Messages

106

General Discussion / Re: Small, low power, low heat mini pc for virtualization lab?

« on: August 29, 2024, 03:15:50 pm »

The AMD mini PC that I've seen are around $500, which is going to be tough to swallow. I guess I need to see what I'm going to need to have. Too early to say if I will even need a lab at home because work might provide one. I really only research/test possible work related stuff anyway.

107

Hardware and Performance / Re: Home OPNSense setup: reliable, budget-friendly fanless Mini PC suggestions?

« on: August 29, 2024, 03:13:39 pm »

If you have enough RAM, can't you use a ramdisk to cut down on the number of writes?

108

24.1 Legacy Series / Re: OPNSense as Firewall Windows 2019 Server as DHCP and DNS Server Best practices

« on: August 29, 2024, 03:10:25 pm »

In Windows Server DNS, you can just forward queries for non-authoritative requests to the firewall and the firewall will answer those requests.

109

General Discussion / Small, low power, low heat mini pc for virtualization lab?

« on: August 28, 2024, 05:08:10 pm »

I'm looking for some help. It appears that I may be moving and there will be no room, power, heat, noise load available for my current lab (4 HP DL360 gen8 servers), so I'd like to find some inexpensive mini PC to replace them. I'd really like an 8c/16t processor (or more) and really up to 64gb of ram in each host. AMD is fine, Intel 12th generation or older would also be OK (worrying about 13th and 14th Intel right now). Price is a factor and this is where I'm having the hardest part in what I can buy.

The HP DL360 I bought with 20c/40t processors and 128gb of ram for $200 shipped, I'm not finding anything in that pricing realm on the new market, and not sure what to look for on the used market, let alone in the mini PC segment. Going to need to go back through the Serve the Home Tiny, Mini, Micro stuff and see if I can find a jewel in there that fits my price and power considerations.

110

Hardware and Performance / Re: Home OPNSense setup: reliable, budget-friendly fanless Mini PC suggestions?

« on: August 28, 2024, 04:59:22 pm »

I would suggest also looking at some of the AMD powered systems, they do seem to work fine. OPNsense hardware is AMD x86_64 based. When you can get them cheap, the HP t740 with a network card works pretty well, I ran my system at work on one of these for several months until I could free up a rack mount Xeon E3-1230v5 system for the permanent firewall. Both the T740 and the rack mount are 4c/8t and seem to always have processor available, which is just where I want it. Suricata, Crowdsec, Zenarmor free version all running through an intel i350 made by 10GTek (some different components). So far, so good.

I will go against recommendations and say that you should have 16gb of ram, yes you might have a bunch "wasting" away unused, but when you get into these soldered down ram mini computers, there is no upgrade.

If you find a nice 6c/12t or 8c/16t fanless system that doesn't cost much, let me know because I think I may need to sell my XCP-NG lab (4 HP DL360 gen8 servers) and build something more compact, less power/heat/noise. Because I need 3 and a NAS, I need to keep the cost down as far as possible. XCP-NG prefers 4 threads for system work, which doesn't leave a lot of threads for the VMs. Yes off topic, but help would be appreciated.

111

Zenarmor (Sensei) / Re: Cannot install Zenarmor on Opnsense v24.7.2

« on: August 27, 2024, 05:46:41 pm »

Thanks, I forgot about the netmap driver, I think I need to change mine which runs on a quad port Intel i350 so I would think the best of all cases.

112

Intrusion Detection and Prevention / Re: I don't know how to integrate abuseipdb.com's IP List into opnsense to block the

« on: August 27, 2024, 05:44:29 pm »

Care to share it with the rest of us? I was thinking it might be done through Crowdsec and I think the paid version of Zenarmor might be able to do this.

113

Intrusion Detection and Prevention / Re: Intrusion Detection => Strategy => There are too many entries.

« on: August 27, 2024, 05:43:09 pm »

When you import the rules, I believe there was a way, I just can't fully remember right now.

114

Hardware and Performance / Re: DEC-850v1 12V connector ID

« on: August 19, 2024, 07:56:10 pm »

Just a guess:

5.5mm x 2.5mm connector You can roughly measure it with a ruler. As a backup a 5.5mm x 2.1mm might be worth having on hand. Guessing center positive.

Kind of surprised they didn't use a screw on locking connector for this application.

115

24.7 Production Series / Re: Home use "easy button" question

« on: August 19, 2024, 07:47:37 pm »

That may have been because I wasn't using DHCP that I had to check the box to use Unbound and the firewall for DNS. I may need to set one up in "simple" mode to see what I get. I usually think that people going for this kind of firewall will be configuring a few settings manually.

116

Hardware and Performance / Re: Sophos SG 210/220/310/330 - blast from the past?

« on: August 19, 2024, 04:09:00 pm »

If you can get the SG 330 rev2 for $100, that might be a decent device, but I wouldn't go with a rev1 because you can beat the performance with other devices.

According to one ebay listing, the 330 rev1 is a fourth generation i5, or at least that's what someone put in it. That's getting kind of old but should still work. But the rev1 doesn't have 10gbps ports.

I'm seeing the rev2 for $800 used, which is right up there with a DEC 2752... I'd buy the DEC2752 if it was my money.

You might need to look for one of the small form factor PCs and add in the cards that you want. HP Elite gen 2 or 3 (or newer) might be a good choice, the Prodesk don't have enough PCIe slots.

There are a few of the devices similar to a Quotom that have 10gbps ports, I think I've seen some for around $300. And most of these are going to run the n100 processor or maybe an AMD processor. Either seems to work fine.

You might be able to use an HP t740 if you get a card that has 2 gigabit and 2 10gbps ports. Only one slot so your choices are very limited.

117

24.7 Production Series / Re: Home use "easy button" question

« on: August 19, 2024, 03:33:55 pm »

The only thing you will want/need to do to compare to a typical consumer home router is this:

Activate DHCP on the LAN port and set your range, subnet, gateway, and DNS server. 192.168.1.50-192.168.1.200, 255.255.255.0 or /24, 192.168.1.1, 192.168.1.1 in the order listed above for descriptions.

Go to unbound and check the box to allow it to be the system DNS provider, if you don't do this, then you need to set your chosen DNS provider for each client or in the DHCP config (1.1.1.1, 8.8.8.8, etc).

118

Zenarmor (Sensei) / Re: 1.17.6 update problem

« on: August 08, 2024, 03:05:32 pm »

I've had this fail in the past, and the reinstall fixed things, but mostly the update process just works.

119

Web Proxy Filtering and Caching / Re: Ad blocker

« on: August 07, 2024, 04:36:39 pm »

The way Youtube does ads, Zenarmor will not block them. AdBlock browser extension mostly works, it's a constant fight back and forth between blockers and google.

Zenarmor will block most other google ads and telemetry, at least the free version does. Paid might offer more.

120

24.7 Production Series / Re: No serial port - Console Access using USB?

« on: August 06, 2024, 10:46:51 pm »

Apparently USB-Nullmodems exist:

https://hackaday.com/2020/08/25/the-usb-null-modem-cable-is-now-a-thing/
https://ftdichip.com/products/usb-nmc-2-5m/
https://de.aliexpress.com/item/1005001407066778.html

Well, this has worked for me a couple of times:

https://a.co/d/6rdWQW9

That's what I was thinking of, but I normally build my own (having parts on hand).

I like that first link that Patrick gave us, that's pretty cool and might be useful down the road for those odd times when needed. I'll have to look into it a bit more.