https://turingpi.com logo
Join Discord
Powered by
Turing Pi 2 node as router/firewall [pfSense/OPNse...
# │forum
t
This will be a place to concentrate advice and information about using a Turing Pi 2 node as a router/firewall. - add Ethernet port(s) via mPCIe - which software: OPNsense/pfSense/OpenWRT Note: I’m currently using a pfSense as a VM running on my Dell PowerEdge R530 under Proxmox. I’m considering running this as a bare-metal process on one of my Turing Pi 2 nodes.
s
It's actually really cheap to do this on a separate board with either a RPi4 or (better IMO) with a CM4 in a board made for this purpose such as this very inexpensive and quite nice one: https://www.mytechcatalog.com that has two GbE ports, an M.2 Key E slot for a WiFi 6/6E card, and even two M.2 Key M slots to add NVMe SSD drives. My experience with this small maker is outstanding and I have bought 3 of these to use as headless cluster head-nodes (ssh access only) for TPi2 clusters to keep the cluster board off the rest of my network. I'm working to set up traditional HPC cluster provisioning (e.g., using Warewulf) although lack of direct PXE support is a bit of a nuisance.
t
hmmm, well, I will have 2 CM4 left over after I get my two RK1's
d
I've seen a question about using one node as a router multiple times actually. I think an additional network adapter for node 1 or node 2 would do the trick. For WiFi I guess you'd want an access point anyway placed somewhere else that covers all the places well.
I'm very well interested in seeing such a solution with TPi2, maybe even with RK1 since it's much more powerful
v
Is there a way to do vlans on the switch?
d
This is planned, but not yet done. the switch should be capable of doing so
v
Any idea on a timeline on that feature?
d
Not yet
s
Just a note that I tried with two different cards to use the extra mini-PCIe slots for node 1 or node 2 to add an extra Ethernet and was not able to get it to work on the TPI 2.4 board. The 2.5 board should be better in this regard but I gave up and went with the approach above, which I like better for a lot of reasons including the ability to add storage to the CM4 doing the router/head node duties.
d
TPi2 v2.5 should not be any different in this unless the cards are using USB not PCIe
s
There seemed to be a conflict in the way that the mini-PCIe was accessed related to the USB functionality. Anyway, I tried several things including rebuilding the kernel but could not make it work.
d
I'm not sure what that means
PCIe on v2.5 is the same as in v2.4 and the USB part does not affect PCIe in any way
If anyone has any ideas of Mini PCie ethernet interfaces to look at, I might buy one and try
t
d
Does not look like I can get this one easily. I can see it in the US stores (including Amazon), Amazon.au and Aliexpress but nothing local to me
I might look at the IOCrest store, though, and potentially maybe also get the M.2 version
t
Although I’ve had great success with pfSense (on the R530), I’m considering switching to OPNsense. If necessary I’ll have to check out OpenWRT too… on this project
Anyone have any experience with them?
I bought one from Amazon.
s
Sorry for the stupid question, but is there no other way to get the 4 nodes on the board to communicate with each other without using a router?
d
There is none I can find in Polish Amazon. I've seen them on US and AU Amazon stores only
There are no stupid questions, just stupid answers 🙂 The nodes are connected using the embedded switch. The goal here is to have another, separate LAN port for one of the nodes, to act as a WAN port - this way you connect the "internet" side to this port and use a module to act as a router for your whole network (to replace other router you might have)
t
If OpenWRT works for my purposes, that’ll be simpler; if I stick with pfSense/OPNsense then an ARM build and installation will need to be figured out and published
It arrives Wednesday…
Copy code
00:00.0 PCI bridge: Broadcom Inc. and subsidiaries BCM2711 PCIe Bridge (rev 20)
01:00.0 PCI bridge: ASMedia Technology Inc. ASM1182e 2-Port PCIe x1 Gen2 Packet Switch
02:03.0 PCI bridge: ASMedia Technology Inc. ASM1182e 2-Port PCIe x1 Gen2 Packet Switch
02:07.0 PCI bridge: ASMedia Technology Inc. ASM1182e 2-Port PCIe x1 Gen2 Packet Switch
03:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8125 2.5GbE Controller (rev 04)
04:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8125 2.5GbE Controller (rev 04)
well, it shows up on 
lspci
👍🏼
OPNsense on RP4:
besides compiling a few packages for jails in TrueNAS Core I have little experience with FreeBSD so I'm a bit lost when it comes to building OPNsense/pfSense
Ubuntu Server 22.04.3 LTS on CM4:
Copy code
$ ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether e4:5f:01:4e:f1:d7 brd ff:ff:ff:ff:ff:ff
3: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether e4:5f:01:4e:f1:d8 brd ff:ff:ff:ff:ff:ff
4: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 88:c9:b3:b0:b9:96 brd ff:ff:ff:ff:ff:ff
    altname enp3s0
5: eth2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 88:c9:b3:b0:b9:97 brd ff:ff:ff:ff:ff:ff
    altname enp4s0
15 Views
PreviousNext
Powered by