We are in need of new firewall/network appliance to organize network traffic at school and we had the great idea to save some money and build a small appliance on our own…
Here is my report.
Some requirement are
- to do the usual DHCP/DNS/Routing stuff
- to separate school (teachers, pupils) network from administration network and
- to provide a web proxy with content filtering
- to allow BYOD and integrate mobile phones, tablets and notebooks
- to optionally allow for load balancing over the two available WAN routers.
Our plan was to use a PC Engines APU Board, plug in an additional double port mPCI NIC (and have 5 ports in total), add a small harddisk and put it all into a nice appliance-like case.
Especially the case has proven to be of an issue: We found only one available that provides space for board, 5 ports and a hard disk. Not exactly a cheap solution and we had to learn this was not without hassle, as well.
Anyway, these are the hardware parts we ordered:
- PC Engines APU Board 1d4
- A 2A/12V power supply
- Deloc 95237 MiniPCIe I/O PCIe full size 2 x Gigabit LAN
- A case from Calexium
- A SATA adapter cable
- A 2.5″ Harddisk
You also need a null modem cable and a RS232 port on your notebook or desktop to install pfSense.
You will also need some small screw drivers, an electric drill and small additional screws (two small bolts (3mm) and nuts would be a plus, I managed to get along with old stuff I found my PC-parts-box))
Assembling the main board and the case was straight forward, all screws fitted well and the case had a nice marking to put the heat dispenser into the right place.
The case also comes with small metal plates that make it easy to install the hard disk right beside the board (see image), so installing the hardware was also a no brainer.
The network card was more of an issue, as the screw holes in the case do not correspond to the holes in our Deloc 95237. And even if they did, with the hard disk installed, there would be no space left to install the network card. It turns out the case is actually build for „hard disk OR additional NICs“, not both at the same time. Blocker.
I eventually managed to put in both by cutting off the slot bracket and using a small part to screw it upside-down to the case. Please have a look a the images below to get an impression. (I am programmer by profession, take this into account when judging my hardware skills).
After Plugging in null-modem cable and power supply, the device booted up into the network boot system. It worked!
Note: The case has no power switch. I do not know if this is a common non-feature, but it just does not feel right, especially with this harddisk spinning around.
I will not go into details here, there are many good tutorials out there to install pfSense onto the APU board.
- Firmware Update: To use the Deloc 92537 Network adater, you have to install the latest APU firmware (still marked beta as of this writing, but I had to issues with it yet). I used tinycore as described on the PC Engines homepage. You do not need to download the firmware zip file, it is available in the tinycore image already. Very simple, very nicely prepared by pc engines.
- pfSense: Installing was very easy. I put the image onto an usb stick and did the „express installation“. The 5 ethernet ports became available after the firmware update without further interaction.
- Serial Console: I was able to see the BIOS and pfSense console with 115200 bauds. No need to switch to 9600 bauds after bios as described on many pages.
It took me about 5 hours from unpacking the first box to playing around with a 5 port pfSense via its web interface. I am sure you can be faster, this was my first appliance and I had to find a way to get this Deloc-thingy into the case.
pfSense and the APU board provided a very good installation experience. The case is a good one, but it is relatively expensive and does not met my expectations as it did not worked out without manual modifications for our use case.
Next time, we should use a SSD. We wanted to be save some Euros here, but I feel this was money saved in the wrong place.