So you have graduated from using the off the shelf router that you purchased at Best Buy and have started to use pfSense for your home or small office network. You like the features, but don’t like the idea of leaving a desktop PC or small server running 24/7 for the sole purpose of running a firewall. Enter the world of the thin client. Thin Clients are small form factor, low power PC’s that were intended to run a limited number of applications for office use. Besides the low power consumption, thin clients are also ideal for use with a 24/7 appliance due to the fact that they generally do not use fans or traditional hard disk drives. Without these moving parts in the system, there are very few points of failure and thus thin clients have proved to be extremely reliable.
The one issue with thin clients that inhibits their use for pfSense is that many of them only include one embedded NIC port. To properly use pfSense, we will need at least two NIC ports. While USB network adapters are available, I would not recommend using them for a production system. Therefore, looking for a thin client with a PCI expansion slot is very important. Fortunately, several such models exist. One particular model that is very popular is the Neoware E100 Thin Client. The E100 include the capability to add a PCI expansion card for a second NIC port. The E100 also comes standard with 128MB of RAM and a 1GHz Via Nehemiah processor. These specs are perfect for a home and small office firewall network. These thin clients can be found new in box on eBay for $20 plus shipping.
One of the items that will need to be upgraded to install pfSense onto the Neoware is the DOM or Disk on Module. A DOM is a small flash drive that presents itself to the system as an IDE drive. The E100 ships standard with a 64MB DOM, but we will need at least 256MB to install pfsense. I would actually recommend installing a 512MB module to allow for future expansion. The cost difference is negligible and the 512MB modules are much easier to find. You will need to look for a 44-pin DOM such as the one found here. One note, the standard 64MB module would be sufficient to install Monowall if so desired.
You will also need a PCI Riser to be able to install an additional network card. These can also be had very cheaply on eBay. You will need a 1U Right Angle PCI Riser. Be aware, the lowest cost risers come from Hong Kong. While they work fine, the shipping can take up to a month to arrive.
Any PCI based network card should work sufficiently for pfSense. I had many laying around for use, but they can be bought online for less than $15.
Additionally, you may want to upgrade the RAM in the system. While the standard 128MB is sufficient, there are two memory slots on the E100. A second 128MB PC-2700 DIMM would be a worthy upgrade while you are inside the case.
So after all of these upgrades, we now have a thin client that has 256MB of RAM, 512MB Flash drive, and a second network card. We are all set for pfsense installation as described in another blog post here.
In actual use, my system which is the firewall for a Comcast internet connection (12Mb/2Mb) the Neoware system is very well spec’d for my needs.
- During idle, the CPU utilization is <3%
- At max download, the CPU utilization is <20%
- Memory usage is 33% of 256MB
- Drive usage (with no packages installed) is 41% of a 512MB DOM
- The system consumes less than 20 Watts of power
Update: Over the past 3 years, my home internet connection has increased speed. I now have a 50Mb/5Mb connection through Comcast. The CPU utilization at max download is ~60% with occasional spikes that hit 90%. If your internet connection is faster that 50Mb, you may want to investigate a machine with a faster CPU to run pfsense.