pfSense: mobo NIC vs PCIe NIC?

Whoaru99 · Jan 30, 2019

Maybe this is more a computer question vs a pfSense question, but here goes...

The computer setup I built for a pfSense box has a Gigabit Realtek NIC integral to the mobo. Then, I added a 4-port Gigabit Intel NIC to a PCIe slot.

Since I don't really need all 4 ports of the Intel NIC for LANs, would I be better off to skip using the mobo NIC and instead use one of the Intel four for the WAN port and the remaining three for LAN?

Or, use the mobo port for WAN and the Intel NIC ports for LAN as needed (as I'd initially envisioned)?

My Internet service is good, but not exceptional at 200Mb/s down, 10Mb/s up. The whole place is wired to Gigabit capacity.

mat200 · Jan 30, 2019

Whoaru99 said:
Maybe this is more a computer question vs a pfSense question, but here goes...

The computer setup I built for a pfSense box has a Gigabit Realtek NIC integral to the mobo. Then, I added a 4-port Gigabit Intel NIC to a PCIe slot.

Since I don't really need all 4 ports of the Intel NIC for LANs, would I be better off to skip using the mobo NIC and instead use one of the Intel four for the WAN port and the remaining three for LAN?

Or, use the mobo port for WAN and the Intel NIC ports for LAN as needed (as for some reason I'd initially envisioned)?

Hi @Whoaru99

Remember to check pfsense supports whatever NIC hardware you are using. iirc having some issues with cheaper Mother Board and add in card NICs.

Whoaru99 · Jan 30, 2019

I went with an Asrock J4105B mini-ITX board.

pfSense right away recognized all four ports of the Intel NIC and the Realtek integral NIC.

That said, I've so far only connected to go through the web GUI but all the ports work for that.

mat200 · Jan 30, 2019

Whoaru99 said:
I went with an Asrock J4105B mini-ITX board.

pfSense right away recognized all four ports of the Intel NIC and the Realtek integral NIC.

That said, I've so far only connected to go through the web GUI but all the ports work for that.

When you get a chance do share pictures of your set up / build and any gotchas you learn.

Thanks Whoaru

SkyLake · Jan 30, 2019

I would use the onboard NIC as the WAN, and then use the other ports on the card for LAN, etc etc.

Whoaru99 · Jan 30, 2019

I haven't really used it yet but here are a few pics with something familiar for scale. The case has a full-size CD/DVD burner in it. Not really necessary for this but the case, burner, small 64GB SSD and a few other bits are what I already had. Probably went a little OB on memory with 8GB in dual channel mode but...

Its pulling 20-22W at idle. Maybe a little more than I expected but that's not a big concern for me.

crw030 · Jan 30, 2019

I recall something about OS support for some NICs was worse than for Intel (specifically the Intel ones with offloading work really well for pfSense).

That being said I haven't noticed any limits using the onboard PLUS a 4 port.

archedraft · Jan 30, 2019

I would stick with using the intel card for everything.

concord · Jan 31, 2019

Whoaru99 said:
Maybe this is more a computer question vs a pfSense question, but here goes...
Since I don't really need all 4 ports of the Intel NIC for LANs, would I be better off to skip using the mobo NIC and instead use one of the Intel four for the WAN port and the remaining three for LAN?

Or, use the mobo port for WAN and the Intel NIC ports for LAN as needed (as I'd initially envisioned)?

I picked up a HP SSF G4, which has a Realtek NIC (set as WAN) and added a 4 port IBM/Intel card also. I played around with pfSense and Untangle, both recognize the NICs and didn't seem to have any issues over the holidays. Worst case, you could always re-config from the Realtek to Intel port if issues arise. Haven't tried opnSense yet.

I'm planning on having 3 or 4 separate lans (cams, office, guest and video, i.e. plex / emby / kodi, etc), but I'm in no hurry to make a decision on which software I will use, so please keep us updated on how well your rig is doing.

bugsysiegals · Jan 31, 2019

I wanted the onboard NIC for management in case the quad ever failed; however, running Proxmox with pfSense virtualized led to Proxmox associating to my modem and having to reboot the modem after starting pfSense which meant I could never reboot the system remotely and have it come back up. I tried to use IOMMU PCI Passthrough on the quad NIC but since each port belongs to the same group, it messed up the other ports so I had to do PCI passthrough on the onboard NIC instead and use the quad NIC for management, lan, and security cameras.

Whoaru99 · Feb 22, 2019

I finally plugged this thing into a real network...errr, one of my networks anyway but not the camera network. That I decided to put on a dedicated LAN, no router, just switches and the separate NIC in BI computer.

Seems to be up and running fine but I've yet to do much of anything except try a speed test so far. With my 200/10 ISP connection, via hardwire, it's consistently running 215-218 down and 11-12 up. That's about what I was seeing with the previous Netgear R7000 router, although perhaps a hair more consistently. Probably be too close to wager any bets though.

In any case, should be easier on the R7000 to just be an AP rather than a router too.

During the speed test the CPU Usage on pfSense dashboard climbed to 10% for short time then dropped back to ~2% where is seems to be hanging out most of the time. I'll fire up a Netflix or Amazon 4K streaming movie and see what happens for kicks.

bugsysiegals · Feb 22, 2019

Very nice!! Mine is usually around 1-2% also.

I’ve currently only had time to setup firewall alias (group several IP together by name), QoS, Ubiquiti AP VLAN by SSID, and pfBlockerNg. I was planning to start setting up FreeRadius and Captive Portal to automatically limit each Xbox to 2 hours of usage per day but have some other projects to focus on. I really do love pfSense for all it can do now and into the future and I’ve not had any stability issues whatsoever ... definitely looking forward to tinkering with more settings in the future.

smoothie · Feb 23, 2019

You should use the Intel NIC for everything. You could setup that on board nic as a backup in case the Intel card fails/has trouble but even that I wouldn't bother with.

The reason you will want to use the Intel NIC is that there are a number of functions that must be performed for a computer to interface with a network.

Intel cards have dedicated hardware for all the functions that can be performed by dedicated hardware, as such they are expensive but efficient and have minimal software driver complexity. Realtek and other such card makers use minimal hardware (this is why their NICs are physically small) and have a bloated software driver to handle all the functions that could have been performed by the hardware which forces your system CPU to pickup the slack. Netgate, the makers of pfSense, recommend Intel cards above all others for implementation.

The protocol stack of the pfSense kernel allows for total separation of interfaces even when shared on the same physical NIC, you needed worry about compromised security with this implementation.

And finally congrats on choosing an outstanding security product in the form of pfSense, I run it myself with great success.

If you want your pfSense to filter out spyware and adware domains you can install pfBlockerNG-Devel and configure it using guides from Linuxincluded.

Block Ads & Malvertising on pfSense Using pfBlockerNG (DNSBL)

Enjoy

Whoaru99 · Feb 23, 2019

Thanks. I changed the WAN to one of the ports on the Intel NIC.

Search

pfSense: mobo NIC vs PCIe NIC?

Whoaru99

Pulling my weight

mat200

Whoaru99

Pulling my weight

mat200

SkyLake

Getting comfortable

Whoaru99

Pulling my weight

Attachments

crw030

archedraft

Getting the hang of it

concord

Getting comfortable

bugsysiegals

Getting the hang of it

Whoaru99

Pulling my weight

bugsysiegals

Getting the hang of it

smoothie

Pulling my weight

Whoaru99

Pulling my weight