I would like to use PI4 with IPFire in a LAN with half a dozen PCs only to manage Intrusion Detect and two VPNs.
Do you think it holds the load?
Do you have any suggestions on this?
last I read a Raspberry Pi 4 will not work…
https://forum.ipfire.org/viewtopic.php?f=86&t=23022
I know a Raspberry Pi 3B+ works since I’m running (testing) one.
https://wiki.ipfire.org/hardware/arm/rpi/threeplus
But it may not be powerful enough for your needs.
White Tiger
Any meaningful answer to your question would need to factor in the Internet bandwidth being distributed to your PC.
RPi 3 still run their Ethernet through USB 2.0 bus and that will severely limit I/O.
I don’t have an RPi3. NanoPi-R1 don’t report CPU load and the latter would be a major factor in handling IPS workload.
But doesn’t it have an Ethernet port?
I thought of using an additional USB ethernet port to connect it to the Internet and the standard one on the LAN.
In any case there is a router, so the Pi would be downstream of this.
Internet
|
Router
I
Ipfire
|
Switch LAN
There is no native kernel support and boot firmware for the Pi 4 so you can’t boot from any Pi 4.
Yes there is and this time it’s connected via PCIe.
The Ethernet port on RPi 3 is effectively an inbuilt USB-Ethernet adaptor. A similar arrangement on earlier RPi and several other (but not all) ARM hardware.
Last month I ran some tests on an RPI3B+ set up as an IPFire box.
The Green network was the on-board LAN and the Red network was a USB port connected via a Trendnet TU3-ETG (AX88179 USB 3.0 to Gigabit Ethernet).
Edit: updated diagram
The fastest speed from Client #2 to Client #1 was about 105 Mbits/sec
iMac:~ me$ iperf3 -c 192.168.60.3
Connecting to host 192.168.60.3, port 5201
[ 5] local 192.168.1.100 port 56094 connected to 192.168.60.3 port 5201
[ ID] Interval Transfer Bitrate
[ 5] 0.00-1.00 sec 13.3 MBytes 111 Mbits/sec
. . .
[ 5] 9.00-10.00 sec 12.1 MBytes 102 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate
[ 5] 0.00-10.00 sec 125 MBytes 105 Mbits/sec sender
[ 5] 0.00-10.03 sec 124 MBytes 103 Mbits/sec receiver
iperf Done.
and with the -R (run in reverse mode - server sends, client receives) added:
iMac:~ me$ iperf3 -c 192.168.60.3 -R
Connecting to host 192.168.60.3, port 5201
Reverse mode, remote host 192.168.60.3 is sending
[ 5] local 192.168.1.100 port 56102 connected to 192.168.60.3 port 5201
[ ID] Interval Transfer Bitrate
[ 5] 0.00-1.00 sec 18.0 MBytes 151 Mbits/sec
. . .
[ 5] 9.00-10.00 sec 18.5 MBytes 156 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.00 sec 185 MBytes 155 Mbits/sec 0 sender
[ 5] 0.00-10.00 sec 185 MBytes 155 Mbits/sec receiver
iperf Done.
is client#1 on the .60 subnet or on the .10 subnet ? I suspect the .10 is a typo.
1 Like
it is! thanks for noticing!
Edit: yes, client #1 is a typo. It is on subnet .60. I updated the diagram!
Why your NanoPi-R1 is not reporting the CPU load? This should work normal. Have you restored a backup from an other arch that has incompatible rrd’s?
Also one Interface has only 100mBit on the NanoPi R1.
You are correct. I was looking in the Hardware menu and CPU load is in the System menu.
CPU idle varies from 92% to 99%, averaging 98%, with IPS on RED & GREEN. I’m not downloading much lately.
To my knowledge, the highest plan that is permitted for households in AU is 100 Mb/s. My line is capable of only 30, so 100 Mb/s on the second interface is more than adequate.