Building a ClearOS DHCP Server / Firewall

[CrustStation]

So, the modem / router combo Comcast forced me to get has been a burden on my Internet speed and flexibility, as it stating that port forwarding was its most advanced feature. I run a Minecraft server out of a repurposed Dell Optiplex 755 USFF for me and my friends, and ALL my friends are complaining about connectivity lag that I've traced down to my new "router" bottlenecking the connection (Before, I had a standard Arris modem and standard wireless router which was much faster). I've decided that the only way to fix this and gain better optimizations is if I were to go back to a standard cable modem and then build a router.

 

I know all you Linux weirdos are immediately recommend pfsense, but in my experience with any form of FreeBSD, I will NOT be going there (FreeNAS killed it for me). I instead will be using ClearOS Community, which is based on Redhat. I've already installed it in VirtualBox and played around with the WebGUI and I REALLY like it a lot. While it may be a tad slower and heavier than pfsense, the trade off is functionality and user friendliness.  

 

SKIP TO HERE FOR MAIN POINT: The reason I created this article is to ask if this hardware I plan to get would work:

 

Motherboard: ASRock J1900D2Y (Keep in mind that I need two outputs as my switch is capable of a full duplex)

 

Case: Supermicro CSE-512L-260B 1U Rackmount Case

 

Storage (To just hold ClearOS): 16 GB Samsung SSD

 

I'm mainly concerned about the board, and I'm no expert with server boards (especially in the mini itx form factor).

[linuxfan66]

Why are you saying FreeBSD and Linux are the system. They are similar but their networking stacks are merely similar not the same

[braneopbru]

Everything in modern networking is full duplex, that is irrelevant. You need two network ports because one goes to the modem and the other goes to the switch.

 

That motherboard has IPMI which is a good thing. Good board overall. You will have issues putting it into that case. The case has a 16 pin connection for the front panel buttons, including power which you cannot plug into that motherboard. You will need to buy an adapter. You will also not be able to use the i/o shield that comes with the motherboard in that case. 1U cases are to short for standard i/o shields.

 

The seller of the case you linked to; I just bought one of those motherboards he is selling from him a few days ago. Can confirm the board was in perfect condition.

 

I HIGHLY recommend you look at that x9 motherboard he is selling. He is asking $80, but he accepted my offer of $60. I also bought a xeon 1220v2, 16 Gigs of RAM and a heatsink from him. Send him a message, tell him you want to buy MB, CPU, RAM and case and see what he can do for you in terms of price. The i/o shield in that case is specifically for that motherboard, as is the front panel connector.

 

I'm using two of those SSDs in RAID1 for my setup, pretty good so far, but the two that I received only had 15% life left, be aware of that. At that price, buy four and keep a couple of spares.

[tt2468]

Apparently we have become 'linux weirdos".

[CrustStation]

Why are you saying FreeBSD and Linux are the system. They are similar but their networking stacks are merely similar not the same

I don't like FreeBSD. Period. Everything else I currently have runs Server 2008 R2.

[CrustStation]

Apparently we have become 'linux weirdos".

I know that they hate they despise of NTFS and want "ZFS Pools".

[CrustStation]

Everything in modern networking is full duplex, that is irrelevant. You need two network ports because one goes to the modem and the other goes to the switch.

 

That motherboard has IPMI which is a good thing. Good board overall. You will have issues putting it into that case. The case has a 16 pin connection for the front panel buttons, including power which you cannot plug into that motherboard. You will need to buy an adapter. You will also not be able to use the i/o shield that comes with the motherboard in that case. 1U cases are to short for standard i/o shields.

 

The seller of the case you linked to; I just bought one of those motherboards he is selling from him a few days ago. Can confirm the board was in perfect condition.

 

I HIGHLY recommend you look at that x9 motherboard he is selling. He is asking $80, but he accepted my offer of $60. I also bought a xeon 1220v2, 16 Gigs of RAM and a heatsink from him. Send him a message, tell him you want to buy MB, CPU, RAM and case and see what he can do for you in terms of price. The i/o shield in that case is specifically for that motherboard, as is the front panel connector.

 

I'm using two of those SSDs in RAID1 for my setup, pretty good so far, but the two that I received only had 15% life left, be aware of that. At that price, buy four and keep a couple of spares.

Thanks, man. As much as I like Supermicro boards (I got one in my file server), I really need that 10 Watts TDP rating of that ASRock. I think my file server uses up enough power. You said the board was fine for my purpose and that's really all that matters. I can care less about the I/O shield fitting, and if I have to, I'll Linus it up with a dremel. About the connectors, I have junk cases with connectors I can probably transfer the wires over to and just connect them that way. The SSD is fine. If it dies on me, a replacement will only be $10. All I need is DHCP and Firewall.

 

My network terminology isn't that great. The only term I fully understand is LACP Active Trunking. What I mean is that my switch has 2 inputs and can be configured to have one input be for incoming packets and the other for outgoing packets, I just need to figure out if ClearOS supports that, but I think it does.

[braneopbru]

Thanks, man. As much as I like Supermicro boards (I got one in my file server), I really need that 10 Watts TDP rating of that ASRock. I think my file server uses up enough power. You said the board was fine for my purpose and that's really all that matters. I can care less about the I/O shield fitting, and if I have to, I'll Linus it up with a dremel. About the connectors, I have junk cases with connectors I can probably transfer the wires over to and just connect them that way. The SSD is fine. If it dies on me, a replacement will only be $10. All I need is DHCP and Firewall.

 

My network terminology isn't that great. The only term I fully understand is LACP Active Trunking. What I mean is that my switch has 2 inputs and can be configured to have one input be for incoming packets and the other for outgoing packets, I just need to figure out if ClearOS supports that, but I think it does.

 

I haven't looked up what exactly LACP active trunking is, but having one full port for incoming and another port for outgoing is redundant since ethernet is full duplex; You can have 1000 Mb/s going each way simultaneously on the same port. Regardless, even if you use LACP, that'll take two of your ports, so unless you add a pcie NIC, where do you connect your WAN? Don't forget, although that board has three network ports, one of them is for the IPMI. It cannot be used by the OS; it's strictly a management port.

 

If you're really interested in doing the LACP, and TDP is important to you, have a look at this:

 

http://www.newegg.com/Product/Product.aspx?Item=N82E16813182988&Tpk=N82E16813182988

 

That board has 6 (six!) watts TDP, on board mini pcie connector that you can plug an msata drive for lower consumption. It's go the IPMI, but it's also got 4 network ports available for use. You can even ditch the power supply altogether; the board will accept straight 12volt input from a small power brick.

 

I looked the manual for that board already and I saw the the front panel header is different than the connector on the case that you linked to. Before you start hacking up cables consider getting this little thing. I'm sure you can figure out what it would be used for.

 

http://www.newegg.com/Product/Product.aspx?Item=9SIA24G28N5470&cm_re=CBL-0084L-_-12-153-003-_-Product

 

I wish I could buy a bunch of those cases at the price that guy is selling them for, but shipping to Canada is $65 each unit. I'm seriously considering driving to Buffalo and getting them shipped to one of the package receivers there.

[CrustStation]

I haven't looked up what exactly LACP active trunking is, but having one full port for incoming and another port for outgoing is redundant since ethernet is full duplex; You can have 1000 Mb/s going each way simultaneously on the same port. Regardless, even if you use LACP, that'll take two of your ports, so unless you add a pcie NIC, where do you connect your WAN? Don't forget, although that board has three network ports, one of them is for the IPMI. It cannot be used by the OS; it's strictly a management port.

 

If you're really interested in doing the LACP, and TDP is important to you, have a look at this:

 

http://www.newegg.com/Product/Product.aspx?Item=N82E16813182988&Tpk=N82E16813182988

 

That board has 6 (six!) watts TDP, on board mini pcie connector that you can plug an msata drive for lower consumption. It's go the IPMI, but it's also got 4 network ports available for use. You can even ditch the power supply altogether; the board will accept straight 12volt input from a small power brick.

 

I looked the manual for that board already and I saw the the front panel header is different than the connector on the case that you linked to. Before you start hacking up cables consider getting this little thing. I'm sure you can figure out what it would be used for.

 

http://www.newegg.com/Product/Product.aspx?Item=9SIA24G28N5470&cm_re=CBL-0084L-_-12-153-003-_-Product

 

I wish I could buy a bunch of those cases at the price that guy is selling them for, but shipping to Canada is $65 each unit. I'm seriously considering driving to Buffalo and getting them shipped to one of the package receivers there.

I like that board, and now I'm actually torn between the two. They both have their ups and downs. However, I failed to mention I am getting my first job this summer and money for me (especially right now) isn't a common sight. I don't mind spending a good bit on a nice board rather than a tired Socket 775 thing. I compared the two boards' processors and they're actually fairly close, the only difference is the 20 MHz clock speed difference and the Supermicro's 6W TDP. However, the case I am using comes with a power supply that I don't think will be able to take advantage of something THAT low (Unless I were to purchase a new one, however they are mad expensive), let alone the ASRock. And I didn't know that was a management port! You would think it would be separate. from the rest of the LAN ports. Interesting.

[Blake]

So, the modem / router combo Comcast forced me to get has been a burden on my Internet speed and flexibility, as it stating that port forwarding was its most advanced feature. I run a Minecraft server out of a repurposed Dell Optiplex 755 USFF for me and my friends, and ALL my friends are complaining about connectivity lag that I've traced down to my new "router" bottlenecking the connection (Before, I had a standard Arris modem and standard wireless router which was much faster). I've decided that the only way to fix this and gain better optimizations is if I were to go back to a standard cable modem and then build a router.

 

I know all you Linux weirdos are immediately recommend pfsense, but in my experience with any form of FreeBSD, I will NOT be going there (FreeNAS killed it for me). I instead will be using ClearOS Community, which is based on Redhat. I've already installed it in VirtualBox and played around with the WebGUI and I REALLY like it a lot. While it may be a tad slower and heavier than pfsense, the trade off is functionality and user friendliness.  

 

SKIP TO HERE FOR MAIN POINT: The reason I created this article is to ask if this hardware I plan to get would work:

 

Motherboard: ASRock J1900D2Y (Keep in mind that I need two outputs as my switch is capable of a full duplex)

 

Case: Supermicro CSE-512L-260B 1U Rackmount Case

 

Storage (To just hold ClearOS): 16 GB Samsung SSD

 

I'm mainly concerned about the board, and I'm no expert with server boards (especially in the mini itx form factor).

Any reason you can't just use a ubiquity edgerouter lite? or if you don't have an RJ-45 terminator/still on DSL, a Cisco 887 (or similar)?

 

The edge router has a total max tdp of 7w and for your work, seems like a better fit.

[CrustStation]

Any reason you can't just use a ubiquity edgerouter lite? or if you don't have an RJ-45 terminator/still on DSL, a Cisco 887 (or similar)?

 

The edge router has a total max tdp of 7w and for your work, seems like a better fit.

I really want that DIYness of of a server. If I end up hating ClearOS, I can switch to Windows Server in a snap. I don't really like Ubiquity anyway. They're like that Apple of networking. Are nice looking, but in my experience not very reliable. Every time I get a call to fix a wireless point in a commercial environment it's almost ALWAYS a ubiquity something that keeps dropping out a network.

[Blake]

I really want that DIYness of of a server. If I end up hating ClearOS, I can switch to Windows Server in a snap. I don't really like Ubiquity anyway. They're like that Apple of networking. Are nice looking, but in my experience not very reliable. Every time I get a call to fix a wireless point in a commercial environment it's almost ALWAYS a ubiquity something that keeps dropping out a network.

I'd actually say the cisco meraki stuff is the apple of the networking world. And you will get the same issues 99% of the time (assuming that the devices where correctly spec'ed for the expected load, etc etc) on all corporate AP's. 99% of software issues are caused by the system not being correctly configured, or the controller being incorrectly configured.

[braneopbru]

I like that board, and now I'm actually torn between the two. They both have their ups and downs. However, I failed to mention I am getting my first job this summer and money for me (especially right now) isn't a common sight. I don't mind spending a good bit on a nice board rather than a tired Socket 775 thing. I compared the two boards' processors and they're actually fairly close, the only difference is the 20 MHz clock speed difference and the Supermicro's 6W TDP. However, the case I am using comes with a power supply that I don't think will be able to take advantage of something THAT low (Unless I were to purchase a new one, however they are mad expensive), let alone the ASRock. And I didn't know that was a management port! You would think it would be separate. from the rest of the LAN ports. Interesting.

I'd say that the biggest difference between the two CPUs is actually the fact that the n3700 supports AES-NI. Not sure if you are familiar with it; the CPU does cryptographic acceleration in hardware. If you intend to run VPN services on the server, AES-NI support can have a HUGE effect of throughput of encrypted traffic. 

[CrustStation]

I'd say that the biggest difference between the two CPUs is actually the fact that the n3700 supports AES-NI. Not sure if you are familiar with it; the CPU does cryptographic acceleration in hardware. If you intend to run VPN services on the server, AES-NI support can have a HUGE effect of throughput of encrypted traffic. 

Oh my, yes! I do actually need VPN for SMB outside my network. Ok, so the Supermicro board wins.

[braneopbru]

Oh my, yes! I do actually need VPN for SMB outside my network. Ok, so the Supermicro board wins.

I only saw that board a few days ago. I'm seriously considering dropping my LGA115 board/Pentium G620t combo and picking that one up instead to run my pfsense router.