k36.png
 
Last edited:
Chibo said:
That's CPU usage averaged across days, post a graph from a daily report with some decent transfers going - I'd imagine it sits much higher than 25% with a decent transfer going.
Peg out the CPU for an hour and have it mostly idle the rest of the day will have it looking like the load is incredibly low at that scale.

This is what 25mbit looks like on pfSense. ntop is the real culprit cpu usage wise - this is unencrypted usenet though, so not too taxing on it.
Click to expand...

Top shows load average never going above .5 while one machine is doing torrents and another is downloading over http at 4.2MB/s and doing speedtest over and over (with A/V enabled for http).

Pretty graph for daily shows a peak of 23% during all of this. For me a dual core D510 handles it just fine, but to be honest if I had to replace it I would be getting an i3/i5 for if I ever wanted to use it for anything other than firewall/router duty.
 
timreichhart said:
Pfsense
10-20 Mbps - No less than 266 MHz CPU
21-50 Mbps - No less than 500 MHz CPU
51-200 Mbps - No less than 1.0 GHz CPU
201-500 Mbps - server class hardware with PCI-X or PCI-e network adapters, or newer desktop hardware with PCI-e network adapters. No less than 2.0 GHz CPU.
501+ Mbps - server class hardware with PCI-X or PCI-e network adapters. No less than 3.0 GHz CPU.
Click to expand...

FYI these specs are not accurate from my experiance. I had a pfsense v1.2.3 (?) on a P2 450 I think with 512meg of ram. Ran like a top for years on my Comcast cable line. Passive heat sink CPU, quiet box.

...8 meg or so down, 512k upload line...

Starting doing a lot of IPSEC traffic for server replications and the box would cap out at my lines 8 meg down. CPU @ 70% or so, working but not slammed. Was having problems with the quality spiking up for no reason. IPSEC tunnel would tear itself about after ~ 6-8 hours @ 8 Mbps, came to find out the CPU was throttling itself from the heat screwing everything up.

Ok, got a P4 Celeron D 3.0 w/ 2 GB RAM lying here with a fan on the CPU lets light that up w/ pfsense 2.0.

25+ meg down and 2.5-3.0 meg upload, IPSEC ~ 11 meg/sec (source network max).

WTF. Feel like a freaking idiot sitting behind my own bottleneck for years. :rolleyes:
 
timreichhart said:
Now you tell me if untangle isnt a hardware hog.
Click to expand...

Untangle is a UTM...by design UTMs need high horsepower. To sit there and company a UTM against PFSense...as far as hardware comparisons, is ignorant.

"Hey, my Ford F-350 duallie is not as fast as his Suzuki Hayabusa! "
 
YeOldeStonecat said:
Untangle is a UTM...by design UTMs need high horsepower. To sit there and company a UTM against PFSense...as far as hardware comparisons, is ignorant.

"Hey, my Ford F-350 duallie is not as fast as his Suzuki Hayabusa! "
Click to expand...

No one is arguing that..we're just saying that if you run Untangle expect to need more hardware.
 
I ran monowall on a 1ghz P3 with 512 of pc133 for a long time. Currently I am running pfsense on an athlon 850mhz with 1gb of pc133.

Works good for me *shrugs*
 
For those worried about power if you have an even beefier CPU check out powerD. Someone mentioned it in a thread I was in before. My current C2D 2.4Ghz runs at a cool 300mhz most of the time.

Think its about time to bump the 2.0 Appreciation Thread.
 
Got all the parts earlier this week and got around to assembling them last night. Tonight I'm going to buy an adapter so I can mount my 2.5 hard drive in the 3.5 bay.

0TM1s.jpg

iz0U0.jpg

4LWAO.jpg

51N2w.jpg

EPqGX.jpg
 
Last edited:
You must log in or register to reply here.
Back
Top