Cheap low power router on a par with pfSense? (P2P, QoS, 2000+ connections, 20Mb+)

[9lives]

I currently have two pfSense boxes, but they are using quite a lot of electricity so I want to replace them with lower power systems, preferably off-the-shelf routers (perhaps with replacement firmware).

The two current systems:

20/1Mb connection
Pentium III 650MHz (underclocked)

10/512Kb connection
Geode 300MHz

Actually the Geode system would be low power enough, but it fails due to having a crappy Realtek on-board NIC that limits it to 10Mb or lower throughput. I tried a dual Intel NIC in it but pfSense and m0n0wall hang when bringing up the WAN interface.

Requirements:
20Mb+ thoughput, ideally up to 80Mb or more
2000+ simultaneous connections (for P2P)
QoS
Stable

I only need other basic features like NAT firewall, DHCP, UPnP etc. No VPN or other servers, but they would be a bonus. Wifi would be nice but not essential.

The 2000+ connections requirement is based on my experience with pfSense. Even with a 4 hour timeout on connections BitTorrent and eMule can easily open 1500-1700 connections or more. I have no idea why most routers are limited to 200 or fewer connections - OpenWRT and Tomato both support 4096 on the same hardware.

The best bet currently looks like running Tomato on a Buffalo or maybe Linksys box, but it's hard to get compatible models in the UK and the good ones can be expensive. Something like an ALIX or other Geode LX800 based system would be ideal but they tend to be expensive too.

An ALIX or similar would be okay if I could run m0n0wall or pfSense with a dual WAN setup, but only pfSense officially supports that and it seems to be mainly aimed at load balancing or fault tolerance. I would like to be able to keep each machine tied to one connection.

 

[jdabbs]

I'm running pfSense on an ALIX 2C3. Power consumption measured at the wall is 5W; if I can find a way to reliably measure the amount of simultaneous connections, I'll benchmark the device.

It may be possible to specify the WAN interface per client: Firewall>Rules>a LAN interface>Add Rule>Gateway. I've already assigned the 3rd interface as a secondary LAN subnet, so I can't test without breaking something, but it looks promising.

 

[YeOldeStonecat]

I run my PFSense at home on an old IBM Thinkpad T22. It's a Pentium 3, with 256 megs of RAM. Onboard Intel NIC, I have a PCMCIA card for my 2nd NIC. PFSense runs great on it.

The 14.1" screen laptop is relatively low profile, quiet, not much draw on the juice, and it has a built in battery backup!

Older P3 laptops can be picked up for dirt cheap on fleabay through any of the abundant Thinkpad reseller stores out there.

If you wanted even smaller...could look for an older IBM "X" series laptop...their ultraportable 12" models, like an X20 - X30 series.

I've been on the search for *nix router appliances..specifically for a project I have coming up which will require a wide area network with quite a few small satellite offices of 1-2 computers in various courthouses and police stations around my county. So I'm looking for very small units to run PFSense on. Last night I came across this site....will be inquiring soon..scroll down towards the bottom to see the smaller units.
http://www.portwell.com/products/ca.asp

PFSense defaults to 10,000 max connections. What I also love about it, is I drop priority for P2P traffic, so the kids activity doesn't impact mine much. The PC that does the most downloading activity, I have that PC on a static IP address..and that IP is additionally throttled with max up and download rates.

 

[scotty]

I run pfSense on a older P4, so it's a bit of a power beast. I'm looking to move to a laptop for the exact reasons Stonecat articulates. Even the better low'ish power systems these days aren't on par with a laptop. Built in battery backup, what more could you ask for.

You might want to look at those Alix/Soekris boards, and possibly monowall (pfSense is a fork from monowall). Although I'm sure either would work, Monowall I think is more geared towards little embedded setups, whereas pfSense is geared towards a bigger feature set. Monowall on an Alix board seems to be very popular in the pfsense community.

Laptops work great though for a home-based pfsense setup though. All you really need to do is add a pcmcia nic.

Stonecat, thanks for referencing that portwell site, those look interesting!

 

[9lives]

I'm running pfSense on an ALIX 2C3. Power consumption measured at the wall is 5W; if I can find a way to reliably measure the amount of simultaneous connections, I'll benchmark the device.

I think it should be fine if my PIII 600MHz never gets above 10% even with heavy P2P. I think even the 300MHz Geode would be okay if it just wasn't for the terrible Realtek NIC.

It may be possible to specify the WAN interface per client: Firewall>Rules>a LAN interface>Add Rule>Gateway. I've already assigned the 3rd interface as a secondary LAN subnet, so I can't test without breaking something, but it looks promising.

I have looked into it and pfSense does sort of support dual WAN, but it seems to be mainly aimed at load balancing and redundancy. I might try and put together a little system to try it out.

Dual WAN seems to be a poorly supported feature among BSD/Linux router distros

An alternative I am looking into is using vmware or similar to run two copies of m0n0wall. An 800MHz Geode or better might be okay with that.

I run my PFSense at home on an old IBM Thinkpad T22. It's a Pentium 3, with 256 megs of RAM. Onboard Intel NIC, I have a PCMCIA card for my 2nd NIC. PFSense runs great on it.

This is an option I have been investigating too. Laptops are not as low power as embedded systems, but seem to get close when the screen is turned off. Sadly there do not seem to be any dual or quad NICs for PCMCIA. I am still looking into miniPCI, but that would mean loosing the wifi card.

Maybe this is a stupid question, but why can't I have more than one IP address per NIC? There does not seem to be any reason why two "virtual" NICs with separate IP addresses could not use the same physical NIC. Okay, the MAC address would be shared but that doesn't seem to be a problem.

To cut down on power it would be easy to just physically unplug the screen, keyboard, touchpad, optical drive etc and just use an embedded distro.

If you wanted even smaller...could look for an older IBM "X" series laptop...their ultraportable 12" models, like an X20 - X30 series.

LOL, my laptop is an X32 and it's actually a really good machine

 

[YeOldeStonecat]

I haven't played with multi WAN with PFSense, nor have I tried multiple IPs on the same interface with PFSense. I've done multiple IPs on some Windows servers I've done...just not with *nix. I'd be stunned that *nix couldn't do it.

For wireless I just have a wireless router flipped to access point mode, hanging off my main switch. (main switch happens to be my backup router..an RV082..which I'm just using as a switch now)

Other sources that I've stumbled across....
http://www.hacom.net/catalog/index.php?cPath=91_100
They have some little AMD Geode systems.

I'm guessing you probably already peeked at the recommended hardware vendor link on the PFSense website.

Yeah the Thinkpad X series is excellent. The durability of Thinkpads top notch, I've had my hands on probably every brand of laptop that exists...for myself...I keep getting Thinkpads.

 

[9lives]

There does not seem to be an easy way of doing multiple IPs in pfSense, but it looks like it might be possible with some hacking. I'm really looking for a simple solution though...

I use a Fonera running DD-WRT as an access point. It's not bad but for some reason WPA2 does not seem to work (WPA is fine).