• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.
  • The forums have been upgraded with support for dark mode. By default it will follow the setting on your system/browser. You may override it by scrolling to the end of the page and clicking the gears icon.

Need router and firewall but not ISP box

Solaris17

Solaris17

Super Dainty Moderator
Staff member
Joined
Aug 16, 2005
Messages
27,765 (3.84/day)
Location
Alabama
System Specs
System Name RogueOne
Processor Xeon W9-3495x
Motherboard ASUS w790E Sage SE
Cooling SilverStone XE360-4677
Memory 128gb Gskill Zeta R5 DDR5 RDIMMs
Video Card(s) MSI SUPRIM Liquid 5090
Storage 1x 2TB WD SN850X | 2x 8TB GAMMIX S70
Display(s) 49" Philips Evnia OLED (49M2C8900)
Case Thermaltake Core P3 Pro Snow
Audio Device(s) Moondrop S8's on Schitt Gunnr
Power Supply Seasonic Prime TX-1600
Mouse Razer Viper mini signature edition (mercury white)
Keyboard Wooting 80 HE White, Gateron Jades
VR HMD Quest 3
Software Windows 11 Pro Workstation
Benchmark Scores I dont have time for that.
Or really any conventional router to be honest. I already have a server 2012R2 system that is hosting a few VMs with a webserver etc. However it connects to my ISP FIOS router. I dont really want to deal with RRAS and was thinking of going with another box for PFsense smoothwall monowall etc.

Does anyone have any recommendations as far as this goes? Id like a low wattage system to run this the rest of my network will be run off a switch.
 
Well I use a Cisco Meraki Z1 with 3 VLANs, tons of group policies, etc.. and I got 3 server 2012 systems and it works very nice.
Review: http://remixedcat.blogspot.com/2014/02/cisco-meraki-z1-review.html

Meraki even gives you free DDNS as well which is a neat extra

Unsure of power draw to it but it's lower than a Pfsense/IPcop/Untangle box.

If you are really cash strapped just go the 'box way.... :)
 
Well like I said im not really interested in any kind of pre-built router at all. Not to mention I dont really want to deal with the costs involved in the high end ones when I can make a microbox that potentially has the same options. Nor do I want to take the risk of it NOT having the options that I need.

Can anyone shed some insight on these types of setups? how is the interface between them? do they have a decent amount of options? can anyone recommend good low power hardware for such a machine?
 
Eh, we just use a nice plain and simple Mikrotik router attached to our core fibre switches that do the routing and a smoothwall for webfiltering/firewall.

Gimme a sec, I'll go up to my server room and take a picture, I don't remember the model.
 
This thing, hasn't blinked in 5+ years

2015-06-1515.10.00950.jpg

 
Mikrotik is still pre built tho :P I almost got one of those instead of the Z1 but they were all out of stock of all the decently priced ones and would have been for 3 weeks so....
 
You could always build a cheap AM1 machine and use an old 4-port gigabit Intel 1000PT card and use pfSense or something. If you know how to use IPTables, I would say do a bare Debian install. It's what I did (2-port instead of 4, since the motherboard has 2 already on it,) and it has been rock solid since.
 
Mikrotik or a ubiquiti edge router lite is a good option for the CLI savvy. Pre-built but it's power draw is minimal. I'm testing a ubiquiti unifi security gateway in my home lab (it's managed similar to the UniFi AP's), it's similar hardware and and OS to the Lite.

All the ubiquiti kit runs a modified version of Vyatta, which is pretty similar to Juniper's JunOS. There's not much from a networking perspective that you can't do with them... Obviously it's not an IDP or UTM though so if you want those features without the cost you will need to spec up a small server/PC. I'd have a look at mini-ITX configs. An Intel NUC style system could work using sub-interfaces. What is your switching infrastructure like? Managed CLI? Layer 2 or 3?
 
pfSense + whatever you have lying around will work as long as you have 2 NICs.
 
If you have a managed switch you could just VLAN it onto a VM running pfSense/Monowall/Whateverthehellyoufeellikevirtualising. Probably the lowest power option.
 
Just make sure you have a processor that supports VT-X and VT-D.
 
remixedcat said:
Just make sure you have a processor that supports VT-X and VT-D.
Click to expand...
There is no reason to need VT-d unless you're running everything in VMs and are passing physical devices through to VMs using VT-d/IOMMU. The VT-d option gets expensive really fast and isn't necessary for this kind of setup.

I like how there are a bunch of recommendations for pre-builts when the OP specifically said:
Solaris17 said:
Well like I said im not really interested in any kind of pre-built router at all.
Click to expand...
 
Thing is with some NICs they work better with it for VMs....
 
remixedcat said:
Thing is with some NICs they work better with it for VMs....
Click to expand...
Only if you use PCI-E passthru, otherwise VT-d legitimately does nothing. Hypervisors don't use VT-d out of the box, you usually have to configure pass-thru manually and you have to tell KVM or whatever hypervisor you're using to pass through the specific PCI ID of the device. I wouldn't run a VM to do this as adding VT-d to the mix adds to the price and complexity of setting it up significantly.
 
You don't need VT-d to assign virtual NIC's to separate VLAN's. There is no need to pass-through physical devices to the VM, simply tag the vNIC's to the correct VLAN's (assuming the Hypervisor is configured correctly) and you're done. I use this setup quite regularly for setting up Virtual appliances like Citrix Netscaler's, virtual security appliances or voice servers. Really you don't need VT-d unless you are expecting large IO's on the interface.
 
Thanks everyone. currently my setup looks like this. From fibre (FTTP) I run to a verizon provided router/moca box (CAT6). this patches to a set top box (STB) via moca a 4 port switch and server are on the routers lan.

I would LIKE to run internet (from ONT) to a OPNsense box --> 48port switch (layer 2 unmanaged) --> Server/Moca Bridge (for STB)

the rest of the house will be hard lined via data drops to panels on the wall. im re-doing my entire home network (I own a house) I want to do this correctly above is my target topology. I want to dump the verizon box as soon as possible.
 

Attachments

  • UML.png
    UML.png
    10.5 KB · Views: 483
Last edited:
Solaris17 said:
Thanks everyone. currently my setup looks like this. From fibre (FTTP) I run to a verizon provided router/moca box (CAT6). this patches to a set top box (STB) via moca a 4 port switch and server are on the routers lan.

I would LIKE to run internet (from ONT) to a OPNsense box --> 48port switch (layer 2 managed) --> Server/Moca Bridge (for STB)

the rest of the house will be hard lined via data drops to panels on the wall. im re-doing my entire home network (I own a house) I want to do this correctly above is my target topology. I want to dump the verizon box as soon as possible.
Click to expand...

Just a kinda off/on topic question but what brand ONT do they use?

*On topic experience*
I run a core2duo with 2GB of ram with a PCIex dual intel gig nic running IPcop and its very stable (Minus charters horrible issues). I almost never have to restart it and the times I do its my ISP that is at fault. This build was extremely cheap and actually better than some of the sonicwalls I have to deal with out in the field
 
brandonwh64 said:
Just a kinda off/on topic question but what brand ONT do they use?

*On topic experience*
I run a core2duo with 2GB of ram with a PCIex dual intel gig nic running IPcop and its very stable (Minus charters horrible issues). I almost never have to restart it and the times I do its my ISP that is at fault. This build was extremely cheap and actually better than some of the sonicwalls I have to deal with out in the field
Click to expand...

A really bad storm just started but tomarrow ill go out there and open it up again and grab you a manufacturer.

Does anyone know if like the NUC and other small prebuilt net tops have dual nics? I'm interested in small because all of this will be on a rack mounted to the wall. the gigabyte bricke tc seem like they would be powerful enough for this kind of thing.
 
Go to : netgate and order an apu4 kit, it's dual core 1 gig cpu with 4 gigz of ram, slap a 30gig mSATA drive on it, and throw pfsense on it. I personaly have that setup and it's fantastic, 3 gigabit nics, handles everything I've done with it.
 
Solaris17 said:
A really bad storm just started but tomarrow ill go out there and open it up again and grab you a manufacturer.

Does anyone know if like the NUC and other small prebuilt net tops have dual nics? I'm interested in small because all of this will be on a rack mounted to the wall. the gigabyte bricke tc seem like they would be powerful enough for this kind of thing.
Click to expand...

A intel atom ITX with dual nics are available (almost pulled the trigger on one) and would be well capable of running a home network. I run a PFsense server at work on a older P4 1U rack mounted server with multiple vlans and over 200+ devices arped in and it does not break a sweat. Ran a speed test during the middle of the day at peak traffic times and got 700+ down and 500+ up on a open gb circuit.
 
tong said:
Go to : netgate and order an apu4 kit, it's dual core 1 gig cpu with 4 gigz of ram, slap a 30gig mSATA drive on it, and throw pfsense on it. I personaly have that setup and it's fantastic, 3 gigabit nics, handles everything I've done with it.
Click to expand...

Nice option and a good price with enough physical interfaces. Looks like a winner to me.
 
Rhyseh said:
Nice option and a good price with enough physical interfaces. Looks like a winner to me.
Click to expand...

Indeed it does. Thanks for the patience and help in this everyone. Based on the same CPU I did a quick search and came up with this for $100 cheaper. Other than the wifi that I wouldnt use I have both RAM and an SSD I can throw in it would this be any worse for wear vs the APU4 which is currently out of stock?

http://www.newegg.com/Product/Product.aspx?Item=N82E16856107110
 
Solaris17 said:
Indeed it does. Thanks for the patience and help in this everyone. Based on the same CPU I did a quick search and came up with this for $100 cheaper. Other than the wifi that I wouldnt use I have both RAM and an SSD I can throw in it would this be any worse for wear vs the APU4 which is currently out of stock?

http://www.newegg.com/Product/Product.aspx?Item=N82E16856107110
Click to expand...

It appears to use the same base hardware. Purely looking at the specs (bear in mind I have no practical experience with either product) I can't see a reason why it wouldn't work. If anything it will probably be easier to setup and maintain.
 
You can get the combo I mentioned cheaper than that newegg one if you bring your own OS (basically do your own install) they have it for 200 http://store.netgate.com/kit-APU1C4.aspx . Beautiful thing it's 3 gigabit nics, and uses less power than my shaving razor... Make sure you grab the serial to usb cable, you will need it. I've been running it 8 months and no throughput problems. of course the more modules you install the more it slows down. Max throughput I've seen someone posted with snort,squid,and a bunch other scanning things running was somewhere in the 300 meg (this was a massive amount of modules running and pretty much all traffic was fully filtered.

You can wait if you want, Intel is supposed to be releasing a quad-core atom in a smaller package that takes independent modules that you can throw up to 6 gig nics on. It was showcased at computex this year.
 
You must log in or register to reply here.
Back
Top