pfense box

J

jadams

2[H]4U
Joined
Mar 14, 2010
Messages
4,086
I have fios 15d/5u, and I run 2 game servers (COD4, CSS), a voice server for teamspeak & ventrillo, and have 2 websites, with 2 more to come in the next couple months.

I wanted something a little more suitable than you're normal linksys router at home.

So i gots tons of spare parts just lying around and was going to put together a pfsense box.

Not sure if im gonna use an old p3 system or an old celeron system yet.

I have a couple questions.

Could you guys recommend a case?
I REALLY like this case: http://www.newegg.com/Product/Product.aspx?Item=N82E16811119211 except as you can see it has no expansion card clots. I like it mostly because its mountable.

Also, what is the difference between the $10-$15 nic cards and the $50 ones? Is the one nic thats onboard on the motherboard adequate enough? Throughput on the router will never go over 20mbps

Any help is greatly appreciated. :cool:
 
PFSense doesn't need much horsepower....with default services. If you start cranking up stuff like Snort 'n ClamAV 'n privoxy and add-ons like that..you can start chewing up RAM. P3 with over 256 megs on default will do fine...I run w/512...barely ever goes over 35-40% memory usage.

Yes NICs can make a difference, you'll want better hardware controlled NICs, versus "Win-NICs".

I run my PFSense on smaller laptops, IBM/Lenovo Thinkpads work great, good solid well supported Intel motherboards, and Intel onboard NICs. Just slap in a PCMCIA NIC for a 2nd NIC..and you're all set. Small form factor, built in keyboard 'n monitor, built in battery backup, low noise, low electrical, hard to beat! And you can pickup older T20/T40/X40 series for cheap!
 
If i had a spare laptop that would be a great idea!

If i decide to go the p3 route i have tons of sdram sticks

I'll post back the two motherboards I'm considering using. Maybe I can get some insight into how well their on board nic's will perfrom. And maybe get a somewhat inexpensive pci nic recommended.
 
I run it off of 1.4Ghz P4 box with 512mb memory. Usage never peaks over 25%, really kind of overdid it but I had the box just sitting in the house and the two Intel Pro NICs from an old project. The box is a full-factor desktop and is huge, but completely silent and out of the way so not bad. The IBM Laptops are a great idea, and if I didn't already have this beast just sitting around without a purpose, I would have gone with one.
 
I would spend the money and go with the Intel Pro nic instead of the cheapest thing you can find. They are only $35 each and they are compatible with pretty much every OS out there (including FreeBSD, which pfsense is based on). The cheaper Realtek and Marvell cards will not give you the same performance and may cause you a lot of headaches with compatibility in non-windows systems.
 
+1 on the Intel NICs. Some of the cheapies are really flaky on FreeBSD/pfSense. You can try it if you like, it might work fine, but performance may suffer and there's a much better chance you'll have weird issues like network dropouts.

Otherwise a P3 box is more than fine for that traffic. 256MB RAM is fine as well.
 
Def go for some Intel PRO NICs, I used some cheapy 3 dollar NICs in my original pfSense box and man o man did I see a nice performance gain when I installed the Intel boys. I got 3xIntel PRO 10/100 NICs off eBay for like 30 bucks.
 
sc0tty8 said:
I'd go atom 330 with intel nics.
Click to expand...

I would too, but that would involve him buying new hardware when he has adequate hardware on hand already.

Jared, IMO I would just pickup a single Intel NIC and use the onboard for your second.
 
I3roknI3ottle said:
Def go for some Intel PRO NICs, I used some cheapy 3 dollar NICs in my original pfSense box and man o man did I see a nice performance gain when I installed the Intel boys. I got 3xIntel PRO 10/100 NICs off eBay for like 30 bucks.
Click to expand...

This is totally the way to go. You could even get a dual gigabit intel server grade nic off of ebay for $30 shipped. I have read the pfsense book, and for a multitude of reason's the developers recommend intel nic's for all installs. Success may very with other nics. Let's say my success varied on my first box made of spare parts.

I'm not saying I haven't gotten other non Intel nic cards working, only that some of them worked, some didn't, and some of them took a day or two of heavy traffic to show their true colors.
 
criccio said:
I would too, but that would involve him buying new hardware when he has adequate hardware on hand already.

Jared, IMO I would just pickup a single Intel NIC and use the onboard for your second.
Click to expand...

I guess I'm just confused because if the onboard nic is considered adequate enough when its not intel, why do these intel nics get such praise for this application? *edit* especially when considering the onboard nic could be from an old p3 or celeron system.

I don't wanna buy more parts if i dont have to, you've seen it, i have enough shit layin around here as it. :mad:
 
Alright. Do you have enough spare NIC's to make it work at all? If so, put it together and see how it runs. If you're satisfied, you're done. ;)
 
YES i have spare (non intel) nics, but if they suck i dont want to use them!

F' it... I'm just gonna use the spares I have and if performance sucks I'll buy intels.
 
Well..what are the NICs you currently have? Maybe they're not bad...there are other NICs which are still pretty good, and have good hardware controllers on them. You just want to stay away from the more...software driven NICs. Intels are generally considered tops...but..there are still other decent NICs.

Looking back at many of my various *nix router builds..I've had good luck with 3COM 90x series, DLink, Netgear, some Compaq Netelligent NICs (which are Intel ships underneath),
 
criccio said:
Alright. Do you have enough spare NIC's to make it work at all? If so, put it together and see how it runs. If you're satisfied, you're done. ;)
Click to expand...

+1

Only reason Intel's are pushed so much is because #1 they are a rock solid design and #2 the developers use Intel cards almost exclusively when developing and testing pfSense, which makes them the preferred choice for pfSense installs. Just throw in what you have and if it works, great, if it doesn't, get an Intel card and call it a day.
 
Actually you can see differences in performance..esp when you start cranking up QoS. As some others have echoed above...use an average NIC, PFSense runs OK...slap in a good NIC..and you're like "Holy crap..this kicks ass!" And then you get something that will run a few years straight without the need for a reboot.
 
Thanks for all the suggestions. I'm just going to go with what I have for now and if I need to upgrade then I will. This way I won't be buying anything I don't need unless I have to and I can finally start putting all this stuff around here t use. Maybe ill post back the results when I get this running
 
leagle said:
I would spend the money and go with the Intel Pro nic instead of the cheapest thing you can find. They are only $35 each and they are compatible with pretty much every OS out there (including FreeBSD, which pfsense is based on). The cheaper Realtek and Marvell cards will not give you the same performance and may cause you a lot of headaches with compatibility in non-windows systems.
Click to expand...


I second the Intel Pro/100 Nic, rock solid!!

I got about 30 Intel Pro/100 S (S indicated Server Edition ) nics off ebay for $15 they were only supposed ot send me 20 nics, but they gave 10 extra! :D I've only used the Server versions of the nics, but I can vouch for its reliability!


I overdid with my pfsense router, but it was a spare rig, with no other real use..

2.8GHz Intel Northwood Celeron
1GB PC2100 DDR
80GB HDD
3x Intel Pro/100 S Nics
 
I have had excellent experiences with:

fxp (Intel 100)
em (Intel 1000)
igb (Intel 1000)
vr (Via Rhine) - this is on the ALIX hardware and is also well supported on pfSense - and is a very good chip, but a bit rare on PCI cards
vx (3com 100) - Only used this chip on pfSense once (onboard on an old Dell), it works fine.

Mediocre experience with:

re (Realtek 1000 and new-gen 100) - seems to work okay mostly, under heavy traffic can get watchdog timeouts = dropouts, but for 20mbit they're probably okay. Much much better than the old ones.

Poor experiences:

sk (Marvell 1000) - sometimes weird dropouts - they'll stop accepting traffic to pfSense (but they route it fine still) until the interface is reset, but usually stable as long as you don't need to log into the box all the time
rl (Realtek 8139/8129 100) - these chips are beyond saving. The FreeBSD driver even says 'this may be the worst PCI NIC ever designed' or something similar. Add lots of hardware bugs and they're just a mess waiting to happen.
sis - Better than the Realtek, but I've had them just freeze up and require a reboot to start accepting traffic again

Those are the ones I have experience with. Now I just buy Intel 100s by the 10s at $3-5 a piece shipped from eBay and toss them in any new boxes I build for pfSense. They're rock solid, easy and cheap to get, and guarnateed to work well. Of the above chips, only the Intels and the 3coms are easy to predict what you're getting, the rest are random onboards or made by some other OEM who will never tell you what chip they use, without having to dig. If you've got a pile of NICs on hand, see if any of them fit into the better categories above, you can tell what they are by the interface name pfSense assigns.
 
jadams said:
YES i have spare (non intel) nics, but if they suck i dont want to use them!

F' it... I'm just gonna use the spares I have and if performance sucks I'll buy intels.
Click to expand...

that's the spirit!

I'd also recommend you pick up the pfSense book on amazon as it's a great read.
 
As an eBay Associate, HardForum may earn from qualifying purchases.
Any of those will work well (except the CNR one), all the Intel chips work great. If possible you should prefer the newer ones though. 82551 and 82550 should be preferred over 82559 (more offload features = slightly better performance); 82558 is the oldest I would recommend. They all work fine, but you get slightly better performance with the newer chips. If it's not specified, smaller chips are better. The big ones are 82558 and 82557, 82559 and newer use a much smaller BGA package. Since they're all about the same price, get the newer ones.

What I usually do is search for 'intel 100' and sort by price + shipping then find the cheapest 82550. If you're willing to buy from Asia, you can probably find Intel GigE cards for about the same price, even, and obviously those are preferred. Edit: here's one from Canada even for a good price: http://cgi.ebay.com/INTEL-GIGABIT-P...emQQptZLH_DefaultDomain_2?hash=item20b04ee7cd

PILA8460C3 mentioned uses 82550 and is Intel's newest SKU, it's a good choice.
 
As an eBay Associate, HardForum may earn from qualifying purchases.
thanks for that link keenan, I just picked up two of those intel pro gigabit nics for a upcoming project.
 
Just remember you won't get full GigE throughput out of multiple PCI NICs (or even full-duplex throughput) at the same time, since the PCI bus is barely faster than GigE in the first place, and it's shared between all devices.
 
Keenan you are a life saver. This is precisely the information I was looking for. $5-$6 bucks a piece for gauranteed nics that will perform well is a no brainer.

edit: didnt even realized I linked to a CNR slot nic. whoops!
 
It's better to get the Intel Gigabit NIC's and run them at 100Mb instead of the actual Intel Pro/100 NIC's. There is a bug in the latest pfSense 1.23 which recommends you turn off checksum offload. I consider it unacceptable that the developers won't fix it, but they apparently don't care.
 
Last edited:
You must log in or register to reply here.
Back
Top