XYMer's Home away from Home

When http://bbs.xlr8yourmac.com is down (i.e. always)
It is currently Sat Nov 18, 2017 1:30 pm

All times are UTC - 8 hours




Post new topic Reply to topic  [ 14 posts ] 
Author Message
PostPosted: Mon May 01, 2017 3:34 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:20 pm
Posts: 2259
I got a SG-1000 pfSense appliance for my home. It runs FreeBSD 11 and the power consumption is really low. The price was kind of hard to stomach, but it looks and performs really well for my application. I though about building one from a raspberry pi or something, but it wasn't supported.
Attachment:
Photo May 01, 4 48 20 PM.jpg [234.12 KiB]
Not downloaded yet

https://www.netgate.com//products/sg-1000.html


Top
 Profile  
 
PostPosted: Mon May 01, 2017 5:40 pm 
Offline
Benevolent Dictator
User avatar

Joined: Mon Apr 21, 2008 2:03 am
Posts: 14659
So, what IoT stuff do you have t home?


Top
 Profile  
 
PostPosted: Mon May 01, 2017 8:45 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 9561
Location: Caught between the moon and NYC
I'm really interested in Ubiquiti's routers at the moment. They run some flavor of Linux but primarily use a configuration language like most routers. The way they keep costs down is to use embedded CPUs, but can offload most important router-type functions to dedicated hardware acceleration, which allows them to shove around a lot of packets. However if you want to do something outside the hardware acceleration realm it's fairly easy to butt up against the CPU's limitations. Still, their cheapest model is around $50 - it can handle around 300Mb of traffic w/o hardware acceleration (which is good since, being the cheapest model, it has no hardware offload), and they go up from there.

I keep hoping to have an old server fall out that I can throw pfSense on and use that for a beefier router. So far the only thing that's fallen out is a P4-era Xeon... you can hear its fans at idle two rooms away.


Top
 Profile  
 
PostPosted: Tue May 02, 2017 12:38 pm 
Offline
Master

Joined: Sun Apr 20, 2008 5:24 am
Posts: 9693
Location: North of the State of Jefferson
Cool!

Even at $150 they're a fair value because they're fast, secure, reliable, and not an enormous pain in the butt -- in stark contrast to (almost?) all the cheaper alternatives. If you have the luxury of spending $150 on a router, it's a great choice.

I considered getting one myself but ended up building a Linux-based router from dual Ethernet mini-PC instead. It's much more of a PITA to work with but there are a few cases where I prefer iptables, and I figured I could use the practice building it. Depending on the kinds of problems I run in to putting together my network-wide VPN I may switch it over to pfSense since that's a mostly solved problem there, whereas I'd have to manually assemble and configure the VPN from first principles with a raw Linux install.

- Anonymous


Top
 Profile  
 
PostPosted: Tue May 02, 2017 2:52 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 9561
Location: Caught between the moon and NYC
If you only need a two or three interfaces there's a lot to be said for buying an Intel NUC and attaching one or two GigE ports over USB 3. Its going to be a couple hundred when you're done but you would have few limitations on where you can take it. If you get the right NUC you can put pfSense on there.


Top
 Profile  
 
PostPosted: Wed May 03, 2017 6:08 am 
Offline

Joined: Thu May 15, 2008 8:16 pm
Posts: 1147
Location: Prescott, AZ
Ha!

That's a fair value then. I read 'fail' value and was thinking it an unusual phrase for your to use.

_________________
Richard
Drink more coffee!!


Top
 Profile  
 
PostPosted: Wed May 03, 2017 7:54 am 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 9561
Location: Caught between the moon and NYC
Given that WiFi routers are getting stupid expensive ($300 and up) with slower performance, I'd say $150 is a bargain.


Top
 Profile  
 
PostPosted: Wed May 03, 2017 10:06 am 
Offline
Master

Joined: Sun Apr 20, 2008 5:24 am
Posts: 9693
Location: North of the State of Jefferson
azrich wrote:
Ha!

That's a fair value then. I read 'fail' value and was thinking it an unusual phrase for your to use.

Thanks, fixed. :) I don't know exactly how I managed to do that. Maybe in changing "fairly good" to "fair" and messed up?

- Anonymous


Top
 Profile  
 
PostPosted: Wed May 03, 2017 3:40 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:20 pm
Posts: 2259
@BD - I don't have any IoT things at home, thank goodness! Between me and my girlfriend we have 2 laptops, 2 iphones, 1 desktop and the wireless router.

@MB - I saw the same cheap ubiquiti the next day after I pulled the trigger on this purchase. Ubiquiti has a good reputation in the IT community! 300 Mbps for $50 is a better value than what I purchased. :bonk: I really like their white, round PoE AC access points.

pfSense is worth throwing on some hardware lying around even if it's old. I think the key to being the most compatible with it is having intel NICs. I put pfSense at my last job on a spare core i7 intel motherboard with 2 onboard intel NICs, and a PCI NIC, and the CPU never went over 2% even under a full network load with VPNs, VLANs, 2 WANs, QoS, and 50 users. It had some rock solid uptime on the release builds, I regularly got uptimes of over a month before we had to reboot for patches. We ended up using them at 4 locations with great results. Their Quad core mid-range pfSense appliance was noticeably faster than the dual core models.

@Anon - What kind of Linux router did you build? That sounds like a neat project!


Top
 Profile  
 
PostPosted: Wed May 03, 2017 4:03 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 9561
Location: Caught between the moon and NYC
l actually got my workplace to buy the $50 router. even though the only guy who knew WTF I was talking about was on medical leave, it was only $50 so they didn't care all that much. It's really neat for $50.

As part of my workplace's recent move I actually have a handful of PoE injectors leftover from the other site's phone system. I keep wondering if anyone will come up with a configurable multi-tip PoE to 5/9/12V DC adapter. Sounds stupid but it could allow you to run off the shelf WiFi hardware for access points using PoE runs. Some guy did something similar with the WRT-54G using the extra pairs in a 100Mb ethernet run to send power, which was fed from a wall wart at one end and broken apart into the appropriate size tip


Top
 Profile  
 
PostPosted: Wed May 03, 2017 4:34 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:20 pm
Posts: 2259
That's cool you got one to play around with-- let me know your thoughts on the ubiquiti!

These splitters might do the trick:

http://a.co/4FCimMt

http://a.co/cCkLYkV


Top
 Profile  
 
PostPosted: Wed May 03, 2017 4:39 pm 
Offline
Benevolent Dictator
User avatar

Joined: Mon Apr 21, 2008 2:03 am
Posts: 14659
MB...

http://www.ebay.com/itm/AC-DC-Universal ... 2669875021


Top
 Profile  
 
PostPosted: Wed May 03, 2017 6:05 pm 
Offline
Master

Joined: Sun Apr 20, 2008 5:24 am
Posts: 9693
Location: North of the State of Jefferson
It was pretty simple. I bought a mini-pc off Amazon(? - I don't remember exactly and can't find it now) with dual Ethernet for around $150ish. It's got a relatively low end Intel processor and a tiny fanless case that isn't very well designed. I filled it with a random spare 2GB SODIMM and 2.5" drive from my junk drawer, then installed Ubuntu Server 16.04. From there I configured a DHCP server, BIND, and iptables to make the thing run as a router.

Mostly this lets me reuse a handful of older iptables filtering rules I had on my previous Linux-based router.

It took several hours to set up, and maybe an 45 minutes longer than it should have since at one point I managed to lock myself out of the machine: "Oops...I probably shouldn't have run that command over ssh..." :bonk:

Update: It looks exactly like this one.

The biggest problem with the case is that a standard 9.5mm drive doesn't quite fit with the wireless card installed. Fortunately I didn't want wireless on it, so that wasn't a problem.

- Anonymous


Top
 Profile  
 
PostPosted: Thu May 04, 2017 1:23 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 9561
Location: Caught between the moon and NYC
BDAqua wrote:
Imagine that, but with one end being an adapter that plugs into an ethernet patch panel and the other end something that comes out of a walljack to ethernet and power. So input is ethernet & selectable power wall wart, output is ethernet & multiple tip power, with the only thing in-between being an four pair ethernet cable punched down to a patch panel and keystone jack. With 100Mb ethernet there's a pair not in use, so in theory you could ignore PoE's niceties and just drive +/- over the extra pair. PoE lets you use all four pairs while also using GigE, which also uses all four pairs. If you conformed to PoE though then you wouldn't need a bunch of individual wall warts you could just have a 48 port PoE switch and the adapter by the WiFi device end is what converts the PoE power down to whatever the device needs.


My workplace is probably going to get an ER-8 Pro as part of a general bandwidth upgrade (only way to avoid paying the remainder of a 3 year contract at the closed site is to pay more at the open site), so I'll probably have a better informed opinion about Ubiquiti's routers soon. The ER-X is on a 250Mb Comcast connection so its not getting much of a workout nor is it a particularly complicated setup. The ER-8 will need to handle VPN and multiple networks so it's going to require a more extensive setup. Their web-based wizard only handles basic setups, which is probably why the ER-X was so simple to get running. I plan on implementing an OSPF setup though across the two internet connections. That way if one connection goes down we're not in cranky student hell.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 14 posts ] 

All times are UTC - 8 hours


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group