I’ve been mulling for some time about the option of building a standalone pfSense box. My current pfSense runs as a virtual instance inside an Ubuntu host. This interest was renewed again recently when, unfortunately, my Ubuntu host broke, and thus brought down my Internet access. It was really frustrating, not least because of the chicken-and-egg situation that landed on me.
You see, I needed Internet access to find information, or at least to download Ubuntu images. But my Internet is down, because the gateway is a virtual instance on the broken host that I’m trying to fix.
It seems to make sense that an important critical infrastructure like my Internet gateway ought to be a standalone box. However, when I originally decided on such a setup, the rationale then was that I want to run a 24×7 Linux server anyway, and it did seem wasteful to have two boxes running 24×7.
Back then, I also didn’t consider the option of a low-power standalone box. Something based on Intel Atom processor platform. The D2550 Cedarview processor with 32 nm lithography, for example, boasts a maximum TDP of just 10 W. It’s more than ultra-low power netbooks of old (some can go under 5 W), but it’s certainly more energy saving than a regular notebook. The Intel i5-4258U in Apple’s current generation (late 2013) 13″ MacBook Pro with Retina Display, for example, lists a maximum TDP of 28 W.
Cost is another matter to contend with. Of course, you’d expect that a low-end box like this to cost less than a regular desktop. But that’s not good enough. It has to cost way less, like maybe at the level of current flagship wireless routers? I know that’s not an apples-for-apples feature comparison. I choose that simply as an indicator of price tolerance. I imagine, too, that many parts are probably not so easily available in Singapore.
Although we’re talking about a low-end type of computer here, one has to remember that it cannot at all be underpowered or have too low specifications. After all, you’re likely to expect the box to handle Gigabit Ethernet traffic. It’s possible that you may even want more than 2 ports.
The more I think about it, the more interesting this sounds like for a future DIY project.
If you use something other than a mainstream wireless router for your Internet gateway, what do you have?
I got my router/firewall from the US and carried it back – US$125. It’s an atom based PC, though, but it seems sufficient for my use, which is routing/traffic-shaping for my 100Mbps fiber connection and NAS for my ZFS array.
I suppose if you want true gigabit speeds that isn’t good enough. I’ve seen mini-PCs packing Celerons and i7s (eg. Intense PC), but I think the price of those aren’t in the “flagship router” range anymore. (I think you’ll need at least US$400-500 for those.)
I’m hoping to do maybe 400 Mbps to 500 Mbps though the box. The current plan is 100 Mbps, so for present needs, there isn’t a problem.
Goodness that’s a good internet connection you’ll be having in the future… looking at mini-ITX seems the right way to go for your use though. You should post you’re final setup. I’ll be curious to know the cost, specs, and especially power consumption of your router/server.
Using a Intel D945gclf2 with an Atom 330, bought second hand cheap, 1 gig ram, pci Intel Nic, 64 gig ssd, 3 megabit internet. PFSense seems to work with Squid Filter, but little things upset it. I get these annoying endless ACPI divide overflow errors scrolling up the screen, seems to occur when the system has been halted and its in a standby state when it comes back up it starts divide overflowing (though it still functions), adjusted the power state to S1 seems to have quieted it down, still though testing not sure if this is a fix. Builds 2.15 through 2.2 so far have not worked. Contemplated a bios update though other users of similar Intel branded Atom boards with these issues state the ACPI error is not fixed by a bios upgrade. I have a socket 775 board available with a Celeron e1500, while nowhere near as low powered as the Atom, it may be worth trying, a mini atx motherboard has more PCI slots. The little Atom CPU fan while not loud, but not exactly quiet, gets fatiguing after a full day.
Correction, the builds 2.15 thru 2.2 have not made the ACPI errors go away, I’ve tried the boot option “acpi disabled” and the file system will not mount.