How did you find ESXi on your hardware? I've tried it a couple of times.. Works great just running pfSense. I tried Untangle and pfSense, brought my d/l speed to 5-10mbit on a 50mbit pipe. Would had left ESXi on the box so i can try different FW OSs, but the built-in watchdog and ipmi sensors couldnt talk to pfSense. ipmi sensors worked in the esxi client but I couldnt get the watchdog to work.
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
pfSense Router Build
- Thread starter Cino
- Start date
How did you find ESXi on your hardware? I've tried it a couple of times.. Works great just running pfSense. I tried Untangle and pfSense, brought my d/l speed to 5-10mbit on a 50mbit pipe. Would had left ESXi on the box so i can try different FW OSs, but the built-in watchdog and ipmi sensors couldnt talk to pfSense. ipmi sensors worked in the esxi client but I couldnt get the watchdog to work.
Hehe, yup. I just photoshopped it a bit and printed it out on a label.
If you want a copy let me know. octoberasian
2[H]4U
- Joined
- Oct 13, 2007
- Messages
- 4,082
I'm considering on building a pfSense router myself and was thinking of using either one of these boards:
http://www.newegg.com/Product/Product.aspx?Item=N82E16813121513
... combined with:
http://www.newegg.com/Product/Product.aspx?Item=N82E16813182233
... combined with:
I need something more robust now since my Buffalo WHR-G54S router is showing its age. It's starting to drop connections now when stressed with too many concurrent connections using Tomato "Toastman" firmware. DD-WRT firmware kept dropping connections regardless if it was max 4096 or not.
http://www.newegg.com/Product/Product.aspx?Item=N82E16813121513
... combined with:
- Mini PCI-e Wireless NIC: http://www.newegg.com/Product/Product.aspx?Item=N82E16833106061
- Intel Dual Gigabit NIC PCI-e x4: http://www.newegg.com/Product/Product.aspx?Item=N82E16833106015
Curious though: Where do you get internal antennas for a mini-PCIe card for the desktop? Google fails me at the moment.
Or get this:
http://www.newegg.com/Product/Product.aspx?Item=N82E16813182233
... combined with:
- PCI-e Wireless NIC: http://www.newegg.com/Product/Product.aspx?Item=N82E16833320048
- Gigabit Switch: http://www.newegg.com/Product/Product.aspx?Item=N82E16833156251 (Maybe someone can suggest better.)
I need something more robust now since my Buffalo WHR-G54S router is showing its age. It's starting to drop connections now when stressed with too many concurrent connections using Tomato "Toastman" firmware. DD-WRT firmware kept dropping connections regardless if it was max 4096 or not.
YeOldeStonecat
[H]F Junkie
- Joined
- Jul 19, 2004
- Messages
- 11,330
I only ran one distro at a time..and they ran fine.
VSphere client ran a tad slow, but that's to be expected...between the Atom, and the 5,900rpm hard drive...it wasn't built for speed, but was built for low power consumption and quietness. The Atom drives PFSense fast enough, she'll do over 200 megs throughput on the Atom.
Red Squirrel
[H]F Junkie
- Joined
- Nov 29, 2009
- Messages
- 9,211
I've been debating on building a pfsense box myself, I have one, it's an old Dell PE 1650 with a SCSI drive. Once that drive goes, I'm kinda screwed. I don't want to spend 200 bucks for a 20 gig drive. Not to mention I could build something quieter (that one sounds like a jet engine) and that uses less power. then I can ebay the server.
I've been debating on building a pfsense box myself, I have one, it's an old Dell PE 1650 with a SCSI drive. Once that drive goes, I'm kinda screwed. I don't want to spend 200 bucks for a 20 gig drive. Not to mention I could build something quieter (that one sounds like a jet engine) and that uses less power. then I can ebay the server.
Good lord! That's like trynig to save gas by driving a Abrams Tank. Don't you have a cheeseball desktop lying around? You really don't need any real power for home use. Hell, I've got mine running on a P3 and it maxes out my Cable service without a hiccup.
That's the same experience I had with ESXi.. Mine isn't that quiet because of the case i'm using... still trying to fine the quietest 40mm by 20mm fan... my temps were running around 60c put i cut the vents and put a grill in, temps down to 53c now.
All supported cards are listed here http://www.freebsd.org/releases/8.1R/hardware.html
since pfSense runs on FreeBSD 8.1, its what is supported by FreeBSD 8.1. After you see that card is supported, you can ask questions on the forum for feedback before purchasing
http://forum.pfsense.org/index.php/board,35.0.html
YeOldeStonecat
[H]F Junkie
- Joined
- Jul 19, 2004
- Messages
- 11,330
The SuperMicro chassis I got..the only fan is the power supply exhaust fan. No other fans in the chassis, and it's passive heat sinks on the motherboard/Atom.
Additionally, the hard drive I selected...designed for applications such as use in a DVR..5,900rpm, low noise, low heat....so it doesn't heat up the chassis as much as a 7,200rpm drive. Although SSD would be even more ideal..but may kill the budget. You don't really need performance for a router distro...really only benefits bootup performance..and ideally how often are you rebooting it? Hopefully barely once a year..at the most.
Soon as summer is over I'll probably pave the drive and put Untangle back on. Didn't intended on keeping PFSense running on it forever.
NO WAY!! Really ? To bad it doesn't support vlans
or id be still all over it...YeOldeStonecat
[H]F Junkie
- Joined
- Jul 19, 2004
- Messages
- 11,330
NO WAY!! Really ? To bad it doesn't support vlans
It does the way I do them...via port based VLANs done on the switch. Keep the separation done at the switch. But I have zero need for that at home...although I could easily do that by using the managed switch built in my RV082 (which I use as my backup/standby router)
i'm running a 5400rpm HD..... I really can't say I have a heat issue yet since its within specs for the MB.. The HD doesn't produce alot of heat, I think its because I have a dual-port nic right over the cpu heatsink... it doesn't help...
I reboot probably 4-5 times a week because of firmware updates, helping to find bugs in their latest code... when i was using 1.2.3, think i had year+ uptime on different hardware...
Red Squirrel
[H]F Junkie
- Joined
- Nov 29, 2009
- Messages
- 9,211
LOL I know. It's the lowest end rackmount box I got, think it's like a Pentium 3 in there (I can actually put another chip if I wanted to), and it hits maybe 10% usage at most.
.Before that SCSI drive goes I need to replace it. I'd probably go with one of those mini Atom boxes, and a low end SSD. Maybe later down the line when I have extra cash.
I need some help with pfsense and was hoping someone here might be able to assist. Installed pfsense 1.2.3 STABLE build. Running great. Setup was relatively easy though I'm likely to tweak as I become more familiar with the platform.
Anyway, I installed the snort package (not snort-old) from within the pfsense package. No issue. Generated an oink code. No issue. However when I go I to the UPDATE screen, clicking the update button does nothing whatsoever. As if it doesnt acknowledge me clicking it. I've confirmed the snort service is running. The update screen says: the main rules directory is empty. /usr/local/etc/snort/rules. All istalled signature rulesets say N/A beside them. Am annoyed by this and not sure what can resolve this? Sorry for posting here but couldn't find a fix on pfsense.org forums. Thanks in advance.
Anyway, I installed the snort package (not snort-old) from within the pfsense package. No issue. Generated an oink code. No issue. However when I go I to the UPDATE screen, clicking the update button does nothing whatsoever. As if it doesnt acknowledge me clicking it. I've confirmed the snort service is running. The update screen says: the main rules directory is empty. /usr/local/etc/snort/rules. All istalled signature rulesets say N/A beside them. Am annoyed by this and not sure what can resolve this? Sorry for posting here but couldn't find a fix on pfsense.org forums. Thanks in advance.
your best bet is to post on forum.pfsense.org under Packages or post a bug report at http://redmine.pfsense.org/projects/pfsense .. Include what you wrote here.. i can't help with 1.2.3 as I dont use that anymore.Snort has been broken for a while for 2.0 but it was somewhat fixed yesterday... There are still bugs with it but they are fixing them quickly as they are reported.
CyberJunk
Supreme [H]ardness
- Joined
- Nov 13, 2005
- Messages
- 4,242
nice case!! who makes the LCD? Wonder what driver would be used to run it on pfSense
EDIT: nevermind.. I see its a status lcd with set items...
CyberJunk
Supreme [H]ardness
- Joined
- Nov 13, 2005
- Messages
- 4,242
it doesn't require any drivers
it has a thermal monitor inside the case and the fan just plugs into the lcd headers thing
andit monitors the temp and fan speed.
it has a thermal monitor inside the case and the fan just plugs into the lcd headers thing
andit monitors the temp and fan speed.
RESTfulADI
2[H]4U
- Joined
- Feb 20, 2005
- Messages
- 2,218
Great thread, I recently set up a pfSense vm as my primary router and need to pimp it out. I tried getting Snort to work but I guess I need to set up SQL first. What the purpose of Squid for home/lab use?
I didn't see this on the Antec ISK 300-65 case. Are you referring to the I/O backboard, not the same as but similar to this: I/O Shield. I was thinking about an actual bracket to fasten the NIC board to.
As an eBay Associate, HardForum may earn from qualifying purchases.
There is a half-size expansion slot in the case. As for I/O Shield, the MB should come with one, not the case.
As an eBay Associate, HardForum may earn from qualifying purchases.
Since I have the same build as you, what have you been using?
2.1-DEVELOPMENT i386
you can get the latest here at http://snapshots.pfsense.org/
its stable but any update could break the system since it changes daily.
you can get the latest here at http://snapshots.pfsense.org/
its stable but any update could break the system since it changes daily.
What you're looking for is a u.fl antenna. They're all over ebay, just search "u.fl antenna" - you can usually find a pair of them for under $5. Tyco makes a decent one, if I recall correctly - I think they're what I used for a customer's ITX box a year or so ago.
Another option (one that will probably get you better signal reception) is getting a couple of u.fl pigtail adapters and using external antennas. It would take drilling a couple holes in your case for the external connector, but if I were to build a pfSense box with built-in wireless, this is the way I'd go. You can get a pair of pigtail adapters from ebay for about the same price, around $5. Just depends on your needs.
RESTfulADI
2[H]4U
- Joined
- Feb 20, 2005
- Messages
- 2,218
If you have an ESX host you should really try running it virtualized before buying anything, it runs just fine with minimal resources.
prestonrichmond
n00b
- Joined
- Oct 8, 2004
- Messages
- 53
Its not a typo, the Supermicro Atoms D510 all take DDR2, while there D525 take DDR3. Newegg doesnt sell the D525 Version of this board for some reason. I had to buy mine off fleabay, New of course.
But Newegg does sell the X7SPE-HF-D525 board. Difference being its a little bit longer, so wont fit in an mini-ITX case, but will fit in a Supermicro 1u case. also the -HF- in the model number just means it has the IPMI remote control, and just an -H- means it doesn't have the IPMI, and a little bit cheaper.
Personally have two Supermicro boards, and Love the IPMI feature.....Just a little tidbit....if your going to use pfSense 1.2.3 the Keyboard on the IPMI remote login wont work. so it will need a physical keyboard if your going that route. But pfSense 2.0 and up, the remote keyboard works fine.
I ran into the keyboard problem while installing mine. I also noticed the mouse pointer was offset.
IPMI is awesome. I have 3 Supermicro boards with it, 2 for my ESXi hosts and this pfsense box.
DisposableHero
2[H]4U
- Joined
- Aug 22, 2001
- Messages
- 2,766
i ran astaro then untangle and finally back to pfsense.. my ping with pfsense was at least 5ms lower and downloads seemed much quicker with my 100mb cable connection.. untangle is bloated as hell
YeOldeStonecat
[H]F Junkie
- Joined
- Jul 19, 2004
- Messages
- 11,330
Well, it's two TOTALLY different things.
Untangle is a UTM...a Unified Threat Management platform. Its primary purpose is security. It does TONS of things that PFSense doesn't...antivirus scanning, much heavier firewall duties, website filtering, lots of logging, anti malware scanning, very robust IDS, etc etc etc blah blah blah. There are a lot of virtual machines doing work at layer 7.
PFSense is lean and mean, built for speed. It doesn't (by default) do any UTM duties like Untangle or Astaro. It's pure lean and basic. Yeah..there are a couple of add-ons which you can install which sorta almost try to make it a UTM, and once you install those you'll notice it starts to slow down a bit too. Naturally..since you're asking it to do more things now, like scan traffic with Clam if you install the antivirus module. Common sense, eh?
I agree with your statements for the most part but i dont agree with 'heavier firewall duties'. What do you mean by that? pfSense is a pure router/firewall that's it core where it makes its bread and money.
I've found untangle to offer great logging but pfSense does better at real-time reporting and if you configure it correctly, its Traffic Shaper(QOS) is out of this world..
pfSense takes all the functions of FreeBSD and puts it in a nice GUI for end users to configure... Not much is added to pfSense outside the core FreeBSD distro.
I've been finding more and more post about users installing pfSense as their edge router/fw and connecting unTangle to it to use as UTM...
pfSense does have squid, snort, anti-virus; to make it a UTM but it does slow it down some, but not to much compare to unTangle (unless your have high horsepower.) If you need a UTM, I feel it should be a separate box then your fw/router and only put IDS on your router/fw if it can support it. But that's my opinion.
Hey Preston, trying to find parts for a pfSense build similar to OP. You know if the superMicro 502L-200B chassis will accept either the Dual port Intel NIC EXPI9402PT or the Quad port NIC EXPI9404PT? I am getting conflicting answers on the question.
I have a dual 2x2.5" hard drive bay that I am going to replace with a shorter 1x2.5" hard drive bay so hopefully an expansion NIC will fit.
As an eBay Associate, HardForum may earn from qualifying purchases.
YeOldeStonecat
[H]F Junkie
- Joined
- Jul 19, 2004
- Messages
- 11,330
By heavier firewall duties, I mean that Untangle has all of those UTM modules. PFSense by default is really just doing NAT/PAT. I love PFSense...don't get me wrong, I've been a fan of it since pretty much its first version, and I've pimped it in a lot of forums, and pushed it so hard over at smallnetbuilders forums that their tech guys finally did some reviews and articles on it and have been pushing it. I've put it in production at some clients of mine. I often run it at home at least once a year. For home networks and for those into high loads that want Ferrari like performance...nothing can beat PFSense.
Trying to avoid an Untangle vs PFSense thread, but the facts are they are two totally different things. Untangles bandwidth control module can blow the doors off of PFSenses, it's AV and antispyware modules are far better than just plain clam, it's IDS is properly configured (I wager 99% of people that install snort into pfsense just install it and walk away thinking it's running, they never turn it on or go configure it). Just those 2 components...to me does not quality it as a full and proper UTM..just a "trying to almost be one". And...squid...I have no desire for proxy.
And I agree, in larger organizations, separate the UTM appliance from the edge router. But in SMB having all in one is fine.
Agreed!
and i dont want to be a Untangle vs pfSense thread either, there are already toooo many.I'll have to try unTangle bandwidth control again... It took me while but mine of pfSense is rock solid.. It did take hours of tweaking and it does need better documentation tho. One feature that was missing which is working in 2.0, is Layer 7.. Works pretty good for traffic shapping and for blocking traffic. But of course don't expect Layer 7 to capture all of your bitTorrent traffic since its hard to match the signature these days
I visit SMB on and off, love the write ups... Glad you pushed for him to write articles on pfSense.
Last edited:
prestonrichmond
n00b
- Joined
- Oct 8, 2004
- Messages
- 53
I actually dont have that case, I have the 503-200B which almost looks the same except it has the ports in the front. But I read somewhere when I was doing research before buying mine, and looking at it, that if you had a 3.5 Hard Drive, or the dual 2x2.5 adaptor that you could fit a half height pcie card in there, or if you had the 1x2.5 adaptor you could a full height pcie card. Page 5-6 on the 502L-200B manual shows a full height card can fit.
So I'd say a Full Height card would work with the 1x2.5. But I dont have any pcie cards in mine, so I cant be 100% sure.
As an eBay Associate, HardForum may earn from qualifying purchases.
Hey preston, how did you know that the 525 takes DDR3? And what kind of RAM sticks you recommend for the 525? I might have to upgrade from X7SPA.
prestonrichmond
n00b
- Joined
- Oct 8, 2004
- Messages
- 53
Its on the Supermicro site, as far as I know they only sell two versions of the D525, and two versions of the D510 Model numbers either X7SPA or the X7SPE, Difference between the two being one isnt exactly mini-ITX
Links to the Supermicor site with all there specs:
X7SPA-HF-D525
X7SPA-HF
X7SPE-HF-D525
X7SPE-HF
As far as ram goes, iv been told the Supermicros are very picky. but then again they are a server board, not ment for home users. But Iv read and stuck with crucial memory and it works pretty good. I have these, and there working good on my SPA-HF-D525. Though a tad overkill for pfSense, I bought it in-case in the future I want to move this server for different duties.
I have read some places that Kingston memory works good too on Supermicro boards. If you goto the supermicro pages theres a tested memory link, and micron is listed, and I believe they supply the chips for crucial. You can also goto the crucial site and the Supermicro boards are listed on there too.