New Firewall, Less Power

For the past couple years, I've been using the Astaro Security Gateway Linux product for a firewall and router. It worked very well, and the software has more features than I'd ever think about using. However, the machine I was using was an old 4U rack server filled with NICs. It probably burned 200 watts being alive. Next to the firewall was a dedicated 1U server providing DNS and DHCP service to the LAN -- another 100 watts at least.

In an effort to reduce the amount of juice that my server room sucks up, I started looking for an open source firewall solution that would run on a low-power embedded PC. It also had to provide custom DNS and DHCP service for the network. I went with pfSense -- a fork of m0n0wall, based on a very lightweight distribution of FreeBSD. To test the software, I put it on a spare beige box. After booting the Live CD, I configured the system to replace the Astaro Security Gateway. I also setup DNS and DHCP with all the MAC addresses of my network devices. Everything works very well.

I looked around for a single-board PC to use as the replacement hardware. I selected a Netgate m1n1wall 3E 2C1, based on the ALIX.2C1 system board. It has no moving parts, and consumes about 6 watts at peak CPU activity. It will sit right next to my DSL modem in the premise wiring rack.

My Southern California Edison rate for power (transmission + generation) is about 18 cents per kilowatt-hour. If I shave roughly 300 watts off my 24/7 usage, I'll save about $39 a month. Not too shabby.

24 hours * 30 days * $0.18 per kWh * 0.3 kWh = $38.88

So, in less than six months, the cost of the new router hardware will have been saved by not running the two conventional servers.