Will this old Dell make an okay pfSense router?

I wanted to dive into setting up my own pfSense router to replace my current router appliance, and I am trying to decide if I should build a new box from scratch OR if I should reuse this old Dell Inspiron 3647 that I bought to have a Windows box (vs. my MacBook) but never really used much.

My use-case is for a home router in a one-person home with only a moderate media habit but I plan to build out a nice home lab to learn networking and development software with. (I am currently a professional programmer and have been for years, more recently a lot of DevOps, but now I am getting into system and networking admin too.)

The Dell has a Haswell 4th Gen Intel Core i5-4460S Processor with 8GB Dual Channel DDR3 1600MHz and was recently upgraded to a 90Gb OCZ Vertex 2 SATA II 3.5" SSD.

I assume from the research I should need to get a Intel 1Gb Ethernet adapter since I only have one 1Gb port on the Dell, and assume I should get two ports instead of one, just in case.

Researching it looks like an Intel I350-T2V2 would be a good match as it support PCIe v2.1 and the Dell has two slots; one PCI 2x16 and one PCI 2x1 slots. Does that logic sound solid?

Alternately, if I decide to buy a new(-to-me) components to build a router from ground up, what would be my additional benefits and for those benefits what should I consider getting? I would like to keep it lower power and very quiet. Price is not a big factor, as long as it is within reason.

Celeron, Penguin, Atom C3000, Core i3 or i5, Xeon, Athlon, Ryzen, something else? And what generations?

Any other things that are important to consider when selecting components?

Thank you in advance for your suggestions.

If it’s “free” it’ll do fine, the OCZ drive uses Sandforce controller which isn’t great but it’ll probably work for now at least. Anything that’s Intel or Broadcom (relatively recent) will do fine in most cases as far as network cards goes.

For learning purposes I would recommend go for a plain distro and learn how to do a basic setup with a DHCP, DNS (optional), NAT and a firewall be it FreeBSD or whatever you prefer. Later on you can also add IPv6 and other services. Your current box will do fine for that otherwise a RockPro64 and a dual port PCIe NIC will do just fine.

If you want to go for the plain OS install setup, I’d recommend that you decide beforehand what you want to use. In case of FreeBSD I’d recommend the following for a basic setup and you can go from there once you have it up and running.

OpenBSD's DHCP Server - dhcpd - https://www.freshports.org/net/dhcpd
DNS - blocky - https://www.freshports.org/dns/blocky
NAT/Firewall - pf - https://docs.freebsd.org/en/books/handbook/firewalls/#firewalls-pf
1 Like

Take this Dell and test… It will work as efficiently as the cpu is efficient. Whether it will be efficient enough for your needs, I don’t know, you’ll have to do some testing. If power consumption is also not a problem for you, then you can use this Dell.

Install pf and see if Dell meets your needs.

For testing, you can buy a cheap card with a single 1Gb port. It doesn’t have to be Intel immediately, it’s just important that there are drivers for the card in freebsd.

One thing I can emphasize is to have one box ready for daily work as a firewall(and others) in which you will not be constantly changing in order to learn/play. And the second box is purely for fun, where if something totally fails, you don’t care, you just nuk.

Tests on the target fw/router have this in common that if something goes wrong, you put your network down and suddenly you are kind of forced to solve the problem quickly.

Mental comfort is important!

You are doing something, experimenting with settings… something went wrong, for some reason you are not able to fix the problem quickly, you don’t have time, night is falling, you are tired and @#$%^, having a second production machine standing and running gives you the comfort that you can walk away from problem B and lie down and relax all the time using the internet and the next day go back to solving the problem calmly.

Doing everything on the production machine will always cause that sometimes you may be forced to solve the problem “already”, which can cause unnecessary stress and frustration and unnecessarily discourage further learning/testing.

3 Likes

Get more LAN ports in that Intel card that you plan to buy as 2 may be not enough (get the 4port version) for better network segmentation.

You may want to get a lower power device but if electricity cost isnt an issue, your Haswell chipset should be fine.

2 Likes

@diizzy — Thanks for the reply.

BTW, I was wanting to focus on getting the hardware aspects all lined up before thinking about the software. (Probably because I have lots of software experience but not much recent hardware experience.) #fwiw

1 Like

That sounds like some good advice.

Maybe then I just keep my Synology router and put it back in place is I break things while testing?

To use the Dell I will need to buy a network card. Don’t want to buy more than I need for it — IOW I don’t want to buy the X550-T2 unless I plan to not use the Dell, and don’t want to buy a card for the Dell I will end up not using. Which is why I was asking if the Dell would be workable. But if that can’t be discerned from the details above I guess I will have to make a decision on what to do next. I do not have to build a router, I just got interested in doing so because of watching so many people recommend doing so on YouTube.

(BTW, one of the things I really want to avoid is acquiring hardware I don’t end up using. I literally just last month took probably $50k worth of hardware at original cost to the recycler, and so I want to avoid accumulating more hardware that I will have to stress over getting rid of and lament the money “wasted.” #fwiw)

@regulareel — Thanks.

I was assuming I would segment with VLANs instead of physical networks. Or at least that has been my takeaway from watching numerous videos on the subject.

Do you think I need physical separation in addition to VLANs?

Sounds ok.

I always like a physical separation between the production equipment where I require everything to run 24/7 and the lab equipment where you do crazy experiments.

Yes, nowadays a lot can be achieved through virtualization, but it also depends on the person.

Even at home I follow this rule… I hate it if something goes wrong and I am forced to sit and fix it because otherwise nothing works. I like to have the comfort that I can always walk away from the problem and do a mental reset having the essential things running all the time.
Even more important when we have a more complex network. Sometimes even downloading a stupid driver when you cut off the internet can lead a person to @#$%^&*
:wink:
But that’s just my approach to make it more comfortable. I’ve been driving without grips in my life for a long time, but in old age I prefer calm comfort and less stress. :wink:
Similarly, you can say why do backups, become a risk taker and don’t do them because the probability of data loss is statistically quite low per person … Until you lose data then @#$%^&*
:slight_smile:

I see.

This Dell will be ok for PF if it’s mainly a firewall for a small home network. Unless you plan to have a 10G WAN there. :wink:
How many eth ports do you really need? Two in total, one per network card… Does it make sense to buy a card with more if this box is to be just a simple firewall hmm, only if the price difference is extremely minimal.

You can try to install PF even without the second card though I don’t remember if pf will finish the install without enough interfaces but you can try.

imho, not unless you want to. :wink:

If you don’t want to spend $ and complicate your life, then vlans is enough to start with.
Physically separating the network is kind of old school… You’d rather have a good reason for it or be a little crazy. :wink:

2 Likes

Not hardly. My connection — which is provided for “free” by our condo HOA, after paying the HOA fee, of course — is at best 1G and I don’t see an upgrade in the near future.

I am finding new 2 port cards on eBay for ~$45, but new 4 port cards are at least ~$100. Used cards are less but for that amount I’d rather buy new. OTOH, I don’t want to pay for something I don’t really need.

So I think I’m going to pull the trigger on 2 ports. I can always add another 2 port card if I really need it.

(BTW, to clarify my apparent contradiction, me worrying about cost but previously saying cost is not significant, I would be okay to spend a lot more for current hardware but I hate to spend any more than I have to for ~7 year old hardware. But if I don’t really need current hardware then getting a $45 card is probably worth it to recycle the old stuff.)

Intel is not cheap… no matter what we choose i350, i354, i210, i211, 82574L.

I just have doubts whether it makes sense to spend such a sum of money for the needs of a home firewall… :confused:

I think you need a managed L3 or L4 switch to do proper VLANs. I tried doing it with just an OpenWRT wifi router combi but it doesnt seem to work or I didnt have enough knowledge beforehand to do it.

You can do physical segmentation to make things simpler and if your network setup is likewise simple enough.

Vlan for a poor man as some say… :wink:

Making vlans on such a machine will be stress for the cpu, and the user should remember that each vlan must be represented by a separate physical port on the pf side if we do not have a managed switch.
So if we have 5 PCs connected to a stupid switch and this switch to the PF port, the whole segment can only be as one vlan, we do not divide it into 5 vlans.

In this case, we create a PF-based switch with many ports, which in itself is strange and we will unnecessarily do high-layer switching through the cpu. Which will affect even lan-lan transfers quite quickly.

Rather, it makes more sense to have two ports in PF, physical cards or vNICs and a managed switch with vlans.
Then PF will only serve us for the final traffic per vlan-WAN and lan-lan between vlans we do on the switch.

Some soho routers where the switch is separate from the WAN can probably do the switching and handling of the vlans in the correct way. Or not, I am not up to date with the offers on the market.

:exploding_head:

2 Likes

You need a managed (or “plus”, or “smart”) L2 switch for VLANs. You have to be able to login to the switch and tell it you want port 5 assigned to VLAN 17, port 3 assigned to VLAN 12, etc. Cheap home WiFi routers just have two wired ethernet ports, with one port wired up to a 4-port dumb switch, which doesn’t provide any way to assign the switch ports to different VLANs.

2 Likes

Amazon offers a cheap VLAN capable switch for $26 now

Seems good enough for home use and play. Works for me, at least :slight_smile:

1 Like

I ordered a couple Microtik managed switches to do the VLANs — one with lots of 24 x 1Gb ports and 2 x 10Gb ports, and one with 8 x 10Gb SPF+ posts — so I was not planning to do VLANs in the router.

THAT SAID, although I am a professional software developer for years but am a complete n00b when it comes to networking and homelabbing. so any advice regarding VLANs, a router and the switches will be much appreciated.

Also, I was planning to use this box because it would be a way to use it rather than discard it. But it I really need more HP then I’ve got no probably buying a better box.

1 Like

That’s a great price.

I ordered one of these though, I wanted to be able to play with a CLI:

1 Like

Recently bought the exact same thing but I havent set it up yet because we are still not 100% unpacked somehow and I am tired after work.

Do share your experience.

1 Like

It will be a few weeks at least before I can actually upgrade, but I will try to remember to share my experience. I’m moving from a 16 port unmanaged Netgear switch, #fwiw

This topic was automatically closed 273 days after the last reply. New replies are no longer allowed.