PFSense Router hardware Selection

I’ve been wanting to do a PFsense built for a while but I’m caught in a hardware dilemma. A custom home build is listed below

  1. I currently have a LGA1155 i3 (Ivy) matx set up in an old mid-tower
    in my garage.
  2. I would like to downsize the whole box by purchasing an itx
    mobo
    and reusing the CPU & Ram. (deleted)
  3. To eliminate the power supply, can it use a DC adapter? (Solution Linked)
  4. Purchase a Intel Dual Nic (Solution Linked)
  5. SSD has been swapped for standard drive do to forum post here

The other option would be to get a Netgate (Alix) box. Less fun, less power, less expansion, and more expensive. (Abandoned)

K

FYI - Here is a list of supported Wireless Cards

*Decisions and solutions have been updated in this POST. For the full discussion, see below. I will post final hardware and pics once project is completed and running.

When it comes to PFSense, you are going to use more power than a SOHO router unless you miraculously find a way to use a Raspberry pi. Understand that most routers are very weak. Even the top end routers like an Airport Extreme use mobile processors. So even if you get a late XP or Early Vista machine, your router will be powerful enough to run most offices. Lowering the performance of your PFSense box will not make that big of an impact.

If you want to use DC you can use something like this

http://www.ebay.com.au/itm/DC-12V-200W-Pico-ATX-switch-PSU-Car-Auto-24pin-MINI-ITX-ATX-High-Power-Supply-/331244720672?pt=LH_DefaultDomain_15&hash=item4d1fb95220

Just be sure it has enough power for what hardware you're running

1 Like

1037U CPU is one of the lowest power / highest single core performing CPU's (it has 2 CPU's).

$139 for a prebuilt

$209 for one with cheap parts installed

If you want to build your own firewall with solid parts (sans wireless) $284:
MB w/CPU built-in
Morex 557 chassis
PSU
Mem
Drive

Nice thread of options

Depending on what your goal is, you may actually want Sophos UTM or Untangle instead (both free).

@Lord_Baldur - thanks for the info. Food for thought. I am thinking of going over the top with this build. Core2duos are hare to fin on ebay these days.

@dwn - thanks for the hardware list. The majority of those items are "out of stock". I was going to post my current list of existing hardware and purchasing list.

Have:
CPU - I3-530
RAM - G.skill 2x2gb ddr3-1333 CL7-7-7-21 &/or Mushkin 2x4gb ddr3-1066 CL9-9-9-24 (which is preferred?)
Mobo - GA-H55M-S2H
750gb 2.5in HDD

Need:
DC Adapter
Intel Dual NIC - Don't know which one is good on ebay (about $50)

If you are looking for a dual NIC, this little fella should do you fine for the purposes of a home router: http://www.ebay.com/itm/INTEL-Dual-Port-Gigabit-Server-Adapter-8492MT-32-bit-PCI-1000M-Network-Card-NIC-/201218198950?pt=LH_DefaultDomain_0&hash=item2ed98a0da6

There is also a pretty good sale on it right now, only $25 US.

Is thePro/1000 series better? Is there anyway to determine the performance. There are several serials but no real way to know which is a low end other than market price.

Technically the Pro/1000 NICs are better, however they are designed to power servers, and to be honest you probably won't notice the difference if you shell out the cash for a Pro/1000 over the 8492MT.

Get an intel 1000 PT, you can get them for pretty much the same price on ebay and they're pci-e not pci. You probably won't even have a pci slot on an itx build anyway but either way, the total bandwidth on the pci bus (for all slots, not each) is about 1gbps. You may not notice a difference if the total bandwidth is less than 1gbps but considering that a good Intel dual port card can be had for $30 there's not much point getting an older pci card.

@Dexter_Kane - As linked above, my atx mobo is has the following.

1 x PCI Express 2.0 (PCIEX16)
1 x PCI Express 2.0 (PCIEX4)
2 x PCI slots

For CPU compatibility I have decided to stay with my matx board.

Is this card http://www.ebay.ca/itm/INTEL-EXPI9402PT-PRO-1000-Dual-Port-Server-Adapter-PCI-E-Network-Card-82571EB-/271681857452?pt=LH_DefaultDomain_0&hash=item3f418027ac

any different than the one listed by @hvgopaqueshadow?

For some reason I thought you were doing an itx build. Either way unless you need the pci-e slot for something else you're better off with the PT adapter. The difference between that one and the other is that it's pci express and uses a different chipset, I know for a fact that the checksum offload works fine in pfsense with the 1000 PT cards, not sure about the other. I had a VT card which I had to disable offload on because it killed the bandwidth. But on any modern system you can disable offload without any noticeable performance impact anyway.

I would shy away from including wifi in a pfSense build for anything more than a small home. I haven't tried it myself but I've heard from several people that the AC wireless support is spotty, and it gives you less flexibility as to where you can put your AP. Just buy an Ubiquiti...or some other good brand...I think @Wendell said that you can find some of the Cisco ones on Ebay for pennies on the dollar. I personally have an Ubiquiti N AP (the most basic one, the one that's like $70) and it was well worth it. I know I could've gone for a better one, like the N AP Pro, but I don't need that much with only 3-4 devices at a time on there. I only bought it because of two reasons: 1-I can. 2-I was sick of consumer routers being complete turds to deal with. 3-wanted to have good compatibility with VLANs because I fiddle with stuff a lot on my pfSense machine and that's kind of a nifty thing to have.

TL;DR: Don't use a WiFi chip in your pfsense box if you can avoid it. Buy a "real" access point.

1 Like

@K4KFH, I totally agree. It wasn't my intention to use an on board wireless card. I was going to use my existing router as an AP then upgrade to Ubiquiti eventually.

Thanx K4KFH.

Yeah, using PFSense as the access point itself is god awful. I use a PFsense at home and I just have an old WRTG router acting as a WAP.

I think the biggest problem is the complexity. Solve that and I don't see the big deal.

If you have an N router with DD-WRT I think you'll be fine, but I had an obscure Linksys super crappy G router that should've been thrown out years ago :P I finally got sick of it and upgraded to UBNT