pfSense on Neoware thin client

So you have graduated from using the off the shelf router that you purchased at Best Buy and have started to use pfSense for your home or small office network.  You like the features, but don’t like the idea of leaving a desktop PC or small server running 24/7 for the sole purpose of running a firewall.  Enter the world of the thin client.  Thin Clients are small form factor, low power PC’s that were intended to run a limited number of applications for office use.  Besides the low power consumption, thin clients are also ideal for use with a 24/7 appliance due to the fact that they generally do not use fans or traditional hard disk drives.  Without these moving parts in the system, there are very few points of failure and thus thin clients have proved to be extremely reliable.

The one issue with thin clients that inhibits their use for pfSense is that many of them only include one embedded NIC port.  To properly use pfSense, we will need at least two NIC ports.  While USB network adapters are available, I would not recommend using them for a production system.  Therefore, looking for a thin client with a PCI expansion slot is very important.  Fortunately, several such models exist.  One particular model that is very popular is the Neoware E100 Thin Client.  The E100 include the capability to add a PCI expansion card for a second NIC port.  The E100 also comes standard with 128MB of RAM and a 1GHz Via Nehemiah processor.  These specs are perfect for a home and small office firewall network.  These thin clients can be found new in box on eBay for $20 plus shipping.

One of the items that will need to be upgraded to install pfSense onto the Neoware is the DOM or Disk on Module.  A DOM is a small flash drive that presents itself to the system as an IDE drive.  The E100 ships standard with a 64MB DOM, but we will need at least 256MB to install pfsense.  I would actually recommend installing a 512MB module to allow for future expansion.  The cost difference is negligible and the 512MB modules are much easier to find.  You will need to look for a 44-pin DOM such as the one found here.  One note, the standard 64MB module would be sufficient to install Monowall if so desired.

You will also need a PCI Riser to be able to install an additional network card.  These can also be had very cheaply on eBay.  You will need a 1U Right Angle PCI Riser.  Be aware, the lowest cost risers come from Hong Kong.  While they work fine, the shipping can take up to a month to arrive.

Any PCI based network card should work sufficiently for pfSense.  I had many laying around for use, but they can be bought online for less than $15.

Additionally, you may want to upgrade the RAM in the system.  While the standard 128MB is sufficient, there are two memory slots on the E100.  A second 128MB PC-2700 DIMM would be a worthy upgrade while you are inside the case.

So after all of these upgrades, we now have a thin client that has 256MB of RAM, 512MB Flash drive, and a second network card.  We are all set for pfsense installation as described in another blog post here.

In actual use, my system which is the firewall for a Comcast internet connection (12Mb/2Mb) the Neoware system is very well spec’d for my needs.

  • During idle, the CPU utilization is <3%
  • At max download, the CPU utilization is <20%
  • Memory usage is 33% of 256MB
  • Drive usage (with no packages installed) is 41% of a 512MB DOM
  • The system consumes less than 20 Watts of power

Update: Over the past 3 years, my home internet connection has increased speed.  I now have a 50Mb/5Mb connection through Comcast.  The CPU utilization at max download is ~60% with occasional spikes that hit 90%.  If your internet connection is faster that 50Mb, you may want to investigate a machine with a faster CPU to run pfsense.



This entry was posted in Uncategorized. Bookmark the permalink.

42 Responses to pfSense on Neoware thin client

  1. Kevin says:

    Could you explain where the DOM module goes? Inside? Or is it attached to a USB port? I don’t see from the pictures where it plugs in. The top picture looks like it is showing a USB drive sticking out the back. Is that the DOM?
    [email protected]

  2. admin says:

    The DOM module goes inside the unit. The DOM module itself is pictured above (the second picture). It plugs into the main system board as highlighted in this picture:

  3. Charlie says:

    I was going to try and load a CF card with pfsense and use a CF card to 40 pin IDE adapter in a Neoware CA22. The combination would be less cost than a DOM. Do you see any reason this would not work?


  4. Charlie says:

    Wanted to say thanks for the blog. The CF adapter worked great. I have a 2GB nanobsd pfsense install on a Neoware CA22.

  5. admin says:

    Thank you for the kind words. Glad that you found it useful. Let me know if you have any other DIY projects in mind that I could write about.

    • admin says:

      That unit looks perfect. From the description, it already has a 512MB DOM and 256MB of memory. The only thing you would need to add is a second network card, but it also appears to have the riser installed as they have a wireless card already installed. Good find!

  6. Mel says:

    Do you know of any success using pfSense FreeSwitch/FusionPBX package with embedded nanobsd?

    • admin says:

      I have not had much luck using packages with the embedded kernel. It seems that most developers assume they full kernel with HDD swap space.

      • Paul Nye says:

        Ouch. That’s a shame cos I had full intention to add some packages like squid for web content filtering and some UTM modules for intrusion prevention. I tried to add some modules last night and they took forever and seemed to not be present after installation. This might explain why. Any hope for me to still be able to use my neoware box?

        • admin says:

          Just dont use the embedded kernel then. You can use the regular kernel with either:

          1) Accept reduced reliability of the DOM device due to frequent writes
          2) Or instead of using a DOM, use a more traditional HDD hooked up to the IDE port which is designed to handle frequent writes.

  7. John says:

    If I have a wireless router, can I just use that instead of getting a wireless card? I can turn it into an access point? would it get plugged into my switch?

    • admin says:

      Yes, that is what I do. I just plug an access point (Linksys Router turned into an AP) into the switch with no wireless card installed in the pfsense box.

      • John says:

        Thank You,

        is there room on this e100 I just bought from the above link for a 3rd NIC for OPT1 or can I get a dual Nic perhaps?

        • admin says:

          No. Just the embedded NIC and a single PCI slot. You would have to buy a dual NIC to put into the slot. These can be had for $15 on ebay. Just make sure not to accidentally get a PCI-E adapter which is much more prominent these days.

          • john says:

            is the Null modem approach the only way to get this installed on this e100? my mac or pc don’t appear to have a null modem connection. what are my options to get this installed?

          • admin says:

            Its not the only way, but IMO its the easiest way. There are USB -> Serial adapters that would work with your machines that cost a few dollars. Since this post was written, pfsense has started to release builds of the embedded kernel with vga enabled. This would allow you to avoid using the serial connection altogether. However, since these aren’t .iso files that can be burned to a CD, you would still need a way to copy to image file to the internal DOM. This is why I recommend the method in this POST as booting into a Linux Live CD and copying files would be more difficult for most users.

  8. John says:

    Which USB adapter would work ? Can u please provide a link .

  9. John says:

    Well , I connected everything using the serial to USB but putty just opens a blank screen with cursor . Any ideas ?

    • admin says:

      Did you choose the embedded kernel?
      What does the VGA output currently say?
      Did you choose ‘Serial” in putty rather than the default SSH?

  10. John says:

    I followed the instructions in the link above , cd iso. Yes, I chose serial

  11. John says:

    Says to press f1 to boot and then it gets to the forward slash like in the screen in the directions to where it’s suppose to switch to serial

    • admin says:

      Yes, thats correct. I’d guess that your serial cable configuration is not working. You should see the console output through putty at this point. I wish I could be of more assistance from here.

  12. köksknivar says:

    We are a bunch of volunteers and opening a new scheme in our community. Your site provided us with valuable info to work on. You have done an impressive task and our whole group will likely be grateful to you.

  13. Pingback: Turning an HP Neoware e140 into a pfSense firewall – Rambolo

  14. mike says:

    I finally got my neoware ca22 working. I installed a 1gb memory card and it seems to be working good with my cable modem. But I’m starting to think that I should install a CF card. Apparently under the DOM module there is a solder pad for a CF Card Holder. Check out

  15. Gerald says:

    would like to know if its possible to disable the onboard video and install a pci videocard to increase video performance?

    • Samir says:

      Just tried installing a video card in one of our ca22s earlier today. While the card worked fine, I could not find a way to disable the built-in video card.

  16. Gerald says:

    can i install an additional video card?

  17. Pascal says:

    Any news about installing squid on the 512mb dom?
    Or is het just not possible?


  18. Dave says:

    Do you know the bios setting to automatically wake during a power event such as being powered down from a UPS? I have a CA22 connected to a APC UPS via usb and just tested and while it powers down OK, when the power is restored I have to manually push the front panel button to restart it. Thanks for your help.


    • Samir says:

      In the bios, check the setting for the front power switch. You can set it to on/off/previous state. To get into the bios, hit del when you see the neoware logo.

  19. Dave says:

    Do you know the bios setting to automatically wake during a power event such as being powered down from a UPS? I have a CA22 connected to a APC UPS via usb and just tested and while it powers down OK, when the power is restored I have to manually push the front panel button to restart it. Thanks for your help.

  20. Dave says:

    Never-mind to my question regarding the wake on power. I found it in the BIOS under Power Management, appropriately titled “AC Loss auto restart” with the choices “Off”, “On” “Last State”.

  21. dan says:

    anyone know if there is an update to the bios for this? the 1gb DOM isnt handling logs being stored. Thought about switching to an ssd but idk where to draw power from(usb?). Any who looking to install 16gb DOM but since this is 32 bit it wont see most of it. So just curious as to what your thoughts on that are. Logs are coming from snort and pfblocker, i have it set to not log very much for this reason, still didnt help.

Leave a Reply

Your email address will not be published. Required fields are marked *