pfSense, smoothwall or something else I haven't heard of yet?

crinkleshoes

crinkleshoes

crinkleshoes

Permabanned
Joined
9 Jun 2009
Posts
11,924
Location
London, McLaren or Radical
I'm building a standalone router/firewall for my new place and new connection and I'm wondering what to go with.

It will be based upon a little NUC thing I have sitting around not doing anything with:

Core i3 3217U
8GB DDR3
60GB Kingston PCIE SSD

I'll be using the onboard Intel NIC and there's a spare mini PCIE slot that did have a wireless card in. I've taken the wireless card out and will stick a mini PCIE ethernet card in it.

I'm going to stick it in a Streacom NC1 fanless case... so it will be fanless.

The only costs to do it are the Streacom case at £24 and the mini-PCIE ethernet card at £20... the other bits are laying around and not doing anything... so why not? Complete overkill on the specs, but I like doing things a touch OTT and the main hardware was free :)

I could have used the existing case, but it has the teeniest little laptop-like fan that makes a heck of a racket and it's going to be sitting in my home office, so silence is a must.

As long as I get a decent latency I'll be happy and some of the other features such as caching and on the fly anti-virus proxy look to be interesting.

My primary concern is latency, secondary is throughput... I want to max out the 500/50 connection and hopefully have room to spare for whenever the speeds are increased... of course I know I'm limited by the theoretical maximum of 1000/1000.

I have an Asus RT-N66U and Billion 7800 to try as well and will be going with whichever gives me the lowest latency.

Any other software I should consider?
Am I missing anything obvious?

The setup of both look relatively simple and I have built my own router from scratch about 8 years ago based on Ubuntu, as well as worked with Cisco kit and more so I don't think I'll struggle with any of the technical aspects.
 
I'm running pfSense on an old Lenovo M91p with a downgraded low power cpu (G640T) and it's plenty punchy. 30gb SSD boot drive and 4GB RAM. Handles 152mb Virgin no worries and latency is same/better than the Asus N55 it replaced. Haven't tried a VPN on it yet, but I can pull some numbers and latency details if you want.

Let me know what you're after and I'll see what I can do.
 
Steveocee said:
RouterOS? Yes I'm a mikrotik fan boi
Click to expand...

I'll check it out, thanks.

randal said:
I'm running pfSense on an old Lenovo M91p with a downgraded low power cpu (G640T) and it's plenty punchy. 30gb SSD boot drive and 4GB RAM. Handles 152mb Virgin no worries and latency is same/better than the Asus N55 it replaced. Haven't tried a VPN on it yet, but I can pull some numbers and latency details if you want.

Let me know what you're after and I'll see what I can do.
Click to expand...

Thanks for the offer, not really worried about latency testing though from elsewhere as I want to do that myself given the three options that I'll have available to me.

The Asus and Billion both have good, low latency, throughput - so as long as this can match or exceed them - I'll be happy.

Will be nice if I can add things like the realtime virus scanner without it adding much to the latency. I'm hoping it's smart enough not to much much of an impact on gaming, it probably will be... but I'm curious as to what it will add to web browsing.
 
crinkleshoes said:
I don't much like the look of their licensing schema... it appears as though the two I mentioned offer more for free...
Click to expand...

Yeah it is a bit of a draw back, I've only ever used rOS within Mikrotik hardware but I gather the hardware holds it back a lot. There isn't a lot you can't do with rOS.

It depends what you are trying to get out of it / trying to achieve. If it's just as you've specified, pfSense hooked up to a 24 port gigabit switch will be massive overkill.
 
Still, I think I can play more with pfsense or smoothwall... which is what I'd like to do... even if I don't use it properly.

But... if ros would get me a lower latency / better performance... then I'd be more interested.

But I'm guessing there isn't much difference between the OSes and it's more the hardware that can be the limiting factor.
 
I'm running a Celeron N3150, 4GB, 50GB SSD, Pico power supply, pfSense box.

Because my motherboard only has one ethernet port I purchased a used Dell dual port gigabit PCI-E network card (X3959) for £18. It's an Intel chipset which pfSense users tend to suggest for good performance(as well as out of the box compatibility - sometimes Realtek requires extra effort). Check your ethernet chipsets for compatibility to avoid issues with pfSense.

Latency and throughput is hard to comment on. I currently have a 40/10 connection, my CPU is a 4-core, 2 GHz, Celeron - obviously my connection is an almost irrelevant load on my CPU. The only time my Thinkbroadband latency graph spikes is when my connection is under load, but those spikes won't be down to CPU performance.

And as for throughput here's a pfSense Celeron G530 1.6GHz box, 1 Gb connection, from 2012 https://forum.pfsense.org/index.php/topic,45439.0.html

Why choose pfSense? Well generally, it's pretty popular, which means ongoing development, and lots of support - makes life easier. One day they even intend to implement Intel's DPDK which will mean significant improvement in networking performance.

EDIT:

pfSense forums -

https://forum.pfsense.org/

https://www.reddit.com/r/PFSENSE/
 
Last edited:
ecksmen said:
Sophos UTM 9 may be worth a look - fully featured, only known limitation is 50 IPs which should be sufficient for most home use cases.

https://www.sophos.com/en-us/products/free-tools/sophos-utm-home-edition.aspx
Click to expand...

I'll take a look, thanks.

philip2009 said:
I'm running a Celeron N3150, 4GB, 50GB SSD, Pico power supply, pfSense box.

Because my motherboard only has one ethernet port I purchased a used Dell dual port gigabit PCI-E network card (X3959) for £18. It's an Intel chipset which pfSense users tend to suggest for good performance(as well as out of the box compatibility - sometimes Realtek requires extra effort). Check your ethernet chipsets for compatibility to avoid issues with pfSense.

Latency and throughput is hard to comment on. I currently have a 40/10 connection, my CPU is a 4-core, 2 GHz, Celeron - obviously my connection is an almost irrelevant load on my CPU. The only time my Thinkbroadband latency graph spikes is when my connection is under load, but those spikes won't be down to CPU performance.

And as for throughput here's a pfSense Celeron G530 1.6GHz box, 1 Gb connection, from 2012 https://forum.pfsense.org/index.php/topic,45439.0.html

Why choose pfSense? Well generally, it's pretty popular, which means ongoing development, and lots of support - makes life easier. One day they even intend to implement Intel's DPDK which will mean significant improvement in networking performance.

EDIT:

pfSense forums -

https://forum.pfsense.org/

https://www.reddit.com/r/PFSENSE/
Click to expand...

Good tip, thanks - I was looking at a Realtek NIC for my mini-PCIE NIC... as they seem to be the easiest to get hold of.

It seems as though there is an Intel mini-PCIE NIC... but I'm struggling to find someone who stocks them!

http://www.bvm.co.uk/ProductDetail.asp?fdProductId=922

EDIT: I've emailed BVM

One other possibility would be to use a Mini PCI-E -> PCI-E adapter and use an Intel PCI-E NIC I already have...
 
Last edited:
I believe the current pfSense is based on FreeBSD 10.1 so I guess any chipset that supports will work out of the box.

A Realtek NIC may get recognised fine under pfSense/BSD, depends on the chipset. My old dual Realtek NIC motherboard worked fine, on the other hand a Realtek dual port PCI-E card I had required me to download the driver source from Realtek, compile(including editing the source code to remove compilation errors), and install the driver modules in the pfSense box - pain in the backside.
 
Thanks for the info.

I'm now leaning towards the Mini PCI-E adapter -> ribbon cable -> PCI-E 1x card idea as taking a closer look at these adapters and my desire to continue using the existing M.SATA SSD - most of the mini pci-e cards are a bit too thick to comfortably sit underneath the SSD.

With the converter it works out cheaper and I'll enjoy making a little housing for the adapter and pcie card... as it will also have to fit the peculiar pico-like PSU I have available to me.

I'm about to order the adapter from ebay for $13 delivered :D

Then I'll use an Intel i210 pcie x1 card I already have and make a base out of acrylic.

While the Realtek chips are decent... I have a personal preference for the Intel chipsets based on my experience with them both. So win/win :)
 
I used pfSense for a long time and it did what I needed it to do.

Some of the features are....quirky however. QOS/Traffic Shaping is absolute black magic nonsense, it's ridiculous to try and get working properly. I think I spent DAYS getting a working implementation.

Some of it still feels very much in development but on the whole, as a product, it works well.

I've since moved to a Ubiquiti EdgeRouter Lite 3. Does all the same things with a more polished feel and access to CLI for more advanced work. I liked pfSense, but just got a bit tired of it.
 
Smoothwall.... 12 years ago (my first dedicated smoothwall was a P166 with 64mb and a 4.3GB HD), now... not so much. pfsense/untangle/Astro (Sophos) is where i'd be looking, you could also look at doing it as a VM, most will work in one of the hypervisor set-ups if visualization is something you could benefit from with other items running on the same hardware?

Personally i'd suggest the NUC could find a better use than that, it's great for HTPC work, a low power download box and server, using it as a router seems somewhat of a waste, but not as much as it just sitting doing nothing. The ERL3 above is widely praised, it's had a lot of changes since the initial reviews and the need to use CLI is now much less than it used to be, the underlying OS however is a source of concern as it's old. Also the hardware acceleration features and WAN VPN throughput figures have been questioned by some.
 
You must log in or register to reply here.
Back
Top Bottom