The way you’re doing it, you’re thinking of VLANs like subnets, but that’s not how you have to do it. If you have other NICs on your router, you could just assign one interface to another subnet and then use firewall rules to control what traffic can go between those two subnets. You can do similar things with VLANs, you just don’t need separate subnets or NICs. Then you can use rules to control what traffic can go between VLANs. Even with this, you really should just host your own VPN and use that to view your cameras remotely, even on your phone. This is by far the more secure way to go rather than using the other services to view them remotely and exposing the cameras to the Internet.
I was using the R210 II for a pfsense for a while and I absolutely loved it. My server setup consisted of the R210 II as my pFsense and an R410 as my main server for my house. The R210II was so quiet compared to the R410. I decided to upgrade because why not! I looked at the R710 but decided to go with an R720, It handles 8 drives (3.5") I have 2 quad port NIC's in it giving me 8 ports for my VM's and I love that even more. The R720 is so quiet compared to the R410. I moved pFsense to the R 720. Now my R210 II and R410 just collect dust! I think you will love the R210 II. I know I did.
pfSense is a great product. I have used it extensiveley in HA deployments within datacenter environments, mid to large offices and as direct replacements for Cisco ASA's in swap outs. As a network architect, I love pfSense and can say the functionality it provides equals what would cost $30k+ from big name network vendors. If you are struggling with basic switching and VLAN's etc... Then I suggest you take a look at the Cisco CCENT material, it will really help you out.
Good choice on the R210 II, I actually have this same box (with E3-1240 V2 CPU and 32GB of RAM) that I used for my core router (pfSense as well) for my WISP. It's a rock solid server and a great pfSense box. Also, I manage a large Cisco network (my day job) so if you need help with VLANs, Trunks, Cisco Config, etc just let me know. Maybe we can do a collaboration video (as in, video chat support) or something.
Well, just like Jason did, I ordered this used from a seller on eBay and it came with that much RAM. With that said, I could use the RAM to cache objects in memory for squid. Also, I wanted this to be bit overkill as I could always upgrade my fiber line to handle more clients or test new packages available on pfSense. :)
Just in case anyone is looking at the R210. There's Ver I and the II, not all the cases are labeled. Then there's rebranded units, so it's hard to tell. Usually the preferred model is the R210 II as it's got the next gen processor and it's quieter fans. They usually have the E3-1200 series processors and work better with AES-NI for PFSense encryption. I'll post another comment on the fans
As I saw in your 30s part of this video at 5:23, and in your previous pfSense videos, I deduce that you have pfSense configure for just 192.168.2.x subnet (it is the /24 suffix seen in the initialization screen scroll). As you might know, the subnet mask is filtering any access to addresses that are not that same subnet (192.168.2.x). What subnet mask /16 (255.255.0.0) could allow is to have access to more subnets (i.e. 192.168.0.x - 192.168.255.x), which is (as I understood from your videos) what you want for your cameras. Plainly said, you could have your cameras with /24 (255.255.255.0) subnet mask, so they see only their subnet (i.e. 192.168.10.x), but on PCs on the network have a /16 (255.255.0.0) subnet mask, so they see even the camera subnet.
If your PFSENSE router (your DELL) had more then 2 NICS (I usually have 4) the you have WAN, LAN and can easily use a port for LAB which can be any new/different switches and connections on its own and different subnet or even though another firewall and double natted.
You can get CCENT/CCNA videos on UDEMY for about $12 that will cover everything that you need with Cisco Routers/Switches. You can add in an Access Control List on the Cisco switch that will allow you to control what information can enter or leave that port. You can download packet tracer for free online and start messing with Cisco command line interface to a surprisingly strong degree. Setup your entire system in packet tracer where it does not matter if you mess up- save the config file and load it into a real Cisco product and it will work identically. I would really like to see if you can create a RAMDisk for Cache on the PFSense and see if you can offload the logs to a networked folder on Zues. Which Cisco switch did you find online that is PoE for only $200? My recommendation would be to get a 10GB RJ-45 switch and then buy a multiple port PoE injector for the cameras so that you have the bandwidth necessary for a 1080p 60/120fps or 2160p 30/60fps camera system. Run a 10GB from switch to Zues and assign it to the Blue Iris software or however that works for you.
I set this up about 7 years ago. The R210 II's are great pfsense boxes. Do yourself a favor and use Intel server dual or quad nics. Use the crappy Broadcom ones for pfsync
The R210 has loud fans. The R210 fan profile is in the BMC. I believe the Idrac6 Enterprise changes the BMC or updates it I'm not sure. So add it if you don't have it. The other option is update the BMC firmware to 1.92 and it will slow the fans down to a manageable level. So go to the Dell site and find the Bios 1.12 update and the BMC 1.92 update for those without Idrac6 Enterprise. As well as the Lifecycle Controller update 1.7.5(if you have the IdracExpress). They are available as a Win EXE and it's super easy or a Bin file. The when updating BMC will take a bit and will crank up the fans then slowly lowering them near the end. Then it will finish and you'll be back in business. For the easy way find the EMC Server Update Utility and run it then it should update everything from a menu. With the BMC updated the Win10 Idle on the SSD has dropped to about 30w and fans are much quieter. PFSense would probably idle lower watts. But adding MEM or drives will increase it some. The R210 II has quieter fans near silent. With Win 10 at an idle it's around 22w and nearly silent. Vs the R210 at about 30w idle after the BMC update dropping about 5w. I believe the R210 II set the fans even lower and that's why it's quieter.
Love this video. This is what all of us are trying to do. Great to see you walk through the problems and be ahead of us where all of us can benefit from what you are learning. And, you're not the only idiot on this -- yeah I know certain things, but networking is new domain for me. So, I'm trying to come up to speed on it and make my house really a pleasant place to be with all my computers. Thanks for sharing with us ...
you can setup pfsense to use ramdisks for the log flies and temp directories. Goto System ->Advanced-> Miscellaneous and scroll down to the section RAM Disk Settings tick the tickboxes that say put /var and /tmp in memory and set some sensible maximum size. The only disadvantage is if you reboot pfsense you lose your logs. Advantage it will hardly write to the ssd at all...
Then you can't have snort listening for inter vlan traffic. That's the only downside I can think of. It could catch a worm or an exploit going from host to host on the LAN. Snort is not the greatest IDS though.
you don't need to create a firewall rule for the cameras, just don't enter the gateway into the camera's software and they cant connect to the internet but they can still connect to your lan.
I would keep cameras on their own network firewalled away from my network since they're in locations like outside where someone could hijack the cable. I wouldn't leave an open ethernet port on my internal network sitting on my front porch.
Jason, the Ubiquiti G3 camera uses 24V passive POE power rather than 802.3af. Plugging it in to the Cisco switch will probably not work. Ubiquiti is in the process of moving their cameras to this standard, and new G3s come with a converter to 24V passive poe rather than the power injector in the box. You will probably need to pick up a INS-3AF-O-G to put out at the camera. Just trying to save you some future headache. I believe some time in 2018 the cameras will support 802.3af power natively.
Cisco switch have a java based gui. The VLAN you need to configure ports on the switch that tag the packets. Then you create a trunk port on the switch and then assign the vlans to it that you wish to go over ensure you do not add the camera subnet. You add the camera server to the same VLan and the server and will see each other. If the Cisco Switch model starts with a 2 this means it is a layer 2 switch this means it can just switch the packets on the VLan. If starts with a 3 this is a layer 3 basically it does everything a layer 2 switch but it has a Routing engine as well.
So the R210 stays quiet? Interesting project. I have a R410 doing nothing, but it's the loudest PC hardware I've ever used (and that's saying something) so I can't use it. Might get one of these. Really want the caching.
The Switch need to support vlan for it to work. You basically tells the ports on the switch what vlan they should be on, it can be just one or all. A trunk port is a poet that carries all vlans. The Cisco os is called ios (nothing to do with Apple, it is Internetwork operating system)
You can accomplish what you are trying to do with different VLAN's much easier if you put an intel dual or quad gigabit card into the server. If you then only have a single VLAN on each port it saves configuring the switch to allow PFSense to specify which VLAN the traffic should go out on. I have set mines up in this fashion, but on top of ESXi, meaning I can have a DMZ VLAN with all my external stuff sitting on the 1 box.
Damnit, I was all set on getting a 2U front access chassis and transplanting the guts from an old i5 workstation into it. Now you have me browsing ebay for servers.
The R210 is a great little machine for this . However, for the money spent you could have helped support the PF Sense project and purchased a SG-3100 from Netgate for not much more. You would have had more ports and sufficient horsepower. It may not have been quite as fun and I totally get that.
My system is a Dell R415 for Pfsense. I originally tried on a Dell r850 but it was to hard to work with and was loud. I understand with the L3 switches and vlan, It took me a while to get that sorted out
I have a rack with a door on the front. The (short) cables from the switch to the patch panels are a little crushed by that door when it's closed. Do you know an accessory to offset my switch in the inside of the rack ? I cannot move the front rails back because I've got long Synology rails attached to them. Thanks.
Can you please post a link to where you bought the rack wings? I just bought one of these to run Xpenology on and I would like to put it in my 4U network rack. I've been struggling to find metal wings for it vs doing a 2 post rail system.
Did you have any oddities with PfSense and Plex on your local network? I got my port forwarding setup and people outside my network have no issue getting to Plex. However from inside my network I had to manually point my devices to the Plex server IP and had to lower "Secure Connections" (under Server Settings Network) from Required to Preferred.
regarding your ssd dying.. you can setup a parity or data recovery-oriented raid directly through pfsense. this parity could be with another ssd or even another hard drive
How much did this cost you? Because I got a E3 1270 1U off ebay for $150 used. It came with 16GB ECC RAM as well. I moved it from the 1U to a white PC case though to reduce noise and so I could put quiet fans. I did install a Mellanox 10Gbps ($15) SFP+ nic though, as I wanted 10Gbps to my PC ;).
TCC I have debated the same issue on hardware, build my own 1/2u chassis, NUC, or purchase eBay system and move to Norco or iStar chassis. I was looking at HP systems to do this "Morphing" Can you tell more about your build and how you are enjoying it? You can IM me as well.
Get some Ubiquiti APs while you are at it and just get a POE switch from them as well. Super easy setup and you can make multiple VLANs. I did exactly what you are wanting. I have a few different networks. My computer main network, trusted wireless, guest wireless, IoT wireless and IoT wired. My router has two LAN ports and one Wan port so it makes this pretty easy. It's nice to have it all segmented and the IoT stuff can't see my main network nor can my guest wifi network see any of it. Another easy thing is when I have a bunch of people over I just set up a timed SSID with no password for a few hours that is on my guest segment. Makes it easy so I don't have to give out the password. With that Tp-link I doubt you can assign vlan IDs to SSIDs and segment the wireless clients.
I would like to see an update on this video as to are you still running the dellR210 II with PfSense or have ya went to something Else ? I am Still on Pfsense with my Dell R210 II & i Finaly Got it All Set Up & Figured Out..2 + - Years Later..lol. But hey beter late than never imo !
Cisco is no longer CLI only devices. They have a normal graphic user interface like most other switches/routers. They can be controlled by CLI, but you don't have to. They stopped being CLI only around 10 years ago, so the rumour is a strong surviver. :-)
@Aaron: How long ago ? And how old were they? Both Routers and Switches made recently do have a GUI. I know that many Cisco experts prefer the CLI, but for a "noob" the GUI is much easier.
heybro, nice vid, though a little more of your work with the server and the os setup would have been interesting. For your rack closet, you need to mod the area. Cut a hole in the back maybe 4 or 5 feet up and install a blower fan that suck air out of there. Your servers are pulling air in from the front, and venting the hot air into the back...where there is no space...so you are basically heating your server rack.
20:20, I'm with you there. I'll be in the same boat when I try to mess with this myself.... I'm currently trying to figure out a supermicro sc846 for proxmox to run pfsense as a vm among others.
I’ve bought an R210 II and popped an INTEL X520-SR2 along with 4x8GB OF 1600Mhz RAM and a 128GB Samsung 850 PRO and an INTEL E3-1290 v2 and my plan is to get it to route and firewall my 10Gb VMware home lab have you tweaked or optimised you pfSense install ?
This video is exact example how u dont want to configure ur home network....tbh idk from where to start so i will leave it to u....85% of things u can do easy way and more more secure way without involving third party software at all but i guess this is ur way to do that....so thumbs up for efort budd....tc
I went through several cheaper tp-link nics and usb nics with varying levels of instability in pfsense, before finally realizing I just needed to invest the money and buy all intel nics for pfense. No problems since. But like you I didn't want to spend a lot of money on the intel nic setup until I was sure pfsense was going to be something I was going to stick with. I was able to get a 1U lenovo thinkserver ts140 with an i3 and 3 intel nics for like $212 on amazon. I use one of the nics for the wan port, and I actually use the other 2 nics for a teamed lan connection to my switch, 2gbps and failover.
TP-Link nics work just fine if you compile and install the drivers provided by Realtek into your pfsense router. Pfsense default drivers for Realtek-based nics are dog shit. That's what causes the instability issues.
I'm confused why your video out worked on it... The E3-1220 has no integrated graphics and my Dell R210ii does not display graphics with the same CPU installed... What is going on here?!
FYI - internal file transfers will not go through your router so you should never see any utilization. Only if you use it put you setup VLAN's will and put it on a separate server and your clients on a different subnets will it see any utilization. But another great video, I love these format of RAW videos. Its nice not to see something polished and seeing the struggle and the learning process, keep it going!!!!!! Byte My Bits 4 Life!
Hey, you should definitely run the dell firmware USB. You just install it onto a USB with Rufus and boot up into the USB. The installer will automatically update all you firmwares.
Did you ever think about using all Ubiquiti gear? Especially because you might be adding more POE cameras. I'm interested in them, but don't have experience. They just sound like they might have saved you a lot of headache.
I have a double nat show up on my Xbox One X. I thought I have my router and modem bridged correctly but could it be that they are using different IP addresses? Their addresses being 192.168.1.1 and 10.0.0.1? There is a nat setting in the modem for each Ethernet port but it’s pretty confusing on the labeling.
You have to configure your modem in bridge mode. That way, your pfsense router would get a public IP directly from your internet provider DHCP servers, not from your modem.
Hey Jason, found your channel and subbed. One of the big project this year for me is building (and running cable) a home network too - some of it for finding out what I can do with it and learning more IT skills in a sandbox (and not a OMG I TOOK DOWN THE NETWORK AT WORK) environment. xD Curious how the R210 is treating you; from other RUclipsrs I've seen, its a great choice - the thing sips on power - 20 watts at idle (and it's mostly at idle for you). I am currently going to put pfSense on a Watchguard firewall appliance (gifted to me - free!) but if I have issues with it, I may roll the R210 route too. I have the same fear with IoT and plan to install cameras - I'm concerned with having them on even the same switch - haha! might roll two switches in this mutha!. Not fully sure how VLAN work (n00b here too) but what if you put one computer on the same VLAN as the cameras... then you wouldn't have to worry about bidirectional traffic... (I know you probably have this all figured out; 1+ year old comment). Cool you got Cisco; ton of data out there to do what you need. I'm going with Juniper - easy command line & web UI! Nice! xD Again, enjoyed the "rambling" and I'll be watching more. Take care man, Brad
i know even less about VLANs than you do, your networks are all ipv4, what about separating NetworkA(Cams) from NetworkB(PCs) via NAT-Router? NetworkA-Devices will only see the IP of the Router, but not the IPs of the PCs behind the NAT-Router - but the PCs behind the NAT-Router will still be able to connect to NetworkA-Devices... despite not being on the same subnet. Just one idea.
Does anyone know the part number for the iDrac6 enterprise NIC? only r210 iis I can find are no idrac included. figure this is probably particular to the server.
You need the Express module and the Enterprise for more features then update firmware. Express Module might be JPMJ3 or Y383M, K869T(Enterprise) and the enterprise 0PPH2J
First video, and I Subscribed. I like how you admit your failures to the world! One question. Is you new switch going to work with the funky Ubnt camera? the issues i had with Ubiquiti cameras is they are NON standard poe 24V. The real reason why I ended up buying a used Ubiquiti 24 port POE edge switch.
I know this video is old, but the way you fixed your xbox was probably by enabling upnp, without it Xbox, Playstation etc. doesn't work properly on pfSense
what switch model was it, some use serial leads, some use usb, there pretty cheap either way. also cisco isn't as difficult from command line as you think, just remember ? for help and tab to autocomplete commands. there is a web based setup for cisco stuff, but not all have the software on them, sometimes you have to add the correct software yourself.
Are you kidding me????!!!!???? WTF you did all this work and you what???? Decided that it's not worth telling us how to do any of it? I'm sitting here with a R210II and no idea how to get it to boot the installer from CD. THANKS!!! YOU ARE SO AWESOME... I HAVE THIS FEELING THAT NO ONE ON EARTH BENEFITED FROM THIS VIDEO.
Really cool project ;) And yes, I will help you configure the cisco switch haha did you get a console to serial and serial to usb to configure the switch? (you just need it to get SSH up)
So if my Dell R710 that I currently use for my pkex server has a 4 port nic installed, can i install pfsense in a VM and use 2 of those 4 ports, 1 for wan and 1 for lan?
Really can't believe you would dedicate $200 worth of hardware to basically a program that needs less than 1 vCPU and 500MB of RAM. Even stranger that people are telling you this was a great idea.
may be is not useful for you but there are tons of applications and utilities you can use with pfsense that requires more than 2 cpu and many more than 8 gb of ram ...
JASON , if you havent already please join the pfSense Offical Group , you will find a lot of handy tips/ questions answered everyday .. well worth it and its free !
Hiya mate, do you think i can use this one to replicate your project? Dell PowerEdge R210 II Intel Xeon E3-1220 CPU @ 3.10Ghz 4GB DDR3 ram (1333Mhz) 1 x 500GB Dell Hard drive (No Operating system) Dell Intel 0HM9JY Quad Port Pci-e Gigabit NIC, Keep up the good work on your channel.
“Set it up, well I hope, in the right way.” - every Linux user ever
PFSENSE is FREEBSD not LINUX
The way you’re doing it, you’re thinking of VLANs like subnets, but that’s not how you have to do it. If you have other NICs on your router, you could just assign one interface to another subnet and then use firewall rules to control what traffic can go between those two subnets.
You can do similar things with VLANs, you just don’t need separate subnets or NICs. Then you can use rules to control what traffic can go between VLANs.
Even with this, you really should just host your own VPN and use that to view your cameras remotely, even on your phone. This is by far the more secure way to go rather than using the other services to view them remotely and exposing the cameras to the Internet.
spot on, for me this is a video of "i have no idea but stumbled into making it work"
I use a r210 ii as my pfsense with a quad Intel. Best router I have ever had. Changed fans for noctua and boom. Great.
I was using the R210 II for a pfsense for a while and I absolutely loved it. My server setup consisted of the R210 II as my pFsense and an R410 as my main server for my house. The R210II was so quiet compared to the R410. I decided to upgrade because why not! I looked at the R710 but decided to go with an R720, It handles 8 drives (3.5") I have 2 quad port NIC's in it giving me 8 ports for my VM's and I love that even more. The R720 is so quiet compared to the R410. I moved pFsense to the R 720. Now my R210 II and R410 just collect dust! I think you will love the R210 II. I know I did.
pfSense is a great product. I have used it extensiveley in HA deployments within datacenter environments, mid to large offices and as direct replacements for Cisco ASA's in swap outs. As a network architect, I love pfSense and can say the functionality it provides equals what would cost $30k+ from big name network vendors.
If you are struggling with basic switching and VLAN's etc... Then I suggest you take a look at the Cisco CCENT material, it will really help you out.
Great video, everything you say in the lengthy ramble makes perfect (pf)sense. Thanks for sharing!
Good choice on the R210 II, I actually have this same box (with E3-1240 V2 CPU and 32GB of RAM) that I used for my core router (pfSense as well) for my WISP. It's a rock solid server and a great pfSense box.
Also, I manage a large Cisco network (my day job) so if you need help with VLANs, Trunks, Cisco Config, etc just let me know. Maybe we can do a collaboration video (as in, video chat support) or something.
Joe V Why so much ram lol?
Well, just like Jason did, I ordered this used from a seller on eBay and it came with that much RAM. With that said, I could use the RAM to cache objects in memory for squid. Also, I wanted this to be bit overkill as I could always upgrade my fiber line to handle more clients or test new packages available on pfSense. :)
Just in case anyone is looking at the R210. There's Ver I and the II, not all the cases are labeled. Then there's rebranded units, so it's hard to tell. Usually the preferred model is the R210 II as it's got the next gen processor and it's quieter fans. They usually have the E3-1200 series processors and work better with AES-NI for PFSense encryption. I'll post another comment on the fans
Awesome video! I have a Dell R210 II on the way and I'm going to do the same thing.
As I saw in your 30s part of this video at 5:23, and in your previous pfSense videos, I deduce that you have pfSense configure for just 192.168.2.x subnet (it is the /24 suffix seen in the initialization screen scroll). As you might know, the subnet mask is filtering any access to addresses that are not that same subnet (192.168.2.x). What subnet mask /16 (255.255.0.0) could allow is to have access to more subnets (i.e. 192.168.0.x - 192.168.255.x), which is (as I understood from your videos) what you want for your cameras. Plainly said, you could have your cameras with /24 (255.255.255.0) subnet mask, so they see only their subnet (i.e. 192.168.10.x), but on PCs on the network have a /16 (255.255.0.0) subnet mask, so they see even the camera subnet.
If your PFSENSE router (your DELL) had more then 2 NICS (I usually have 4) the you have WAN, LAN and can easily use a port for LAB which can be any new/different switches and connections on its own and different subnet or even though another firewall and double natted.
This is like the reddit go to for pfSense. It’s super small with a depth of only 16 inches and is so quiet. Easily my favourite server.
You can get CCENT/CCNA videos on UDEMY for about $12 that will cover everything that you need with Cisco Routers/Switches. You can add in an Access Control List on the Cisco switch that will allow you to control what information can enter or leave that port. You can download packet tracer for free online and start messing with Cisco command line interface to a surprisingly strong degree. Setup your entire system in packet tracer where it does not matter if you mess up- save the config file and load it into a real Cisco product and it will work identically. I would really like to see if you can create a RAMDisk for Cache on the PFSense and see if you can offload the logs to a networked folder on Zues.
Which Cisco switch did you find online that is PoE for only $200? My recommendation would be to get a 10GB RJ-45 switch and then buy a multiple port PoE injector for the cameras so that you have the bandwidth necessary for a 1080p 60/120fps or 2160p 30/60fps camera system. Run a 10GB from switch to Zues and assign it to the Blue Iris software or however that works for you.
I set this up about 7 years ago. The R210 II's are great pfsense boxes. Do yourself a favor and use Intel server dual or quad nics. Use the crappy Broadcom ones for pfsync
The R210 has loud fans. The R210 fan profile is in the BMC. I believe the Idrac6 Enterprise changes the BMC or updates it I'm not sure. So add it if you don't have it. The other option is update the BMC firmware to 1.92 and it will slow the fans down to a manageable level.
So go to the Dell site and find the Bios 1.12 update and the BMC 1.92 update for those without Idrac6 Enterprise. As well as the Lifecycle Controller update 1.7.5(if you have the IdracExpress). They are available as a Win EXE and it's super easy or a Bin file. The when updating BMC will take a bit and will crank up the fans then slowly lowering them near the end. Then it will finish and you'll be back in business.
For the easy way find the EMC Server Update Utility and run it then it should update everything from a menu.
With the BMC updated the Win10 Idle on the SSD has dropped to about 30w and fans are much quieter.
PFSense would probably idle lower watts. But adding MEM or drives will increase it some.
The R210 II has quieter fans near silent. With Win 10 at an idle it's around 22w and nearly silent. Vs the R210 at about 30w idle after the BMC update dropping about 5w. I believe the R210 II set the fans even lower and that's why it's quieter.
Love this video. This is what all of us are trying to do. Great to see you walk through the problems and be ahead of us where all of us can benefit from what you are learning. And, you're not the only idiot on this -- yeah I know certain things, but networking is new domain for me. So, I'm trying to come up to speed on it and make my house really a pleasant place to be with all my computers. Thanks for sharing with us ...
you can setup pfsense to use ramdisks for the log flies and temp directories. Goto System ->Advanced-> Miscellaneous and scroll down to
the section RAM Disk Settings tick the tickboxes that say put /var and /tmp in memory and set some sensible maximum size. The only disadvantage is if you reboot pfsense you lose your logs. Advantage it will hardly write to the ssd at all...
Go with a layer 3 switch if possible. This way all the vlans will be handled by the switch and inter vlan routing will be done by it.
Then you can't have snort listening for inter vlan traffic. That's the only downside I can think of. It could catch a worm or an exploit going from host to host on the LAN. Snort is not the greatest IDS though.
you don't need to create a firewall rule for the cameras, just don't enter the gateway into the camera's software and they cant connect to the internet but they can still connect to your lan.
Thanks, that's a great tip! Been looking for a way to make sure my cameras don't get hacked...
I would keep cameras on their own network firewalled away from my network since they're in locations like outside where someone could hijack the cable. I wouldn't leave an open ethernet port on my internal network sitting on my front porch.
In addition to that you can setup a vpn server so u can use ur mobile devices to access your network when you away.
Jason, the Ubiquiti G3 camera uses 24V passive POE power rather than 802.3af. Plugging it in to the Cisco switch will probably not work. Ubiquiti is in the process of moving their cameras to this standard, and new G3s come with a converter to 24V passive poe rather than the power injector in the box. You will probably need to pick up a INS-3AF-O-G to put out at the camera. Just trying to save you some future headache. I believe some time in 2018 the cameras will support 802.3af power natively.
Cisco switch have a java based gui. The VLAN you need to configure ports on the switch that tag the packets. Then you create a trunk port on the switch and then assign the vlans to it that you wish to go over ensure you do not add the camera subnet. You add the camera server to the same VLan and the server and will see each other. If the Cisco Switch model starts with a 2 this means it is a layer 2 switch this means it can just switch the packets on the VLan. If starts with a 3 this is a layer 3 basically it does everything a layer 2 switch but it has a Routing engine as well.
So the R210 stays quiet? Interesting project. I have a R410 doing nothing, but it's the loudest PC hardware I've ever used (and that's saying something) so I can't use it. Might get one of these. Really want the caching.
yes it is very quite. No louder than Zeus
R210 ii’s are easily the quietest Poweredge servers. Even the r210 not ii is super quiet is you update the firmware.
Awesome. Will look into one at some point.
I just tried to do a sound test but Zeus is louder so it doesnt really count lol. Basically, its not very loud. :)
My rack is like 10 ft max from my primary microphone, so things get funky in my workspace, haha
Also consider Thin clients like the HP T620 Plus(the plus has the expansion slot for a NIC), HP T730, or the Fujitsu S920 (cheap option)
This was great thank you. You give me hope.
The Switch need to support vlan for it to work. You basically tells the ports on the switch what vlan they should be on, it can be just one or all.
A trunk port is a poet that carries all vlans.
The Cisco os is called ios
(nothing to do with Apple, it is Internetwork operating system)
so whats your main firewall today? it is still the PFsense?
Yeap
You can accomplish what you are trying to do with different VLAN's much easier if you put an intel dual or quad gigabit card into the server. If you then only have a single VLAN on each port it saves configuring the switch to allow PFSense to specify which VLAN the traffic should go out on.
I have set mines up in this fashion, but on top of ESXi, meaning I can have a DMZ VLAN with all my external stuff sitting on the 1 box.
Awesome videos! I remember back in the day when I was struggling with this haha
Damnit, I was all set on getting a 2U front access chassis and transplanting the guts from an old i5 workstation into it. Now you have me browsing ebay for servers.
If that I5 is 2nd gen or newer I'd stick with that since it has aes-ni and will be supported by pfsense far longer then an old R210.
my r210 is V2 and supports the necessary encryption and 64bit
Love the title and thumbnail!!!
Finally you done it right 🙌🙌
The R210 is a great little machine for this . However, for the money spent you could have helped support the PF Sense project and purchased a SG-3100 from Netgate for not much more. You would have had more ports and sufficient horsepower. It may not have been quite as fun and I totally get that.
lol no
If a VM has an IP it can be seen bothways. But pfsense can firewall it from intrusions as long as no exceptions were created.
My system is a Dell R415 for Pfsense. I originally tried on a Dell r850 but it was to hard to work with and was loud. I understand with the L3 switches and vlan, It took me a while to get that sorted out
Good to see I'm not alone as a rack-mount junkie ^^
I have a rack with a door on the front. The (short) cables from the switch to the patch panels are a little crushed by that door when it's closed. Do you know an accessory to offset my switch in the inside of the rack ? I cannot move the front rails back because I've got long Synology rails attached to them. Thanks.
Can you please post a link to where you bought the rack wings? I just bought one of these to run Xpenology on and I would like to put it in my 4U network rack. I've been struggling to find metal wings for it vs doing a 2 post rail system.
You should try to use the 10.x.x.x IP setup. its a lot neater and easier to manage subnets.
Since I run unRAID I just passed a NIC to a pfSense VM and that works fine for me.
Did you have any oddities with PfSense and Plex on your local network? I got my port forwarding setup and people outside my network have no issue getting to Plex. However from inside my network I had to manually point my devices to the Plex server IP and had to lower "Secure Connections" (under Server Settings Network) from Required to Preferred.
regarding your ssd dying.. you can setup a parity or data recovery-oriented raid directly through pfsense. this parity could be with another ssd or even another hard drive
i'm on the same page with the VLANs... I CAN NOT figure them out for some reason!
How much did this cost you? Because I got a E3 1270 1U off ebay for $150 used. It came with 16GB ECC RAM as well. I moved it from the 1U to a white PC case though to reduce noise and so I could put quiet fans. I did install a Mellanox 10Gbps ($15) SFP+ nic though, as I wanted 10Gbps to my PC ;).
TCC I have debated the same issue on hardware, build my own 1/2u chassis, NUC, or purchase eBay system and move to Norco or iStar chassis. I was looking at HP systems to do this "Morphing"
Can you tell more about your build and how you are enjoying it? You can IM me as well.
This is what I was waiting for :)
Get some Ubiquiti APs while you are at it and just get a POE switch from them as well. Super easy setup and you can make multiple VLANs. I did exactly what you are wanting. I have a few different networks. My computer main network, trusted wireless, guest wireless, IoT wireless and IoT wired. My router has two LAN ports and one Wan port so it makes this pretty easy. It's nice to have it all segmented and the IoT stuff can't see my main network nor can my guest wifi network see any of it. Another easy thing is when I have a bunch of people over I just set up a timed SSID with no password for a few hours that is on my guest segment. Makes it easy so I don't have to give out the password. With that Tp-link I doubt you can assign vlan IDs to SSIDs and segment the wireless clients.
Travis Griggs which router are you using. If you don’t mind me asking. Thanks!
I would like to see an update on this video as to are you still running the dellR210 II with PfSense or have ya went to something Else ? I am Still on Pfsense with my Dell R210 II & i Finaly Got it All Set Up & Figured Out..2 + - Years Later..lol. But hey beter late than never imo !
You need a managed switch for Vlans
The TP-Link TL-SG108E would like to have a word with you.
Hey Jason remind to never stand next to you when you're using power tools cuz you might revert to your evil self lol
Hows the PFSense router ? over 2 years now
Cisco is no longer CLI only devices. They have a normal graphic user interface like most other switches/routers. They can be controlled by CLI, but you don't have to. They stopped being CLI only around 10 years ago, so the rumour is a strong surviver. :-)
oh sweet :)
Ummm what? Every Cisco router and switch I’ve worked has been only cli.
@Aaron: How long ago ? And how old were they? Both Routers and Switches made recently do have a GUI. I know that many Cisco experts prefer the CLI, but for a "noob" the GUI is much easier.
best way to learn Cisco is to do CLI
Vito Cornelius
Easier to hide the NSA backdoors that way.
FYI, BlueIris does have 2 way voice through the app once configured on the BlueIris server.
heybro, nice vid, though a little more of your work with the server and the os setup would have been interesting. For your rack closet, you need to mod the area. Cut a hole in the back maybe 4 or 5 feet up and install a blower fan that suck air out of there. Your servers are pulling air in from the front, and venting the hot air into the back...where there is no space...so you are basically heating your server rack.
20:20, I'm with you there. I'll be in the same boat when I try to mess with this myself....
I'm currently trying to figure out a supermicro sc846 for proxmox to run pfsense as a vm among others.
Do you think this server is good enough to run a plex server via Unraid?
Are you still running this setup currently?
What was the main reason for the PFSense box vs something like a Mikrotik/Cisco?
are you still using this pfsense box? any idea on the power draw?
Great videos! Is the new Cisco switch loud? Im thinking on the 24 port version
I’ve bought an R210 II and popped an INTEL X520-SR2 along with 4x8GB OF 1600Mhz RAM and a 128GB Samsung 850 PRO and an INTEL E3-1290 v2 and my plan is to get it to route and firewall my 10Gb VMware home lab have you tweaked or optimised you pfSense install ?
Simon Sparks
I put SCTP on all pc's in my network. Pfsense is fairly speedy but you could try testing against OPNwall.
This video is exact example how u dont want to configure ur home network....tbh idk from where to start so i will leave it to u....85% of things u can do easy way and more more secure way without involving third party software at all but i guess this is ur way to do that....so thumbs up for efort budd....tc
I see your videos as future projects.
I went through several cheaper tp-link nics and usb nics with varying levels of instability in pfsense, before finally realizing I just needed to invest the money and buy all intel nics for pfense. No problems since. But like you I didn't want to spend a lot of money on the intel nic setup until I was sure pfsense was going to be something I was going to stick with.
I was able to get a 1U lenovo thinkserver ts140 with an i3 and 3 intel nics for like $212 on amazon. I use one of the nics for the wan port, and I actually use the other 2 nics for a teamed lan connection to my switch, 2gbps and failover.
TP-Link nics work just fine if you compile and install the drivers provided by Realtek into your pfsense router. Pfsense default drivers for Realtek-based nics are dog shit. That's what causes the instability issues.
I'm confused why your video out worked on it...
The E3-1220 has no integrated graphics and my Dell R210ii does not display graphics with the same CPU installed...
What is going on here?!
nice setup but why not move the networking part to the back of rack will keep the cables shorter and nice and neat?
FYI - internal file transfers will not go through your router so you should never see any utilization. Only if you use it put you setup VLAN's will and put it on a separate server and your clients on a different subnets will it see any utilization. But another great video, I love these format of RAW videos. Its nice not to see something polished and seeing the struggle and the learning process, keep it going!!!!!! Byte My Bits 4 Life!
Hey, you should definitely run the dell firmware USB. You just install it onto a USB with Rufus and boot up into the USB. The installer will automatically update all you firmwares.
Did you ever think about using all Ubiquiti gear? Especially because you might be adding more POE cameras. I'm interested in them, but don't have experience. They just sound like they might have saved you a lot of headache.
I love your videos keep them comming
what is the AES for ? isnt that type off encryption kinda low end ? well iam a noob so might be wrong..
I have a double nat show up on my Xbox One X. I thought I have my router and modem bridged correctly but could it be that they are using different IP addresses? Their addresses being 192.168.1.1 and 10.0.0.1? There is a nat setting in the modem for each Ethernet port but it’s pretty confusing on the labeling.
You have to configure your modem in bridge mode. That way, your pfsense router would get a public IP directly from your internet provider DHCP servers, not from your modem.
Have you modified your pfsense to correctly work with Plex? I had to on my side.
Will the r210 keep up with a gigabit connection with snort or some other IPS enabled?
Hey Jason, found your channel and subbed. One of the big project this year for me is building (and running cable) a home network too - some of it for finding out what I can do with it and learning more IT skills in a sandbox (and not a OMG I TOOK DOWN THE NETWORK AT WORK) environment. xD Curious how the R210 is treating you; from other RUclipsrs I've seen, its a great choice - the thing sips on power - 20 watts at idle (and it's mostly at idle for you). I am currently going to put pfSense on a Watchguard firewall appliance (gifted to me - free!) but if I have issues with it, I may roll the R210 route too. I have the same fear with IoT and plan to install cameras - I'm concerned with having them on even the same switch - haha! might roll two switches in this mutha!. Not fully sure how VLAN work (n00b here too) but what if you put one computer on the same VLAN as the cameras... then you wouldn't have to worry about bidirectional traffic... (I know you probably have this all figured out; 1+ year old comment). Cool you got Cisco; ton of data out there to do what you need. I'm going with Juniper - easy command line & web UI! Nice! xD Again, enjoyed the "rambling" and I'll be watching more. Take care man, Brad
Why didn't you buy the official DELL rack mount brackets ?
Could you do some videos about pfsense features?? I mean why would I want to switch from my regular router? Seriously interested
i know even less about VLANs than you do, your networks are all ipv4, what about separating NetworkA(Cams) from NetworkB(PCs) via NAT-Router? NetworkA-Devices will only see the IP of the Router, but not the IPs of the PCs behind the NAT-Router - but the PCs behind the NAT-Router will still be able to connect to NetworkA-Devices... despite not being on the same subnet. Just one idea.
Does anyone know the part number for the iDrac6 enterprise NIC? only r210 iis I can find are no idrac included. figure this is probably particular to the server.
You need the Express module and the Enterprise for more features then update firmware. Express Module might be JPMJ3 or Y383M, K869T(Enterprise) and the enterprise 0PPH2J
it came with 4 hdd's? my r210ii only has 2, 3.5 slots
First video, and I Subscribed. I like how you admit your failures to the world! One question.
Is you new switch going to work with the funky Ubnt camera? the issues i had with Ubiquiti cameras is they are NON standard poe 24V. The real reason why I ended up buying a used Ubiquiti 24 port POE edge switch.
no it didnt work. still use the ubnt injector.
I know this video is old, but the way you fixed your xbox was probably by enabling upnp, without it Xbox, Playstation etc. doesn't work properly on pfSense
The camera DHCP ip lease expired then it reset??? power cycle the cameras next time maybe??
Tip use an intel nic since they are solid
What do you do for live?
Hi Jason, just one question. Do you think on install the VPN on pfsense?
I actually plan on trying this out with a NordVPN video soon. Maybe this month
I have tried OpenVPN on pfsense and it works a charm. Just make sure you start it back up if you restart your pfsense box :)
Hey Jason, have you ever considered doing a Comptia Network + qualification? Doing it myself one night a week for 17 weeks, you can also do it online.
What are your setting on Dell R210 II Server. I cant get the server to pull an IP address
Please help .....lol
what switch model was it, some use serial leads, some use usb, there pretty cheap either way. also cisco isn't as difficult from command line as you think, just remember ? for help and tab to autocomplete commands. there is a web based setup for cisco stuff, but not all have the software on them, sometimes you have to add the correct software yourself.
whats the name of the shelf you used?
Are you kidding me????!!!!???? WTF you did all this work and you what???? Decided that it's not worth telling us how to do any of it?
I'm sitting here with a R210II and no idea how to get it to boot the installer from CD. THANKS!!!
YOU ARE SO AWESOME... I HAVE THIS FEELING THAT NO ONE ON EARTH BENEFITED FROM THIS VIDEO.
Did you get your install done ?
You could take a look at PoE injectors if the Cisco switch doesn't work out.
Really cool project ;)
And yes, I will help you configure the cisco switch haha
did you get a console to serial and serial to usb to configure the switch? (you just need it to get SSH up)
No...
Check with the seller if it comes with one ;) If it does not, it's very cheap
So i'm just gonna address the elephant in the room. DUST!
Been running USB nice on my box for 2 years now. No problems
So if my Dell R710 that I currently use for my pkex server has a 4 port nic installed, can i install pfsense in a VM and use 2 of those 4 ports, 1 for wan and 1 for lan?
This is roughly what I have set up using VMWare ESXi 6.5 as the hypervisor.
Can pfsense handle dynamic dns updating like my cheap $50 asus router does?
yes i am fairly sure it does
Really can't believe you would dedicate $200 worth of hardware to basically a program that needs less than 1 vCPU and 500MB of RAM. Even stranger that people are telling you this was a great idea.
may be is not useful for you but there are tons of applications and utilities you can use with pfsense that requires more than 2 cpu and many more than 8 gb of ram ...
The raid10 should have been fast enough for pfsesne tho? :)
maybe..
JASON , if you havent already please join the pfSense Offical Group , you will find a lot of handy tips/ questions answered everyday .. well worth it and its free !
I'm thinking on doing the same with an R610, mostly because of the 4 integrated gigabit nics
lol i bought the exact same model as yours, great
How loud is this thing?
What is pfSense for? Do you really need one?
Hiya mate, do you think i can use this one to replicate your project?
Dell PowerEdge R210 II
Intel Xeon E3-1220 CPU @ 3.10Ghz
4GB DDR3 ram (1333Mhz)
1 x 500GB Dell Hard drive (No Operating system)
Dell Intel 0HM9JY Quad Port Pci-e Gigabit NIC,
Keep up the good work on your channel.
should do fine for pfsense