Jump to content


Photo
- - - - -

New pfSense Box

on the cheap

  • Please log in to reply
No replies to this topic

#1 systems_glitch

systems_glitch

    Dangerous free thinker

  • Moderating Team
  • 1,636 posts
  • Gender:Male

Posted 05 December 2013 - 01:27 PM

So the time has come to replace the firewall/router at my parents' house. It's a first-generation Cobalt RaQ ( http://en.wikipedia....wiki/Cobalt_RaQ ) running Debian Linux, and can't keep up with their recently-upgraded Internet connection. Fortunately, it doesn't take a whole lot to outperform a 150 MHz MIPS-32 processor, so I was able to build a new pfSense box with a minimum of purchased components and a bunch of spare parts.

 

Bill of Materials:

 

* 1U half-depth Mini ITX chassis and power supply -- $0.99 + $15 shipping

* VIA C3 "Ezra" Mini ITX board (original USB 1.1 board, 933 MHz) -- free, sitting in the junk box

* 512 MB PC100 SDRAM (2x 256 MB sticks) -- free, scavenged from an old server

* 1 GB Flash IDE module -- free, had one on hand, around $18 iirc

* Intel Gigabit PCI Ethernet card -- free, scavenged

* Right angle PCI riser -- $5 incl. shipping

* New CMOS battery -- free, already had a big pack

* Misc screws, heat shrink, cable ties -- free, parts bin

 

The Mini ITX chassis was super-cheap because it came with only the case and power supply. Someone had removed all of the 40mm fans (even the one in the power supply!) and replaced them with a single huge 120mm fan cut into the top of the case. For $0.99, I was willing to repair it! Started with adding a fan back into the power supply:

 

Attached File  DSC03265.JPG   130.15KB   2 downloads

 

The motherboard fits fine. It doesn't matter if you don't have an I/O shield for the motherboard since most of them won't fit in 1U rack enclosures anyway. Cable routing can be a pain, so I usually cut off the extra sets of Molex/SATA connectors and heat shrink the cut off ends. The power supply that came with the case is a 300W unit with six drive power connectors, which will never be used. I left one chain of three connectors and tucked the wires into the space between the motherboard and the front:

 

Attached File  DSC03266.JPG   166.83KB   3 downloads

 

I'm still waiting on the right-angle PCI bracket to arrive, so I found a tall network card where the ports would be accessible above the edge of the 1U case. This one is a 3Com card that uses a fiber optic connection. It's picked up under pfSense/FreeBSD's `xl` driver:

 

Attached File  DSC03269.JPG   171.81KB   3 downloads

 

With all of the hardware in place, grab your favorite live distro (mine is Slax: http://www.slax.org ) and a copy of the pfSense NanoBSD image appropriately sized for your Flash module, and load it. This machine only has USB 1.1, so I booted Slax and piped the pfSense image over the network using netcat. On the server:

pv pfSense-2.1-RELEASE-1g-amd64-nanobsd_vga.img.gz | zcat | nc -l 6000

On the target:

nc server.hostname 6000 | dd of=/dev/sda bs=1M

Replace `/dev/sda` with the device node for your Flash module. `pv` can be substituted with `cat` if you don't have it installed -- it is "Pipe Viewer," basically just `cat` with a progress bar.






BinRev is hosted by the great people at Lunarpages!