Hardware purchase for amateur use

I thank you. My English gives me great difficulty when reading the descriptions of the articles, if they are not written in my language. But what if I want to buy an APU4D4 with 8Gb of ram instead? Since IpFire will I also use it to emulate machines? Is it convenient for me?

What do you recommend for a machine with 4 gigabit LANs and 8gb RAM?

Try DeepL Translate: The world's most accurate translator, which is better than google translation.

If you want to create virtual machines, definitely 8 Gb memory is better. However, if you intend to use the machine to protect a physical network, (e.g. a nas in your home or an office) I would not use any virtualization solutions, as those increase the attack surface and introduce a host of bugs that make them more insecure. In other words, if you want a firewall to protect your network, a 4 Gb ram is good enough because you should not use any virtualization system.

3 Likes

I thank you for the new translator. I am already trying it out.
For the security talk about virtualization, that’s a suspicion I had always had. I’ll stick with 4Gb then. Better security. However, if I use IpFire to emulate an OS on it just for a little while? Just long enough to do what I need to do, then I shut down the virtual machine? How do you see this in terms of security?

can’t help you. I can only tell you what I would pay attention to, if I were to shop. The ethernet card must be:

  1. well supported by the linux kernel,
  2. not adapters, straight ethernet
  3. have at least a gigabit ethernet controller, possibly with more than 2 queues
3 Likes

Can’t say. I can only tell you what I have chosen for myself. If I buy a lock, it must be proportionally valuable with the things it has to protect. An 100 euros safe to protect a value of 100Ks euros or above is a bad idea.

I do like my NAS very much, so I have three backups of it, in 2 different machines, one off site and I protect the nas and the backups with an IPFire machine that has only one job to do.

If I want to do research, I place behind the firewall a cheap machine, for example a mini ITX (I do not like arms, including the Rpi) with 16 Gb ram to spin any virtual machine I want.

4 Likes

On reflection, I also agree. Every extra thing you put inside a server could be one more flaw. Small flaw or big flaw, but still a flaw. Maybe that’s the concept.
For the machine, I will think hard before buying another one. I’m afraid of spending and being bad with the speed of the network cards. And this has already happened to me with other hardware. Then it is not that I am very knowledgeable about these things.

I am also not very knowledgeable about hardware. To save time with research, I use this online shop of mini ITX machines, located in England, that I discovered has competent people behind it. They have a ton of detailed information of their products, and they always answered promptly my questions when that was not enough, and I had always good reliability over the years.

If I need to buy, I look for the same hardware that they sell. Most of the time I shop directly from them, but some times I look for a local shop (to save on transport and taxes), but always the same hardware in the same combination.

About firewall hardware, when I will upgrade form the apu2 (which is a fantastic machine), I will buy directly from the ipfire people.

2 Likes

I thank you. I will have a look around this site with the new translator. I tried to translate old things there and they seem much clearer. It works better!!! :slightly_smiling_face:

And true, but what if I buy from you? How does it work?

I do not sell anything :slight_smile: I think there is a misunderstanding here. I speak Italian, if that’s your language you can message me directly.

1 Like

I just tried this again (and to a different workstation) from my nanopi R1. Same result of no wake-up.

I also tried plugging a USB keyboard and tapping non-character keys, as well as plugging a USB flash drive. Again to no avail.

Serial has to be reliable to be viable. Perhaps IPFire has to have some routine for this process ?

1 Like

I suggest not. That board has 1 GHz quad-core CPU & single-channel RAM. I’m running a 2.5 GHz quad-core CPU & dual-channel RAM. Full GUI Linux, eg Linux Mint, run quite well on that, but IPFire reports the cores all running at about 2 GHz. The 4 GB RAM would also be marginal and risk putting VM into swap space, which all but “locks up” the machine and you don’t want that occurring for a firewall.

It also has no provision for a second, spinning HDD. VM can have large files of 20 GB that are frequently written and I am wary of putting that on SSD, but I am no expert on filesystems, nor SSD.

The Lightningwirelabs mini appliance is much the same hardware and the same considerations apply.

What are the general specs of your “trial-horse” IPFire box ? That should give you a basis for comparison and perhaps you should explore all the functions you want on that, before making another purchase. If it is a conventional PC, then upgrading the mainboard in it could be a better option.

2 Likes

Look, I have the same problem myself. I suspected that when IpFire recognizes my PC’s built-in video card, it “prevents serial communication for the visual console.”
But I don’t know if I am completely right.
I can reconfirm that I tried to start IpFire with the installation CD, as if I were to install it. The serial console worked perfectly for me until the language choice text screen appeared. From there the serial communication between IpFire and Putty immediately stopped.
I have just ordered a USB serial card, which will arrive tomorrow, to do more testing.
I am also interested in this.

Yes. I fully agree. I installed in IpFire the NFS addon. I created the image file on my network NAS with a mechanical Hard Disk. For that no problem. But you did well to inform me about the hardware features of the machine. I didn’t know that. So in addition to the security problem that Fusco mentioned, this other one takes over. I have already decided not to use IpFire as an emulator and to think it over before buying new hardware, also opting for your solution: improving the hardware I already have, upgrading it as much as possible.

I feel obliged to point out that when I said …in addition to the security problem… I was not referring to APU4D4. I was told that it is less secure to install emulated machines on a server that it is supposed to protect.

Users of APU4D4 hardware should be able to answer this question. I have no experience of it. Serial certainly must default to “ON” with those. That is the opposite of what you are perceiving.

In the case of ARM SBC (which I suggest you avoid), IPFire generally defaults those having video to “serial ON”. It results in a more complicated experience, with the output from boot going only to serial, then video plus keyboard becoming usable with the running system.

1 Like

@rodneyp , I’ve just read through the wiki for NanoPi R1. I think the serial port is a bit rudimentary. So your experience with this special board are not typical for a serial console.

1 Like

Could this be the same reason why it doesn’t work well for me either?
I am, however, using regular PC serial ports.

If your board has a monitor/keyboard console, IPFire uses this interface.
Serial interface is used for boards lacking this ‘standard PC interface’, only.

Problems with serial interfaces are possible for simple RX/TX connections ( as is true for NanoPi ). RS232 ( the serial protocol ) functions best if there are handshake signals ( RTS/CTS ). As far as I know IPFire does not use the SW handshake ( XON/XOFF characters ). XON/XOFF is a bit tricky in case of plug-in/plug-off situations. Both sides don’t know the state of the other side.

2 Likes

Then I had guessed right from the start. :sunglasses:
Of course I am using a board (a PC) that has a console with a monitor/keyboard.
As a result, the serial interface is not used and Putty doesn’t work.
So that solved the mystery of my case. :blush:

1 Like