That's pretty cool. Thou the prices are quite high for what it is. One would think that if you're doing a DIY build you would want a normal pcie slot for 10 Gb/s nic coz otherwise for the price you can buy 4-6/2.5 Gb/s whole mini pc on aliexpress. Still, pretty cool site.i'm currently running opnsense on a Dell Wyse 5070 extended with a Intel I350-T4V2 nic, and i have nothing to complain about. But if i was shopping for a new small box to run opnsense etc, i'd prolly be looking at assembling it myself, ever since i discovered the products listed on the german minipc.de site:
MiniPC.de - Product finder MOTHERBOARDS
I've wondered how come the Mitac and Jetway motherboards are seldom referenced here..
the huge selection on that site, including casings etc has always made me drool..
Just as an example:
View attachment 27054
- Intel® Elkhart Lake SoC Processor
- 1* DDR4 3200MHz SO-DIMM up to 16GB
- 6* 10/100/1000/2500 Base-TX Ethernet Ports
- 1* USB 3.1 (Gen.2), 3* USB 2.0, 1* HDMI
- 1* EXT RS232 (RJ45 type), 2* INT RS232, 1* INT RS232/4228/485
- 1* M.2 E-key (2230), 1* M.2 B-key (3042), 1* SIM card slot
- 1* M.2 M-key (2242), 1* SATAIII, 1* 32GB eMMC (option)
- 12V DC-in
oh sure, just linked to a random motherboard, they have a huge selection.. plus cases i think by Akasa and everything else you need.. But if you're in the US for example, i've always wondered if there are second hand markets for these Mitac and Jetway motherboards etc..That's pretty cool. Thou the prices are quite high for what it is. One would think that if you're doing a DIY build you would want a normal pcie slot for 10 Gb/s nic coz otherwise for the price you can buy 4-6/2.5 Gb/s whole mini pc on aliexpress for the same price. Still pretty cool site.
You're correct. Still, you CAN do switching on firewall but ofc it's not recommended for obvious reasons(security, collisions etc..). Some people like to just setup lets say opnsense with wan and 2-3 LANs and be done with it. Not everybody can do VLANs. Some people also like to have everything in one box.I don't understand the point of having a gazillion ports on a router/firewall appliance. Really, I don't.
1. If this is purely for home (not homelab) - Is there no switch involved? Forget L3 switches, not even a dumb switch? All your devices plug into the router itself? At most you need two ports. One for your WAN, one for your internal network, in a flat topology. If your topology isn't flat...the answer is not more ports on the router, it's a managed switch with VLANs.
2. If this is for a homelab/business - You should have a managed switch. Does everything plug straight into the router? No switch? That makes no sense. Your WAN (it's just another network, an external one) and internal network(s) should terminate at the switch and the only device that allows traffic between the two is that router/firewall. In this case you really need only a single port on the router/firewall.
Am I missing something??
But see, that's the point. If you have dumb switches connected to the ports on your router to have these "2-3 LANs", you do have switches, otherwise you just have devices plugged into your router.Some people like to just setup lets say opnsense with wan and 2-3 LANs
I recently consolidated my home setup to two boxes, one baremetal desktop/gaming PC, and one Proxmox dual Xeon E5-2680v4 server with 2x Quadro P620's in passthrough, resulting in two boxes capable of running 3x desktop systems with 4K@60Hz.I don't understand the point of having a gazillion ports on a router/firewall appliance. Really, I don't.
1. If this is purely for home (not homelab) - Is there no switch involved? Forget L3 switches, not even a dumb switch? All your devices plug into the router itself? At most you need two ports. One for your WAN, one for your internal network, in a flat topology. If your topology isn't flat...the answer is not more ports on the router, it's a managed switch with VLANs.
2. If this is for a homelab/business - You should have a managed switch. Does everything plug straight into the router? No switch? That makes no sense. Your WAN (it's just another network, an external one) and internal network(s) should terminate at the switch and the only device that allows traffic between the two is that router/firewall. In this case you really need only a single port on the router/firewall.
Am I missing something??
You see, that was the point - "just have devices plugged into your router" like AP, Desktop etc... without any hardware switches, dumb or managed. By LANs i just meant devices plugged in into the LAN ports on the router/firewall. So people use those lets say 3,4,5 LAN ports on a router/firewall.But see, that's the point. If you have dumb switches connected to the ports on your router to have these "2-3 LANs", you do have switches, otherwise you just have devices plugged into your router.
If you're adding multiple dumb switches to your network to segment it, wouldn't it make more sense to have a managed switch that can handle all of them?
You have a valid scenario, but my point still stands. You don't have a network. You simply have two devices. In this case it's perfectly fine to have no switch. (although the way you segmented things seems a lil odd, but hey we all do things differently.)I recently consolidated my home setup to two boxes, one baremetal desktop/gaming PC, and one Proxmox dual Xeon E5-2680v4 server with 2x Quadro P620's in passthrough, resulting in two boxes capable of running 3x desktop systems with 4K@60Hz.
Both systems have dualport solarflare 10G SFP+ nics. I have a Brocade ICX6450 which i intended to use as a switch for 10G networking between those systems, plus 1gbit link to opnsense router.
I decided to completely remove the Brocade switch. There's no point since i only need 10G between the 2 systems. So i just connected their SFP+ ports point-to-point. Then i use the motherboard integrated intel nic's to connect them to opnsense minipc that has a 4 port Intel i350-T4 nic.
The Desktop only needs one gigabit link to opnsense router. The server needs two, one LAN, and one DMZ for vm's. (i run vlan's on the DMZ link for vm's, but separate it from LAN physically) That's 3 ports. then the 4th port on the intel i350 goes to WAN.
There are still 2 unused Realtek nic's on the Dell Wyse extended i use for opnsense. I'm planning to buy an UPS soon, and will use one of those ports for UPS networking, which it uses for managed shutdown of systems in extended powercut. Then i can use the second Realtek port for guest networking (a laptop connected via wall socket for ex)
That's 6 ports all in use, but no need for powerhungry and noisy switch, which pulls 50W at idle. And a L3 managed switch is just a standard computer with lots of nic's, opnsense is also a L3 router.
Not to mention half the cables.Again it's a wrong way to do it but it can be done and it works. Also there is power saving with with such approach, which many people like.
Agreed. As long we're talking devices plugged into a router, it justifies multiple ports, although like you said, that's the wrong way to do it.You see, that was the point - "just have devices plugged into your router" like AP, Desktop etc... without any hardware switches, dumb or managed. By LANs i just meant devices plugged in into the LAN ports on the router/firewall. So people use those lets say 3,4,5 LAN ports on a router/firewall.
Again it's a wrong way to do it but it can be done and it works. Also there is power saving with with such approach, which many people like.
Well I use a separate DMZ subnet for vm's. the LAN subnet for desktop and PVE subnet for proxmox management. I had originally planned to bridge 2 ports on opnsense for a 2 port LAN, but was advised against it. So now i have one port for baremetal desktop WAN access, one port for VM WAN access, and one port for Proxmox management. They're all separate subnets, with the LAN port having access to the other subnets, but no access to LAN from other subnets.You have a valid scenario, but my point still stands. You don't have a network. You simply have two devices. In this case it's perfectly fine to have no switch. (although the way you segmented things seems a lil odd, but hey we all do things differently.)
So far, I've used so-called web-managed L2 switches to create a VLAN aware LAN and am using pfSense to do the interVLAN forwarding and mDNS work between my IoT and main VLANs. Low amounts of traffic so far since I haven't done video yet.mDNS support would be interesting. If you find something, post it! I haven't seen that but I've mostly looked at older gear (Cisco 3560g, etc)
As far as doing L3 on a switch and getting it to play nice with *sense, you're looking at something called a transit network between your switch and firewall. it's not too hard, but as @kapone said, it can get messy if you're unfamiliar with this stuff.
