The pricing seems about the same here, depending on where you live. I can imagine living in Paris, you can choose what France can offer. Elsewhere in la belle France - on verra! 
Andy
1 Like
For a phisical machine about firewall i suggest to use AMD cpus. Less vulnerabilities, less mitigations, less performance loss due to mitigations.
1 Like
This IS what we’re actually talking about:
AMD Quad Core CPU inside!
About 25 running, all no issues, some with the older hw versions…
The Hardware runs OPNsense / PFsense without issues, no noise, low heat…
My 2 cents
Andy
I saw there is no vga, is it right, how to install the OS
Serial connection to your PC/Notebook.
Linux using screen…
Mac using Serial
Windows eg Hyperterminal
This gives you console.
See here:
All Linux / UNIX generally support this function, but I’ll admit I never used this in NethServer.
Like a typical Cisco, Serial, no Web-GUI (At least not until you’ve installed it!).
On Proxmox (Just to get the feel of it) you can use the Proxmox Web-GUI Console.
The shop has a usefull Serial-USB Adapter with built in Zero-Modem Cable.
(Words from a millenium past!)
About 9 €… Worth it!
My 2 cents
Andy
I got one myself, I use it for other topic, you are right it is old tool…
2 Likes
For todays generation, 8N1 doesn’t make sense!
1 Like
I would be interested if we could open a topic on the differences we have between nethserver firewall and opnsense.
People here prefers to install opnsense but what I cannot figure is that NethSecurity (the enterprise version of the firewall) is a best seller, so hence my guess on what you miss
Sure, I’d be glad to contribute what I can. Not coding, I leave that point to you as a pro…
But I’m in networking, and firewalls are an essential bit in that whole infrastructure of IT…
If you want, fire up a VM with OPNsense, as said, I can help with the configuration so you can see what features are available, what could be easily implemented in the next generation of NethServer…
I can say, from a netadmin’s point of view, that’s a cool feature!
You can say, from a dev’s point of view, yes, I see how i could code that…
My 2 cents
Andy
1 Like
Also don’t forget, the NethSecurity is a different animal than the usual all in one NethServer here on the Forum.
This box, as eg. OPNsense or PFsense, are generally dedicated Perimeter Firewalls, regulating access and security to other Networks, especially the Internet.
Same goes for Cisco Pix, Checkpoint or whatever you have out there…
The main thing for company or enterprise users, but also Institutions is the security that provides…
An application error in any server can’t bring down the Internet, as it could in an All in One box.
My 2 cents
Andy
1 Like
OT
It is a daily driver for me: in the embedded space without whatever graphical output it is the tool to work with. 
1 Like
So many cisco admins have the same issue - they can’t even operate the ones with a Web-GUI anymore… But give them serial - they’ll copy and paste whole configs in for an Enterprise!
My 2 cents
Andy
1 Like
I did, the discovering is still occuring
My first feeling is how we (NethServer) wants to hide/expose the complexity
Nethserver hides the complexity and propose a workable solution
OpnSense exposes the complexity of the options, with a lot of settings
however opnsense offers: ipv6, opendns, unbound as default dns, dynamic dns, radius
good tools to create
nc
tcdump
1 Like
You want to try out wireshark? Easy…
You prefer Bind as DNS? also easy…
Need VMWare Tools? also there…
And the finding on top right…
Type DHCP, or port, it’s fast.
But have a look at backup / restore, especially the “partial restore”.
Say for NethServer to reload a DHCP with 50 odd reservations…
My 2 cents
Andy
2 Likes
I am curious how did you instal pihole
Salut Stéphane
My PI-Hole at home or at clients is usually a Debian 10 LXC on Proxmox. This is very stable and works very well.
Here is my own Instruction, in english.
This can also be used / help others here!
My 2 cents
Andy
Setup PI-Hole as Linux-Container in Proxmox
Base: Debian 10, must be downloaded and ready in Container-Templates, otherwise download it (in Container-Templates)
Create new LXC Container in Proxmox.
Prerequisites:
Debian10 basis
2 CPU core
1024 MB RAM, 512 MB Swap
Network: 192.168.XXX.29/24 Gateway 192.168.XXX.1
(Adapt Network to your network!)
Disk: 20 GB
When the LXC container is created, use the Proxmox console and login as root.
First do an update:
apt-get update
Install general tools:
apt install openssh-server mc htop nano screen snmp snmpd curl sudo
Activate SSH, also für root:
nano /etc/ssh/sshd_config
add in the line below as shown:
#PermitRootLogin prohibit-password
PermitRootLogin yes
Save with CTRL X, confirm with y
Set SSH as service, restart
systemctl enable ssh
systemctl restart ssh
Configure SNMP konfigurieren (eg for Zabbix monitoring)
rm /etc/snmp/snmpd.conf
nano /etc/snmp/snmpd.conf
Content of the new snmpd.conf file (Use your own!):
rocommunity public
syscontact Admin
syslocation FIRMA, ORT
Save with CTRL X, confirm with y
Set SNMPD as service, restart
systemctl enable snmpd
systemctl restart snmpd
Now’s the time for the actual PI-Hole installation:
curl -sSL https://install.pi-hole.net | sudo bash -x
Confirm as required with ENTER or y (ca 5-6 Screens)…
At the end set the password for your PI-Hole, i suggest using the root password.
Note:
It can make sense to use a different password here, if other non-admins are to view the page.
pihole -a -p
PI-Hole is installed, a reboot is not needed!
You need to set your PI-Hole on all clients as DNS server, or set it in your DHCP server.
You can now access your PI-Hole with http://192.168.xxx.29/admin, use the passwort you set earlier.
Done! Have fun with your PI-Hole!
2 Likes
i am glad that this does not only happen to me
well: 1024 MB RAM, 512 MB Swap
But this typo could easily be mine. Therefore I had to smile
2 Likes
I personnally use my nethserver-pihole module based on docker with a macvlan network. Basically the container gets an IP that I use as the external dns server of the nethserver, the dhcp server gives the dns IP to the clients indeed.
Quite reliable, I need to test it on a thin server/gateway it should work
1 Like