I would like to use PI4 with IPFire in a LAN with half a dozen PCs only to manage Intrusion Detect and two VPNs.
Do you think it holds the load?
Do you have any suggestions on this?
last I read a Raspberry Pi 4 will not workā¦
IPFire Community ā old dead link
I know a Raspberry Pi 3B+ works since Iām running (testing) one.
But it may not be powerful enough for your needs.
EDIT: did a strike thru on an old dead link.
White Tiger
Any meaningful answer to your question would need to factor in the Internet bandwidth being distributed to your PC.
RPi 3 still run their Ethernet through USB 2.0 bus and that will severely limit I/O.
I donāt have an RPi3. NanoPi-R1 donāt report CPU load and the latter would be a major factor in handling IPS workload.
But doesnāt it have an Ethernet port?
I thought of using an additional USB ethernet port to connect it to the Internet and the standard one on the LAN.
In any case there is a router, so the Pi would be downstream of this.
Internet
|
Router
I
Ipfire
|
Switch LAN
There is no native kernel support and boot firmware for the Pi 4 so you canāt boot from any Pi 4.
Yes there is and this time itās connected via PCIe.
The Ethernet port on RPi 3 is effectively an inbuilt USB-Ethernet adaptor. A similar arrangement on earlier RPi and several other (but not all) ARM hardware.
Last month I ran some tests on an RPI3B+ set up as an IPFire box.
The Green network was the on-board LAN and the Red network was a USB port connected via a Trendnet TU3-ETG (AX88179 USB 3.0 to Gigabit Ethernet).
Edit: updated diagram
The fastest speed from Client #2 to Client #1 was about 105 Mbits/sec
iMac:~ me$ iperf3 -c 192.168.60.3
Connecting to host 192.168.60.3, port 5201
[ 5] local 192.168.1.100 port 56094 connected to 192.168.60.3 port 5201
[ ID] Interval Transfer Bitrate
[ 5] 0.00-1.00 sec 13.3 MBytes 111 Mbits/sec
. . .
[ 5] 9.00-10.00 sec 12.1 MBytes 102 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate
[ 5] 0.00-10.00 sec 125 MBytes 105 Mbits/sec sender
[ 5] 0.00-10.03 sec 124 MBytes 103 Mbits/sec receiver
iperf Done.
and with the -R (run in reverse mode - server sends, client receives) added:
iMac:~ me$ iperf3 -c 192.168.60.3 -R
Connecting to host 192.168.60.3, port 5201
Reverse mode, remote host 192.168.60.3 is sending
[ 5] local 192.168.1.100 port 56102 connected to 192.168.60.3 port 5201
[ ID] Interval Transfer Bitrate
[ 5] 0.00-1.00 sec 18.0 MBytes 151 Mbits/sec
. . .
[ 5] 9.00-10.00 sec 18.5 MBytes 156 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.00 sec 185 MBytes 155 Mbits/sec 0 sender
[ 5] 0.00-10.00 sec 185 MBytes 155 Mbits/sec receiver
iperf Done.
is client#1 on the .60 subnet or on the .10 subnet ? I suspect the .10 is a typo.
1 Like
it is! thanks for noticing!
Edit: yes, client #1 is a typo. It is on subnet .60. I updated the diagram!
Why your NanoPi-R1 is not reporting the CPU load? This should work normal. Have you restored a backup from an other arch that has incompatible rrdās?
Also one Interface has only 100mBit on the NanoPi R1.
You are correct. I was looking in the Hardware menu and CPU load is in the System menu.
CPU idle varies from 92% to 99%, averaging 98%, with IPS on RED & GREEN. Iām not downloading much lately.
To my knowledge, the highest plan that is permitted for households in AU is 100 Mb/s. My line is capable of only 30, so 100 Mb/s on the second interface is more than adequate.