Ubiquiti makes a great product. As far as switches grab a netgear for <12 ports HP for 16 or more ports. HPs come with lifetime warranties too.
Anything above a pentium 4 is enough for a PFSense box. What you need to look at is the size of your network, not your box. If you had a P4 but 70 clients, its an obvious no. P4 and a few, 2 or 3, then sure. If you're talking about the average household of 2 or 3 and 10-15 devices aim for a core 2 duo.
1 Like
short answer: yes
long answer: yes. You'd have to be routing over a gigabit and doing OpenVPN with many connections to even approach the max of your CPU. My CPU is essentially a a quadcore version of yours, and as you can see, almost no CPU use. Additionally I have very little memory usage too. What you have is perfectly fine, and maybe even a little better than my pfSense system because you have a higher clock speed than I do.
I have 3 WAN connections, 4 LAN connections, OpenVPN. Also, I'm doing everything through 1 NIC, with VLANs. (Router on a stick)
Also, I tried Squid and it did squat didly for me. Don't bother.
Here is a screenshot from my pfSense router.
2 Likes
Interesting, are there any downsides in doing it this way? I have a computer with just a single NIC that I would like to use for a pfSense firewall and I'm thinking of doing it with VLANs as well. My only concern is what happens if, say a computer from one VLAN speaks to another computer from a different VLAN, but at the same time you're utilizing your single NIC on your pfSense router to download something from the internet. Does that limit your speed somehow? I assume if there is no inter vlan routing involved(on the lan side), the router will not be used, because there is no routing to do here, in this case the switch knows what to do so my pfSense NIC won't be used. I may be wrong, but I will appreciate it if someone helps me find out if my analogy is correct.
Yeah, traffic on the same network will just go through the switch and won't touch the router. But if you're sending a large file between machines on different VLANs it will impact your speed as there is a bottleneck on the single physical interface.
3 Likes
I see, well it will be a very small network so I don't think I will even need VLANs, I was planning to perhaps put a Ubiquiti AP on a separate VLAN. My ISP's modem comes with three separate VLANs for Internet, IPTV and VoIP, my idea is to put the Internet interface on it in bridge mode so I can have a VLAN on my switch for my WAN connection and another VLAN for my own network and let pfSense do the inter vlan routing.
Yeah that will work fine, I do something similar on my network to limit the number of cables I need to run around the house. Just as long as you're using a managed switch
Also, you need a switch that is VLAN capable. In our environment, we have a wireless and guest wired network, printer netowrk, and production network. We don't do that much inter-LAN routing, except to the printer network, and the printers are all 100Mbps anyway. Our main WAN is 20/200Mbps, and our 2 backup WANs are 768Kbps/7.5Mbps. Basically inter-LAN routing takes double the bandwidth, because data comes in from the switch, is routed on the router, and goes right back out the same interface. But since the bandwidth is usually unidirectional, it doesn't end up being much of a bottleneck.
Maybe @Dexter_Kane can comment, but if you have a Layer3 switch, I don't think that data has to go all the way to the router and come back out - the switch will do the routing. My switch is actually Layer3 (Cisco SG300-52) but I've never setup the routing on it.
2 Likes
Slight change of plans regarding the machine, instead of the Dell Optiplex 380, i think i'll be using a Lenovo ThinkCentre M58p (type 6234), reason being the original owner wanted the machine back, but no worries, i can get a different machine just as easily.
If all else fails, i have a spare i5 3470 and i just need to get the mobo for it.
Now that i'm thinking about it, wouldn't it be a better idea if i just made a machine with the i5 instead?
It works, i have RAM, i got a OEM Delta PSU and a CM Elite 110 case that i could pick up as well.
Maybe overkill, but i would have a router for several years...
Sure, that would work. I would try to get something less power hungry but in general, yeah.
I mean, I'm probably the wrong guy to suggest you stick to more reasonable hardware after this.
1 Like
I haven't really done much with layer 3 switches but for routing traffic between different VLANs or subnets using a layer 3 switch to the the routing should be much faster, the same sort of speed you would normally get from a switched network as there's no bottle neck to the router. However if you need to firewall between networks then I'm not sure layer 3 switches do that. In that case it would be more useful in a situation where you've segmented the network to reduce broadcast overhead rather than restricting access between different networks.
I got the word from the network card seller, he said it works, i'll pick it up right now!
I tracked a proper mobo for the i5 as well, an ASRock H61M-VG3, and a CPU cooler, the Arctic Freezer 11 LP.
Now i just need to get the case, i mentioned the CM Elite 110, but if i could get something just a little bit cheaper, it wouldn't be a bad idea.
And just to be sure, because i'm quite a newbie on the networking department, despite the entirely different hardware, the network card doesn't change, right?
Correct. That card is a safe bet regardless of the system you throw it in.
1 Like
