[Soekris] soekris 4801 and pfsense 2.x

Nikola Gyurov ngyurov at gmail.com
Tue Sep 10 23:03:56 CEST 2013

Actually, OpenBSD is slightly changing syntax over time, but the
changes from a version to another are trivial and easy to implement.
The bigest one I can remember was introduced in 4.7 with the changing
of the redirection etc.

As for the configuration generation on pfSense - while most of the
things on OpenBSD just work, working with another config rarely
happens :)
What I meant was that he can generate his config on pfSense so he'd
have a general idea of what does he need, then rewrite it to work on
OpenBSD - could be tricky, but not impossible.
A good guide to PF (if not the best) is Peter Hansteen's 'The Book of
PF', 2nd edition --> http://nostarch.com/pf2.htm

@Chris, are you actually running on 127 degC? NS (now TI) do produce
some tough hw!

These are my temp stats on the 6501-50 with two WD HDDs in the box:
$ sysctl | grep deg
hw.sensors.cpu0.temp0=34.00 degC
hw.sensors.cpu1.temp0=34.00 degC
hw.sensors.acpitz0.temp0=43.00 degC (zone temperature)
hw.sensors.acpitz1.temp0=43.00 degC (zone temperature)

Best regards,
Nikola Gyurov

On Tue, Sep 10, 2013 at 9:17 PM, Christopher Hilton <chris at vindaloo.com> wrote:
> On Sep 10, 2013, at 1:17 PM, Nikola Gyurov <ngyurov at gmail.com> wrote:
>> Hi,
>> If you don't reqiure custom modifications all the time, no different
>> user access to the interface etc. you could just create the pf.conf
>> and use it on an OpenBSD installation (this is what I use, other BSDs
>> may be fine too). It wouldn't need as much RAM as pfSense.
>> However, this wouldn't help with the throughput limits.
> OpenBSD may or may not be a big help here. The OpenBSD team has done a lot of work on pf since the version that's in pfsense was released. Some of the work was performances based and that may be enough to get the job done on net4801 hardware for you. More on that later. One big change was a pf.conf syntax change regarding how NAT is handled which happened with OpenBSD 4.5. If you are using NAT, I would _not_ count on a pfsense generated configuration to work in OpenBSD 4.5+
> Otherwise, the news if very good. If my research is correct the OpenBSD team has gained big performance increases in both their network stack and pf many of which aren't reflected in pfsense. According to this talk:
>      youtube.com/watch?v=VNyBAcO2pIg [20:15]
> they roughly doubled the throughput of pf and their network stack from 28Mbit / sec to 56Mbit / sec on "low end Soekris" hardware. They don't specify the hardware beyond "low end Soekris" but when they say low end I assume that they mean a 45xx or a 48xx. I myself have tested 55xx and 65xx hardware and find that you can achieve 80 ~ 90 Mbit/sec with OpenBSD on the net5501 with the standard 100Mbit/s vr interfaces. To go faster you'll need to install a good Gigabit NIC in the net5501's PCI slot. The net5501 will keep up with the traffic but in this configuration, with a dual intel em PCI NICs I get lot's of heat. If the high heat bothers you, save yourself some time and opt for the net6501 or go for a rack mount chassis and plan on adding a fan.
>      $ sysctl -a | grep deg
>      hw.sensors.nsclpcsio0.temp0=92.00 degC (Remote)
>      hw.sensors.nsclpcsio0.temp1=127.00 degC (Remote)
>      hw.sensors.nsclpcsio0.temp2=70.00 degC (Local)
> Hope this helps,
> -- Chris

More information about the Soekris-tech mailing list