pfSense Home Router – Part 1

torchOver the years, my home office has become a museum of sorts for wireless routers. There on a shelf sits my old reliable Linksys WRT54GS with upgraded antennas, next to it is a Linksys WRT350N, and lastly a Netgear WNR3500L. My current router sits in the office as well, that is a Netgear WNDR3800. The WNDR3800 is less than a year old and performs quite well, but then Western Digital announced they were getting into the wireless router business and announced the My Net N900, which is interesting since it includes 7 Gigabit Ethernet ports! But alas, I could not justify upgrading to a new wireless router in less than a year. With each router upgrade I have looked at three features: speed of actual CPU, internal memory, and DD-WRT compatibility. Home routers are essentially computers that route network traffic. The faster their CPU and more memory they have the faster they can operate. On slower ISP connections, you do not notice it as much, but once you upgrade your internet connection and add more devices to your home network, the more your router’s performance becomes impacted. Hence the WNDR3800 works better than the slower WNR3500L it replaced. I am mostly talking about the wired connections, since wireless speeds can vary and I tend to prefer wired connections. The more I thought about it, the more I came to the conclusion that I was really trying to upgrade the CPU and memory in my router; the wireless radio was adequate and the built-in 4-port switch was already being supplanted by a dedicated 8-port switch. In general wireless routers are a good value. They combine a wireless radio, a network switch, and routing capabilities for around $150 or less. The WD N900 looks like an even better value, given the 7-ports, but in my case, I wanted to separate the three main functions. Hence my search for the perfect home router began.

OpenSource Software

On all my previous routers, I had replaced the firmware with DD-WRT and become quite comfortable with it over the years. There was however one function that was becoming more critical to me which DD-WRT could not do. For multiple reasons, I had setup a caching web proxy at home. Mostly it was to help cache web content for my kids. At first I had tried Apache with Mod_Proxy running on a Windows box, but that solution was not very robust or stable. I ended up adopting Squid Proxy for Windows, which works well, but it made more sense for Squid to be transparent and be available 24/7. The Windows box would occasionally need to be restarted. It made more sense to put Squid at the router level. Squid requires a fast CPU and fast disk access and I did not see any way of adding this to DD-WRT at all. This is when I came upon these small ALIX solutions for Netgate. These small appliances run the opensource firewall: pfSense. pfSense has a similar web interface to DD-WRT, but is based on FreeBSD instead of Linux, and more importantly comes with a Squid Proxy add-on package. After more research, it appeared that the ALIX solutions from Netgate were not going to be robust enough to handle the demands of the Squid add-on, but pfSense seemed a perfect fit for what I was looking for.

The Hardware

Building a new computer is never really all that cheap. You always end up spending more than you budget for. Putting together a box for pfSense would prove no different. My requirements were simple, I wanted something small, (obviously the ALIX solution was the smallest, but that was not going to work for me, so it had to be bigger than that), completely silent, and have the resources to run Squid. What I ended up with was a small mini-ITX form factor. The mini-ITX boards are small and quiet and they fit in the smallest of cases.

I had considered for a time, just getting a cheap used mini-tower PC, most likely a Dell mini-tower. There are tons of used mini-towers out there and you can pick one up easily online or through local used computer places. The reservation was that this was going to be a network device, so I wanted something better than the typical Realtek or Broadcom on-board network ports. If I chose to get a used machine, I would want to upgrade it so I could have two Intel network ports. I ultimately decided to go with new components instead of used.

Finding a mini-ITX motherboard with dual network cards proved actually difficult and then finding one that had Intel cards was even harder! I was not really looking for a server motherboard, but it ended up that Supermicro actually makes some mini-ITX motherboards that are based on the Intel Atom processor. These boards are not cheap though, they do however come with the Intel Atom CPU already installed. Newegg carries the SuperMicro MBD-X7SPA-HF-O Mini-ITX; there are two versions, one with IPMI and one without. I chose the IPMI version, which will cost you an extra $20.

Motherboard: SuperMicro MBD-X7SPA-HF-O = $220

  • CPU: Intel Atom D510 processor
  • Memory: DDR2 Standard DDR2 667 with 4GB Maximum (2 x 200Pin SO-DIMM)
  • On-board IPMI 2.0

Memory: Mushkin Enhanced Essentials 4GB (2 x 2GB) = $55
Hard Drive: Corsair Force Series 3 CSSD-F60GB3A-BK 2.5″ 60GB SATA III = $80

At the time of this build, I was not very concerned with the hard drive. I thought a 60GB drive should prove adequate. Now I am rethinking the size of the drive and I have ordered a new 128GB SSD drive as a possible upgrade in the future. For the memory I just ordered something that was compatible. Muskin was a few bucks cheaper than the G.Skill modules.

The Enclosure

With the internals decided, the next challenge was choosing a small enclosure that could accommodate this mini-ITX board and not take a lot of space. My intent was to have something that looked like a Mac mini. PC enclosures of this type are thrown into the HTPC category and do not much resemble the Mac mini at all, they tend to look more like typical home theater receivers instead. However, I was able to find an industrial case that came close.

Habey EMC-800BL = $69

  • material: Heavy duty 3mm aluminum
  • dimensions: 8″ x 9″ x 3″
  • power: internal fanless 12V DC-DC ATX power supply

Habey makes smaller enclosures that do not have the space for an internal CD drive, but I wanted a slightly taller case to help with cooling. The EMC-800BL is also a little hard to purchase; only Newegg seemed to have any in stock. The case is very sturdy and I like the external looks of the case, except for the cheap looking white plastic CD bezel. As is usual with blue LED lights, the power button is too bright. Overall I really like this case, and would consider it for other builds as well.

Hardware Installation

The installation was not too daunting. The EMC-800BL comes with a power supply. All that is needed is to install the motherboard input shield and then bolt down the motherboard to the case. plugin your cables and use some ties to make things neat: (top view). The next step was to install the memory DIMMs. For the hard drive, I ended up removing the extra metal sled for the CDROM drive and attaching he SSD drive to the main plate. Lastly I labeled the Network Cards, L for LAN and W for WAN. It is important that the LAN connection be the one on the left, closest to the VGA connector. This connection is also the one for the IPMI. With the hardware installation complete, I was ready to install the software, which I will cover in Part 2.

Filed under: Networking

No comment yet, add your voice below!


Add a Comment

Your email address will not be published. Required fields are marked *

Comment *
Name *
Email *
Website