Netgate SG-1000 microFirewall

Author Topic: I5 5250U 4 LAN Home computer Q355G4 install question  (Read 5280 times)

0 Members and 1 Guest are viewing this topic.

Offline Waqar.UK

  • Full Member
  • ***
  • Posts: 160
  • Karma: +2/-1
    • View Profile
I5 5250U 4 LAN Home computer Q355G4 install question
« on: March 31, 2017, 12:30:12 am »
Bought a I5 5250U 4 LAN Home computer Q355G4, fitted a 120 GB Kingston hyperx SSD.
I am on Virgin media 70/5 cable Internet in the UK. I have made a USB Sandisk  4GB flash drive to boot from - tested it boots fine.
Question is:
I know during installation for the wan to be recognised as far as I remember I have to switch off the cable modem & then switch on again after connecting the Ethernet cable.

Since it is a four Ethernet mini computer, I want to use all three ports as my lan (1 for my power line, 1 for my Asus wireless router and 1 for my desktop), so do I have to individually plug in the out going connections such as 1 for my Asus router, then say OK or can I use the same 1 for my Asus router Ethernet every time to activate the lan that then I can connect say another computer to my recognised lan port whenever I need to?

Offline phil.davis

  • Hero Member
  • *****
  • Posts: 4617
  • Karma: +551/-3
    • View Profile
    • International Nepal Fellowship
Re: I5 5250U 4 LAN Home computer Q355G4 install question
« Reply #1 on: March 31, 2017, 12:55:27 am »
If you want all your devices to be in the same subnet (so they can all see each other "directly" for "easy file/printer sharing...") then it is easiest to connect a switch to one of the pfSense ethernet ports, and connect all your devices to the switch. If your "Asus wireless router" has multiple ethernet ports (often they have 4 "LAN" ports and WiFi antenna) then you can use that as a 4-port switch.

You can bridge 3 ethernet ports on the pfSense box to put them in 1 LAN. But just because you "can" does not mean you "should". An ordinary switch will have much better local performance than pfSense trying to "emulate bridging".

If you want to have different filtering/security between your WiFi devices and cabled-LAN devices, then plug the "Asus wireless router" into one pfSense ethernet port, and put that in a pfSense interface. Plug a switch (or single device if you only have 1) into another pfSense ethernet port, and put that in a different pfSense interface. Then put rules on each interface to allow just the traffic you want going where.
As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

Offline Waqar.UK

  • Full Member
  • ***
  • Posts: 160
  • Karma: +2/-1
    • View Profile
Re: I5 5250U 4 LAN Home computer Q355G4 install question
« Reply #2 on: March 31, 2017, 04:35:21 am »
Thanks.

I thought I would no longer need my 8 port tp-link switch as currently I have on lan port on my mini tower i5 being used which is one of two ethernet ports of a pci x2 HP gigabit (Intel based) card. This lan goes to my  8 port tp-link which then via ethernet connects to my desktop, power line network and finally to my Asus wireless router. I thought I could set up my new pfsense with a seperate ethernet port for each device mentioned above.
« Last Edit: March 31, 2017, 04:44:56 am by Waqar.UK »

Offline phil.davis

  • Hero Member
  • *****
  • Posts: 4617
  • Karma: +551/-3
    • View Profile
    • International Nepal Fellowship
Re: I5 5250U 4 LAN Home computer Q355G4 install question
« Reply #3 on: March 31, 2017, 04:55:33 am »
I thought I could set up my new pfsense with a seperate ethernet port for each device mentioned above.
Yes, you can do that, and you can choose to either
a) bridge the 3 pfSense ethernet ports to make a single LAN, or
b) create 3 separate interfaces, each with a different subnet, and each will happen to have just a single device in it.

If you choose (a), you are saying that you are happy with all the devices in a single broadcast domain/subnet. In that case, I would keep the switch, plug the switch into a single pfSense ethernet port, and plug the devices into the switch - I would not do bridging.

If you choose (b) then each device is firewalled-off from the other devices. You need to add rules to allow the devices to talk to each other as desired. Software that does "automated discovery" of devices in a broadcast domain/subnet is not going to work (and so it depends if you care about that or not)

These things are design choices that depend on connectivity requirements, performance requirements, and the level of technical detail of setup that you want to manage.

Most home people will do something like:
1) attach all home devices to a switch
2) attach the switch to pfSense LAN
3) (maybe) add another access point for guests and attach that to a different pfSense interface/subnet, and give it different firewall rules so that their guests cannot hack into the home devices, or so the guests get limited bandwidth or...
As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

Offline Waqar.UK

  • Full Member
  • ***
  • Posts: 160
  • Karma: +2/-1
    • View Profile
Re: I5 5250U 4 LAN Home computer Q355G4 install question
« Reply #4 on: March 31, 2017, 01:08:20 pm »
I will do (a). So much simpler and all my devices will be protected.

Offline PingTheNet

  • Newbie
  • *
  • Posts: 16
  • Karma: +1/-0
  • pfSence or Bust
    • View Profile
    • Ping the Net
Re: I5 5250U 4 LAN Home computer Q355G4 install question
« Reply #5 on: April 05, 2017, 01:21:04 pm »
Bought the same unit! 8) If you have the opportunity I was wondering if you could check what your idle tempature is and let me know? I believe I'm running a bit hot.
pfSense running on...
  •   CPU: Intel Core i5-5250U Processor (3M Cache, up to 2.70GHz, Broadwell) + Intel 4 GBit LAN
  •   Configuration: RAM 8GB DDR3; SSD 128GB; AES-NI; Hyperthreaded; Model: Qotom-Q355G4
Switch - NETGEAR ProSAFE JGS516PE 16-Port Gigabit PoE WM (Plus) & GS105Ev2 5-Port WM (Plus)
Access Point - (2) Unifi 802.11ac Dual-Radio PRO

Offline Waqar.UK

  • Full Member
  • ***
  • Posts: 160
  • Karma: +2/-1
    • View Profile
Re: I5 5250U 4 LAN Home computer Q355G4 install question
« Reply #6 on: April 06, 2017, 04:28:55 am »
Bought the same unit! 8) If you have the opportunity I was wondering if you could check what your idle tempature is and let me know? I believe I'm running a bit hot.

According to pfsense, core temp is 27.8 Celcius.

My one runs warm but not hot.

Offline Waqar.UK

  • Full Member
  • ***
  • Posts: 160
  • Karma: +2/-1
    • View Profile
Re: I5 5250U 4 LAN Home computer Q355G4 install question
« Reply #7 on: April 07, 2017, 01:16:08 am »
Bought the same unit! 8) If you have the opportunity I was wondering if you could check what your idle tempature is and let me know? I believe I'm running a bit hot.


Here are my pfsense temps.

Offline PingTheNet

  • Newbie
  • *
  • Posts: 16
  • Karma: +1/-0
  • pfSence or Bust
    • View Profile
    • Ping the Net
Re: I5 5250U 4 LAN Home computer Q355G4 install question
« Reply #8 on: April 07, 2017, 01:49:36 am »
Bought the same unit! 8) If you have the opportunity I was wondering if you could check what your idle temperature is and let me know? I believe I'm running a bit hot.

According to pfsense, core temp is 27.8 Celcius.

My one runs warm but not hot.


Ok, that what I have now. When I ran it for the first hour. My Bios said it was 91 C but then it cooled down a lot after that. My guess the thermal paste needed to warm up to create a good seal.
pfSense running on...
  •   CPU: Intel Core i5-5250U Processor (3M Cache, up to 2.70GHz, Broadwell) + Intel 4 GBit LAN
  •   Configuration: RAM 8GB DDR3; SSD 128GB; AES-NI; Hyperthreaded; Model: Qotom-Q355G4
Switch - NETGEAR ProSAFE JGS516PE 16-Port Gigabit PoE WM (Plus) & GS105Ev2 5-Port WM (Plus)
Access Point - (2) Unifi 802.11ac Dual-Radio PRO

Offline Waqar.UK

  • Full Member
  • ***
  • Posts: 160
  • Karma: +2/-1
    • View Profile
Re: I5 5250U 4 LAN Home computer Q355G4 install question
« Reply #9 on: April 07, 2017, 04:40:50 am »
Your passive heat sink, is it warm or hot to your fingertips?

Offline phochiom

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: I5 5250U 4 LAN Home computer Q355G4 install question
« Reply #10 on: April 07, 2017, 10:56:29 am »
I also bought the same box from Qotom. It arrived today, pre-configured with 8 GB (Kingston branded) and 120 GB m.2 SSD (Phison branded).
Tried to install pfSense 2.3.3. I only have a TV that supports HDMI, so I could not see the whole text, especially at the bottom where is asks you to configure the various steps. So obviously I could not configure to my liking.
Just wanted to ask: is there a specific order for the 4 LAN ports to attach the WAN cable and the LAN? I used LAN1 for WAN and LAN2 for LAN (I attached a Netgear R7000 with stock firmware acting as Access Point and had IP 192.168.1.2). I could not get to the GUI of pfSense at 192.168.1.1 (neither with http or https).
So I guess I will need to buy a monitor with HDMI port to be able to configure pfSense.
Any help, or ideas, is appreciated.
Thanks

Offline Waqar.UK

  • Full Member
  • ***
  • Posts: 160
  • Karma: +2/-1
    • View Profile
Re: I5 5250U 4 LAN Home computer Q355G4 install question
« Reply #11 on: April 07, 2017, 05:14:25 pm »
I used a VGA to HDMI adapter that can be picked up for a few /$ which was connected to my really old 15" LG flat panel monitor. See if you can find these and it will work out cheaper than buying a new HDMI monitor.

https://www.amazon.co.uk/TechRise-High-Speed-adapter-Converter-Charging/dp/B01E8DD6J6/ref=sr_1_3?ie=UTF8&qid=1491644265&sr=8-3&keywords=vga+to+hdmi+converter

 There is a specific order to assign a LAN or WAN port on this mini PC. Setup asks for the WAN, then LAN.
« Last Edit: April 08, 2017, 04:38:44 am by Waqar.UK »

Offline phochiom

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: I5 5250U 4 LAN Home computer Q355G4 install question
« Reply #12 on: April 07, 2017, 07:57:15 pm »
Thanks, didn't know about these converters, will save me some money. With regards to LAN ports, can you please tell me which number did you assign to Windows? I assume it should be 1, or maybe it doesn't matter. I'm on Virgin Media 200/10 and would use only 2 of the LAN ports, 1 for Windows and 2 for LAN, which will go to my R7000 LAN 1.

Offline PingTheNet

  • Newbie
  • *
  • Posts: 16
  • Karma: +1/-0
  • pfSence or Bust
    • View Profile
    • Ping the Net
Re: I5 5250U 4 LAN Home computer Q355G4 install question
« Reply #13 on: April 08, 2017, 01:57:52 am »
I also bought the same box from Qotom. It arrived today, pre-configured with 8 GB (Kingston branded) and 120 GB m.2 SSD (Phison branded).
Tried to install pfSense 2.3.3. I only have a TV that supports HDMI, so I could not see the whole text, especially at the bottom where is asks you to configure the various steps. So obviously I could not configure to my liking.
Just wanted to ask: is there a specific order for the 4 LAN ports to attach the WAN cable and the LAN? I used LAN1 for WAN and LAN2 for LAN (I attached a Netgear R7000 with stock firmware acting as Access Point and had IP 192.168.1.2). I could not get to the GUI of pfSense at 192.168.1.1 (neither with http or https).
So I guess I will need to buy a monitor with HDMI port to be able to configure pfSense.
Any help, or ideas, is appreciated.
Thanks


Mine were out of order too and I had to swich them using Option 2 on th PfSence unit. Used the MAC to figure out the order. Mine was ordered 1, 4, 2, 3.
pfSense running on...
  •   CPU: Intel Core i5-5250U Processor (3M Cache, up to 2.70GHz, Broadwell) + Intel 4 GBit LAN
  •   Configuration: RAM 8GB DDR3; SSD 128GB; AES-NI; Hyperthreaded; Model: Qotom-Q355G4
Switch - NETGEAR ProSAFE JGS516PE 16-Port Gigabit PoE WM (Plus) & GS105Ev2 5-Port WM (Plus)
Access Point - (2) Unifi 802.11ac Dual-Radio PRO

Offline occamsrazor

  • Jr. Member
  • **
  • Posts: 33
  • Karma: +2/-0
    • View Profile
Re: I5 5250U 4 LAN Home computer Q355G4 install question
« Reply #14 on: April 08, 2017, 02:57:34 am »
Hi,

Just curious what kind of installation you are doing... on USB keys or on the SSD?
I was reading this and like the idea of using ZFS:
https://forum.pfsense.org/index.php?topic=126597.0
...but on the other hand using the SSD seems like it would be fastest.

Thanks.