What's new

Router and firewall options

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Aty

Occasional Visitor
Hi,

After a discussion here last year it was suggested that splitting up my network would be a good idea.

I've started the process and have Ruckus R500's running unleashed connected to a TP 16 port switch with 8 ports normal and 8 Poe.

I'm on BT FTTC in the UK and have a 80 down and 20 up connection.

I'm tied to my BT contact for about another 18 months.

I've bought a Huawei HG612 3B modem do the only 2 prices of the puzzle missing currently I believe are the switch and firewall.

I'm hoping to eventually a a 1 Gigabit connection one day.

I'd like to start with being able to run 2 VPN's and ad blocking and possibly more later.

The system needs to support Pppoe.

With that in mind and not having tons of cash what would you recommend?

TIA
 
Maybe you can link to that original thread so there is some background for the ones that can help here? @Trip, @coxhaus? :)
 
HI,

I can't seem to find it, might have been another forum.

What more info would be required?

Thanks
 
All of it.

All you can supply. :)

A layout of your home. The location of the important network infrastructure. The devices you had, got rid of, and have/use now.

All of it.
 
Hi,

I'm happy with the Ruckus R500's connected to the TP Link Poe switch so there is nothing to add to that.

I'm.just looking for a switch and firewall to connect to my VDSL modem.

It has to be Gigabit and must be able to handle to VPN's and an ad blocker.
 
Ok.

So I bought a ubiquiti USG as they were on Amazon Germany for £64. Let's see how that goes
 
Ok.

So I bought a ubiquiti USG as they were on Amazon Germany for £64. Let's see how that goes

A USG was maybe not the best choice if you are looking forward. The throughput would not be sufficient to get the full benefit of a 1Gbps connection
 
A USG was maybe not the best choice if you are looking forward. The throughput would not be sufficient to get the full benefit of a 1Gbps connection
Thanks for replying.

I decided to go this route for now as my internet contract is another 18 months and my connection is 79 down and 20up.

This will deal with that and let me need what I want to do first.

Then when the time comes to upgrade I'll look at the options then.
 
Ok.

So the USG was not up to scratch.

Basically I thought the dashboard would bring up realtime monitoring of the traffic and it doesn't.

So its not my solution.

Back to searching.

What should i look for processor, memory and storage size for a machine that can run pfsense or something similar.

Other than normal firewall, routing, pppoe I want to be able to

see what's happening live to assess bottlenecks,
run a iperf3 server
Run an adblocker,
Run a couple of VPN's.
Headroom to do add other packages.

I want a low power solution.

I've seen a few used PC's, form factor isn't a major issue as it's not going in the living room.

The big question is speed of my internet. As stated before it's 79/20.

Probably jump in 18 months to more. Realistically 100-300 , I don't think I'd ever be able to get 1gig at an affordable price.

Thanks in advance as always
 
Honestly even a Dual/Quadcore C3XXX Intel Atom used box/Appliance would be fine to get you 1 Gbps. However if you start tacking on things like VPN, IDS/IPS and pfSense's PiHole equivalent known as pfBlockerNG with Top Level Domain Analysis running with many IPs and blocklists; with all that kind of stuff running I might look at a relatively low wattage Xeon D1518/21 / Quad Core i3 or AMD Ryzen / EPYC Embedded 3101/3151 to sustain high throughput.
 
Last edited:
Thanks.

I ordered a i5-4590t pc with 8gb ram and a intel pro 4 nic ethernet card on Tuesday and I'm waiting delivery.

I think that will do the job, if not it can be repurposed or returned.
 
Nice pick and its only 35 Watts so that's good. 8GB RAM should be more than enough and even 32GB storage might be more than good enough as it mostly runs in RAM once loaded has a small footprint, maybe more if you do tons of logging or some sort of caching maybe. Once you install pfSense go to advanced settings Miscellaneous page and enable "PowerD" that will allow pfSense to manage clocks and allow it to hit boost clocks when necessary, without it I believe Intel CPU's won't hit Turbo clocks. Additionally enable hardware and BSD crypto acceleration and temp sensor. (I have an AMD CPU so my temp sensor selection is different but there's only two options Intel/AMD there so it's self explanatory.)
 

Attachments

  • Screen Shot 2021-02-26 at 2.21.25 PM.png
    Screen Shot 2021-02-26 at 2.21.25 PM.png
    173 KB · Views: 118
Last edited:
  • Like
Reactions: Aty
Nice pick and its only 35 Watts so that's good. 8GB RAM should be more than enough and even 32GB storage might be more than good enough as it mostly runs in RAM once loaded has a small footprint, maybe more if you do tons of logging or some sort of caching maybe. Once you install pfSense go to advanced settings Miscellaneous page and enable "PowerD" that will allow pfSense to manage clocks and allow it to hit boost clocks when necessary, without it I believe Intel CPU's won't hit Turbo clocks. Additionally enable hardware and BSD crypto acceleration and temp sensor. (I have an AMD CPU so my temp sensor selection is different but there's only two options Intel/AMD there so it's self explanatory.)
Thanks.

Quick question since I'm on BT and I want to keep the install downtime to a minimum (family moaning "what are you doing to the network now!"), Can I setup the machine and configure the pppoe before I plug it into the modem ?
 
Yeah you can do that.
 
  • Like
Reactions: Aty
So my pc tuned up but it was a SFF one so I can't put an intel nic into it.

So I can see 2 options available locally to me, an i3-6100 or a i5-4460t.

So i3 is dual core 3.7ghz, 4 threads 51w tdp VS I5 quad core 1.9ghz, 4 threads 35w tdp

Which would be better performance wise running pfsense and by how much? I know sometimes threads don't really matter but clock does

Apparently cpu boss states only $4 per year difference in running cost, but I calculate £26 extra running it on all year.
 
For 1 Gigabit either would be fine, though pfSense is multi threaded, clocks would make a bigger difference, throughput wise. I mean the i5 can boost to 2.7 Ghz so it's not bad either. Assuming it can do all core 2.7 Ghz the i5 might be better if you do IDS/IPS, VPN, etc with its extra cores.
 
  • Like
Reactions: Aty
For 1 Gigabit either would be fine, though pfSense is multi threaded, clocks would make a bigger difference, throughput wise. I mean the i5 can boost to 2.7 Ghz so it's not bad either. Assuming it can do all core 2.7 Ghz the i5 might be better if you do IDS/IPS, VPN, etc with its extra cores.
Thanks avtella.

Just doing the electricity costs now.

I'm almost thinking buying a netgate/Pc engines Apu type device, although more initial cost, when you factor in the electricity costs over a 3-5 years works out cheaper.

I've much to think through now.
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top