Can This Tiny Board Replace Your Entire HomeLab? – Zima Board 2
Ice Whale just sent me this, the Zema board too. Let's open it up. Spoiler alert, I think it's going to be a pretty good firewall. I'm going to work on that here in a bit and install these SSDs. And here we are.
Yes, prox box's. Running on this little guy. This thing's making some weird noises. It's going to verify connection. This was not working before. Yes, it's connected via the virtual interface. B and BR seven. Ready, set, go. Ooh, 107%. Ouch. Welcome to zema space. So we got a little orange headband here.
I think it's because you would not be able to get this box out otherwise let's bungee up here. There we almost dropped it. Alright, I almost dropped it again. Wait. Thank you. Zema board. Okay, so I like the cardboard. It's stupid. I'm taking this off. Alright, it's got a nice message. Dear friend, I kind of love this line. While AI reshapes industries, you've anchored us to the timeless needs of explorers.
Sovereign control over personal data, locally rooted intelligence and the freedom to pioneer digital frontiers. Relentless curiosity. There's no way AI didn't help with that. Alright, enough of that. Thank you Lauren. Okay, here it is. Now cut here. What does that mean? I'm not sure. And there were slots for SSDs. Is this like a case you can use? I dunno. We'll find out. But here it is.
It wasn't heavy. I'm not sure why I made that noise. The Zema board. It looks silver. Let's open it. Okay. It's a solid girl. Feels very futuristic and that's kind of their thing, right? They had a cyberpunk feel with the one before. Where's the one before?
Lemme go grab it. Actually no, it's running by. Okay, here is the old DMA board and here's how they compare. I kind like the design of the old one. Had a cool feel to it.
Kind of retro futuristic, but this one's like all futuristic Now. Same form factor as before. We've got the PCIE slot on the side. We'll go over the specs here in a second. We've got two Saya ports, two USB ports display port and two ethernet ports roughly the same size. This guy's a bit heavier because he's rocking metal and I don't know what this is for. I feel like this is for something. I don't know. Let's see what else.
They sent us how to set things up. Nothing. Power adapter for every location and a state of cable, a Y cable so we can connect to hard drives to it. It's a very strange form factor. Alright, let's talk about the specs.
The suckers rucking, Intel N 1 54 cores but speeds up to 3.6 gigahertz. It's a pretty good processor upgrade from memory. We're talking about the same quantity, eight gigabytes, but speed is where it's at.
We've got LP DDR five X 4,800 megahertz. That's a massive RAM upgrade compared to the first one. Double the speed. Hey network. Chuck from the future here. They actually do have a 16 gig model they forgot to tell me about and I wish they would've sent me that one.
Now the ethernet ports are where things start to get exciting. The zema board two is rocking two, 2.5 gigabit ethernet ports compared to the one gigabit ports on the first zema board. This right here is why I'm excited to use it as a firewall. Oh, and this also is an intel chip versus the real tech chip on the first one. This will be more important later. Now if we turn 'em sideways for a bit,
let's talk about the PCIE port zema. Board two has a 3.0 PCIE slot compared to 2.0 on the original for USB. We got a jump from 3.0 to 3.1 and the last thing to know is the graphics. The zema board two is going to have a frequency up to one G megahertz while the original was rocking in 0.7.
And the other big thing is that it says it supports fan less and active cooling, meaning you can have a fan cooling it. Now, as I said before, I'm going to turn this into a firewall running pf sense. Hey network check from the future here instead of doing a dedicated PF sense install, we're going to do a full on home lab. I'm talking prox, Mox, PF sense is a a few other things. I'm excited I'll see you there, kind of perfect. It's got two ports,
2.5 gigabit ethernet and based on the specs it seems fast enough to do what I want it to do. Okay, so it's bigger, better and faster. We expected that with a sequel, but what about price? I don't know yet. They haven't told me. Hopefully they tell me soon and I'll put it right here. If it's not too much more than the $89 at the Zema board, one is then I think it's a pretty stinking good deal. Hey,
they finally sent us pricing the day of launch and they sent me this screenshot and there are some options and some things they forgot to tell me. So let's try to zoom in and see what's happening. First we have the base model with, they sent me, this seems kind of pricey, but it is a premium device. That's kind of how they're marketing it here. Two, two and a half gig. Nicks a really good processor onboard storage Ram is like eh. Now this is early bird pricing for the first 200 orders, so hurry, oh man, I hope you're quick buddy. And then we have our special for Kickstarter,
which is only $10 more. And then we had the Zema board 1664 version which has 16 gigs of ram. Again guys send me this one and that seems to be the only difference. And this is the price on the first 200 orders only.
So be an early bird and then $10 more for these special Kickstarter pricing. Then we have our bundles. It looks like we're getting A-P-C-I-E and VME adapter and a two bay HDD rack with two gifts, a display port and two ethernet cables for $10 more. Then we have our smart home kit for 400 bucks. What are we getting? Actually this is kind of cool. We're getting a GPU docking station, which again,
why didn't you send this to me? And a USB wifi six adapter and the GP docking station. That sounds pretty interesting. Get a low powered one that can run your prox max transcoding. That sounds nice. And finally, the master kit seven $69. They're proud of this one. What are we getting beyond? Oh we're getting two, we're getting two, right? Is that what they're saying? So that's the pricing. Now let's go play with it. And by the way, they are not paying me for this. They just send it and said,
Hey, play with it. And I said, okay, let me get my coffee. I want to have fun with it. Now as I said earlier, I'm going to do a full on home lab and I think it's going to do pretty well because this processor is kind of good compared to its predecessor.
It's going to be 40 to 70% faster because not only did it bump up the cash and we're getting more speed, but this is a new architecture. We're working with the Intel N one 50. The N one 50 is rocking their grace mount cores, which offer 35 to 45% better IPC than gold mount. The N 34 fifties architecture.
Now because we're doing a hypervisor installation, RAM is pretty important. I really wish they would've had more ram, but I'm happy it's a bit faster. Twice as fast. The onboard storage is not a lot, but I'm not too concerned about that.
I'm going to use the built-in sayta ports and install these SSDs. But given that my primary focus is making it a networking appliance, I'm very excited about the land. Going from one gig to two and a half gig ports is a big jump. Not to mention that we're rocking in an intel chip versus a real tech chip. Now why does that matter? Coffee break.
One of the biggest advantages is that we get hardware offloading, which is perfect for a PF since firewall. And by the way, in case you're wondering how are you installing prox mocks on a little device like this. I don't know why I'm not holding it. Here it is because normally on SBCs you can't install prox ox like the raspberry pie. You couldn't do that here. It's rocking an ARM-based CPU but not the ZEMA board two, it's X 86, which is one of its big advantages. Way more compatibility with pretty much everything.
And of course they have all the virtualization support. We could want V-T-X-V-T-D enough talking about it. Get you coffee ready, let's get this thing going and see what happens. Now here is our home lab battle plan. First we'll install prox mox. I've done this before on the Zema board one and it works pretty well.
This guy should handle it like a champ. And in case you're wondering Prox Mox is a type one hypervisor software that will install directly onto our device that allows us to spin up virtual machines. It's magic. Virtual machines will always be magic to me. And speaking of virtual machines, once we have Prox Oxs installed, we'll set up two VMs. First PF sense and we're going to go crazy with it. Install I-D-S-I-P-S, deep packet inspection. Everything that normally requires a tremendous amount of horsepower, it can severely affect your thorough putt or the speed of your network. We'll do some testing, see how it does.
And of course we'll need to host the test everything on. So we're going to set up a small Ubuntu vm. I will install a GUI and this will be our lab machine.
And finally in step three we'll set up some containers. Normally I use Docker, that's my favorite. But what I've never played with is LXC Linux containers. This is built right into Prox Box. You can manage those side by side with your virtual machines. And by the way,
what's very exciting about this is the pf, since firewall will be the networking for all of our stuff, for our Ubuntu machine, for our containers, the way that happens is also magic. And finally, step four, we'll do some testing. A little bit of I perf a little bit of inmap testing, some firewall rules. If all goes well, this device might be one of the most amazing things you can buy for your home lab. This could be your home lab or a travel home lab. Now we're doing this together. I have not done anything with this.
I haven't even booted it up. So get your coffee ready, let's go. By the way, have you hacked the YouTube algorithm today? Let's make sure you do hit that like button subscribe, notification bell comment, you got to hack YouTube today ethically, of course. Alright, let's get things connected. I'll plug in. Mysa drives the Saya ports on the zema boards are probably my favorite thing.
Plug in our display port connectors so we can see stuff and a keyboard. And finally, power. Here we go. Okay, ZEMA board setup. I went into the bios and made sure all my virtualization settings were enabled and they were by default. That's awesome.
It took me a while to figure out that you pressed escape to boot into the bios. I think it's escape. I shouldn't be having this much problem though. I could just look it up, but I'm not going to. Then I grab my USB with a prox Mox ISO written to it. Booted to that.
On my Zema board I installed Prox Mox, no problem. And it's amazing we can have Prox Mox running on this little bitty device. I just can't get over it. Hey, it's time for a coffee break. And during this coffee break I want to tell you that I'm pretty mad right now why? Someone sent me this, an email saying that all my information, my phone number, my addresses, all the important stuff that's private about me has been exposed and it's on a website. They sent me a link. So I open up this link and the network check cloud browser because I don't know what this link is. I don't want to get hacked. Turns out I already was hacked.
A site called contact out.com just sitting there for anyone to access with all my information. What? So real quick, I want to talk about two things. First, how do they get my information? And two, how do I stop this from happening? I need a coffee break for this one. Getting my information is not that hard. At some point I gave my information to someone, a company or whatever and they got sold to a data broker. This happens to everyone, it's probably happened to you.
Data brokers have your information. They have large swaths of databases full of everybody's information. You know what? They don't care about you at all except for how much you're worth. And they sell that information to all these companies. That's the reason you get all those random stink in phone calls. How'd they get your number? These guys, you can thank them.
Spam emails and that's just the light version. Criminals can do things like get your social security number open a blows in your name. Credit cards ruin your life. And it's not just data brokers, it could also be hackers.
There's a thing called osint or open source Intelligence. Hackers will use all kinds of advanced techniques including AI to scour the web to find out information about you. Now, I just made a video about the biggest cyber threats we're facing in 2025 and one of the biggest ones is impersonations of you and your family. All they really need is personal information about you to make their deep fakes in AI chatbot sound more convincing. Okay, so number two,
what do I stink and do about it? Now I could go to this one website this guy told me about send 'em in an email, find a number, they even have one and request my information be removed. And they might do it, but then a year from now they might get the information again and again and again and they're not the only ones who might have it. Other websites might have it. What? This can't be my full-time job. There's not enough coffee in the world.
This is where the sponsor of this video comes in and cogni. Now I've talked about them before, that whole process of trying to get my data removed, they do that for me and they'll do it for you. Now I've had them up and running for a minute. Lemme show you my dashboard. It's impressive. They have sent 354 removal requests completed. 327 save me 245 hours. And what's cool is I haven't logged into this in a while.
It just does it for me. I don't have to worry about it. Now getting back to this website this guy told me about, which by the way, thank you for telling me about it, Inc. Cogni now has a new feature called custom removals, which I'm going to go through right now. I want my stuff removed. It's where a website may not be in their database of things to check for. So I can actually take that URL and submit a new request and that's all I have to worry about. It's like having an amazing assistant. Not only will they reach out and take care of this for me, but they'll make sure I stay off of the list because they routinely check all these databases to make sure I don't show up again. So seriously,
if you want to protect your identity and the identity of your family, check out incog. I've got a link below incog.com/network check and if you use my code network check, you'll get 60% off. And thank you to Incog for sponsoring this video and also keeping my data off the internet. Now back to the video. Now after the product box install, they do have a web GUI that you need to access to do things, install virtual machines, and that required network access. Now currently this email board is not connected to any kind of network, so I have to plug in my laptop. Okay, I'm remoted into my laptop.
Now I'll need to give it a static IP address because there's no DHCP server set up. I'll give it 10 point 62.1 0.7 something random. Okay, and okay, let's see if we can ping our prom server. There it is. And let's try to access the web interface port 8,006. And here we are.
Yes, prox, Mox running on this little guy, I love it. Let's get logged in is roots. And then did I send a password? Not time to set up our first virtual machine PF since and has it always been this much of a pain to download the ISO from PF sense or from gate rather? You have to register an account, buy it for the zero cost it is Anyways, I have my iso, I'll upload it to the storage here in Pox. Done.
Then I'll set up my vm, create a vm aim at PF sense. Choose my iso, upload the wrong ISO pop os. What the heck? Try this one more time. Oh, pf sense is much smaller. Nailed it. Now with the right iso, let's make our VM PF sense won't need much storage. I'll give it like 50 gigs CPU. We've got four cores total on the zema board. I'll do two cores and then for memory we'll do about three gigs of ram.
Now for networking, we're going to add both network interfaces here and I'm realizing this might break some stuff for us. What am I going to do? We'll worry about that here in a second. And actually what we're going to do is do PCI pass through dedicating these nicks to PF syn and not just virtualizing it. I'll leave that there. We'll do that here in a bit. Now what am I talking about?
PCI pass through sharing nicks. We're normally Prox Maxs. This is my prox mox square because I'm too lazy to go grab the logo. It'll control the network interface cards of the host system. So here's our ZMA board and here's my very ugly ethernet boards. So whenever I provision a new VM in Prox Max, for example, PF sense, normally we might provision a virtual nick for our VM to access.
This is great because both prox mox and the virtual machine can use the same network interfaces and we don't lose access. But here, that's not what I want to do. I want to skip Prox Mox, I'm going to go over his head. I want to give PF sense direct access and control over these nicks. Now why do that better performance? The downside is that now Prox Mox doesn't have any network interfaces and I can't access it. Okay, we'll finish that. It's creating the VM now. There it is. Let's go to hardware and let's add a PCI device and we'll do a raw device and we'll do our first ethernet controller. Again, this will probably,
this might break what I'm doing right now and that's exactly what happened as I was setting this up. I very stupidly try to assign both network interfaces to PF sense forgetting that I will lose network access to prox marks in the process. And that happened. This thing's making some weird noises. Let's be the fan that's getting hella hot. I think I may have lost access to it. I did. I should have known that. So I had to access the console of Prox Mox,
delete the VM PF sense in order to get access again to Prox. Mox. Alright, I'm just going to destroy it. We can always recreate it. QM destroy. I destroyed it. Give me my Knicks back. Alright, I'm rebooting. Okay,
it's back up, back in baby networking is fun. So at this point it seems like I can't use both Knicks for PF cents, but I still want to and I'm going to. But thankfully I had this PCI ethernet card, I've got A-P-C-I-E, little ethernet port, four ethernet ports, plug it in. No, it hated that. It hated that so much. I killed it. I'm sorry. So you can't hot plug in that sucker. And with these extra ports I can dedicate one to a virtual Linux bridge and set up a new management network. Now I don't want to do that.
I do want to remove this eventually I'm going to try some magic here later to fix that. Now let's trade out some ports. Try and guess which one is which over here. Not getting any link lights on this thing. Oh there we go. Ah, we got it. Yes. Okay, so I should in theory be able to go to 10 point 63.1 point 10 port
8,006 and we're golden. So now I can dedicate both of these physical nicks, the 2.5 gigabit to PF cents and then maybe do something fun later for the management. But for now we're stuck with this PCIE adapter or not adapter, it's a card, now it's add our vm and now I'll add my PCIE devices or PCI devices. And there are so stinking many which ones which Oh, there's got to be a way to tell oh no, did not see this problem occurring.
Now another problem I ran into is that I could not figure out which ethernet ports were which and the proxim marks config, there really wasn't a strong indication. Thankfully with a few commands I learned from chat GBT Thank you, I figured it out and I was able to pass through both of those two and a half gig nicks to PF sense. Yes. Now of course we could have run PF sense bare metal straight onto our zema board too and that would've worked great. But with Prox box we get so many more options. Not only can we run other things besides just PF sense, but we can do snapshots of PF sense, take a backup of it when we need to make changes and all kinds of other networking magic. It's just fun. And I started the PF since spiritual machine setup, but then I ran into a really frustrating issue setting up PF sense involve setting up a WAN port which will be the internet port and a LAN port for your local area network. The WAN is where I ran into a problem.
The WAN is where I ran into a problem. That's what I felt like I wanted to say. Sorry, I set it up to receive an internal IP address from my studio via DHCP. Alright, let's try and guess the WAN port. Okay, WAN'S plugged in. Why don't they have port numbers on this thing? I'm going to have to write down with a Sharpie, which is the WAN and lan. And by the way, this is connected to my current network.
It's receiving an IP address for my D-H-C-P-C. It's going to be a private address but it should still work. That should totally be fine, but it wasn't for some reason it wasn't receiving an address.
No network connectivity at all. I tried for a minute but it's five o'clock on a Friday. I threw my hands up, said I was done and I said, you know what? That's a problem for Monday. Chuck a deal with new day knew me. I ran into a problem and I gave it the weekend to let it just kind of sit.
You know how that works. Essentially my PCI pass through didn't seem to be quite working even though I could see the Knicks NPF sense for some reason I wasn't getting any real network access. What was the problem? I have no stinking idea. It was the weekend time passed. I rebooted the thing and yes, I did that before but for some reason today on Monday it's working. I think I thought I was going to have to abandon this part of the project, but I'm doing a full WAN on the full WAN full DHCP on the WAN and then I'll set up my lan. Alright, things are looking good. I'm so excited to get this set up. Continue. It's going to verify connection. This was not working before.
Yes, and we'll do community edition on PF sense. We'll do default everything yes, yes, yes, yes, yes, yes, yes, yes. Here we go. Installing PF SENSE on a virtual machine on a little bitty zema board. Two, I want the stable release trying to get me to do beta. I'm not testing your stuff for you right now. I'll do it later. And it's done. Woo and reboot. Why didn't it configure my land correctly? It's so frustrating.
I did it through the GUI and it just went to default again. I'll do it later. So now in theory I should be able to unplug my laptop from the prox max Nicks, plug it into the LAN port over here and receive an IP address. And actually I should have to go back to DHCP here. Okay? Okay. And we do have an IP address, so let's get to the default gateway here.
1 92 0.168 1.1. Here we go. Pf sense, what's the default password? I think it's admin and pf sense. Try it again. Pf sense. Yeah, I actually have not set up PF sense in a long time.
It's having me do things again. It's fine. Okay, PF sense is set up now time to install Snort Snort will be our I-D-S-I-P-S or intrusion detection and prevention system. Essentially it'll monitor whatever network interface we set and look for any nefarious traffic based on rules that we set.
And I went through and enabled every rule I could. Trying to add as much overhead so we can test this. I even signed up for a free snort account, got my O code and now we have all the rules and then I set up my land interface but did not enable it just yet. I want to test throughput with and without I-D-S-I-P-S. Okay, now we're at the point where I want to remove my PCI card. How am I doing that? I mean it works fine for now, but I want to make this thing as portable as possible.
I don't want this thing just jutting out its side. It's weird. So how can I do that while still being able to access and manage my Prox Mox setup? Because right now the only two network interfaces I have are dedicated to PF Sense Prox Mox can't touch them, which means I can't touch Prox Mox yet. Here's how I'm going to overcome this here in Prox M Land.
First I'll create a new Linux Bridge. Essentially it's a virtual network interface. I named it VBR seven because I like the number seven and I set up a new network assigning at the IP address, 10 point 64.1 10. Then here's the important part. I set up a gateway IP address. It's default gateway of 10 point 64.1 0.1. This right here will be pf since it just doesn't know it yet.
We're going to assign this IP address to one of the interfaces on PF Sense and Prox Max will actually use PF sense as its default gateway kind of in a weird inception thing. The very VM we set up on him will be the router he'll use for stuff that sounded more epic in my head. So now that Linux bridge or virtual network interface set up, I then assigned it or set up a new network interface on my PF since VM with that interface created on pf. Since we can now access the PF since interface notice,
it does see that interface. We can now set this up and I'll assign at the IP address 10 64 0.11. Now I did run into an issue. The issue is me first I set this aside, a notation wrong, which is the shorthand version of the subnet mask. It was 32, need to be 24 reflecting the entire 24 bit network.
32 bits means it was just that one IP address, which is not true. And then after adding a firewall rule that gave me access, boom, we did it. This should work. Yes, I was about to cry. You almost saw me cry in this video.
Now we can remove the PCI card. We don't need it anymore, but I'm too scared so I'm not going to, it broke it when I plugged it in. Now what's fun is we're running pretty much everything right now.
Actually we are running everything off this ZEMA board with a couple of SSDs attached. Now looking back at Prox mocks, let's look at our host here, go to our summary and here's our usage. Right now using about 55% of RAM CPU is almost nothing. Of course we really have no network traffic right now. We're not doing anything. Now.
Time to set up our Ubuntu virtual machine and I'm going to give it a gooey too, which again is more resource intensive, but we're testing stuff here. I gave it two cores, three gigs of ram and I assigned it the new PF since network that we just set up. 10 point 64.1 0.0 slash 24, the VNBR seven. And this is cool because Ubuntu will use PF sense for all of its networking and routing needs. But I forgot to set up DHCP on that network. So I had to run into PF Sense enabled DHCP. And after we got that configured,
boom, Ubuntu had access kind of can we ping the gateway? Can't why I ran into more issues. It's kind of a theme in it. You'll experience it, but it's how we learn, right? Oh, we learned so much through troubleshooting. If everything worked, we would be stupid. Speaking of stupid, I realized it was my own firewall rule. I was only allowing TCB traffic, which wasn't allowing ICMP traffic or ping traffic, which is what I was using to test the interface, allowing any fix my issues.
Again, it's amazing we're able to do all this on this little device. I know I'll keep saying that, but it kind of feels like magic, right? And just think about this. If you're trying to learn this stuff, the amount of things you can learn just by purchasing this alone, you're doing virtualization, networking, firewalls, security, Linux, I'm just, oh so many things. The barrier to entry to learning tech is so low now. Now time for some throughput testing. Here's the setup. First, I-D-S-I-P-S not enabled.
Now we're testing the connection between my Ubuntu VM inside prom and my laptop, my physical machine. And again, the virtual machine. Ubuntu is using the virtual machine PF sense as its network connection as its router. It's connected via the virtual interface v VR seven. And then my laptop is physically connected to the LAN nick on the PF sets. Actually, I lied.
What I did do that you didn't see because I was thinking about testing in more physical hosts, is I added a little small unmanaged switch. But this turned out to be a very obvious limitation. We'll talk about it here in a bit, but here we go. Using I perf to test. I want to run a lot with this command. We're going to obliterate this host with 10 parallel streams for 30 seconds.
Ready, set, go and bam. Up here. Notice this. Here's our throughput, which we're getting up to about 100 megabits. Let's check our CPU. Yeah, PF since has taken a hit. Ooh, 107%. Ouch. Okay.
He's a little stressed out and we don't even have any kind of I-D-S-I-P-S running right now. Yikes. Let's do it again for like 60 seconds. Ready, set, freak out. And we're going nuts. I'm going to lower that a bit to like, let's do four simultaneous streams because we're doing a small little lab here.
We're probably not going to have 10 hosts on this. Let's try it out. It doesn't matter. It's stressing that guy out taking a hit. But we're keeping our throw put pretty high. I mean it's almost line speed.
One gig and that's all that really matters. Here we are stressing it out a lot. Now getting back to my switch limitation. This little unmanaged switch is only a gigabit switch, meaning it's max speed per port is one gigabits per second. Remember the cool thing about the Zema board two, it has a two and a half gigabit port or two of those suckers.
The switch is my bottleneck. So let's remove that switch and connect my laptop directly to the land port of my Zema board because my laptop just so happens to have a two and a half gig port as well. I ran IER again and unsurprisingly we had more throughput clucking in about 1.09 gigabits per second. And oddly enough, the CPU utilization was lower. Comment below why you think that is now signed the test list with IDS and IPS back in PF since land. I added my prox Max VM network, 10 64 0.1 0.0 slash 24 to Snort,
added all the rules and enabled snort on both interfaces and then ran my test. I'll just do 10 like I did before and let's see what we're getting. So wow, okay. Definitely hitting the CPU U like crazy, but okay, we're getting to the over gigabit speeds, but the CPU is taking a beating. Yeah, it's taking a hit. Let's stop it there. Let's do 15. See, has it calmed down yet? I dunno why I'm trying to do this. So 15. Here we go.
CPU is crying. I want to watch VT net zero now to look at on the receiving end. We're seeing the same story though, getting about one point 10 gigabits per second.
So far our throughput hasn't been too bad with and without IDS and IPS enabled. I'm impressed. Sure, we're killing the CPU U, but we're also doing more traffic than I would ever expect to do on this little device. Also, keep in mind asterisk that we're sending a ton of clean traffic, meaning the IDS and IPS aren't going to freak out about it, but the overhead is still there and that's what we're testing.
Now I want to throw some containers at it. So currently right now as it stands, we have a firewall router running all of our stuff with I-D-S-I-P-S enabled. We also have a Ubuntu virtual machine with three gigs of ram. And right now our system is pretty taxed on ram at least. We may be able to squeeze in some containers, especially running LXC containers here in Prox. Mox is going to have lower overhead than you might see with Docker.
So we'll go to create CT for container. I'll call it my little buddy. Set a password. I've actually never set up an LXC container before here in Prox Mox. So we're learning this together. We need a template. What does that mean?
We probably need those. Let's figure out how to do that. Oh, here we go. So under the same place we have ISOs and go to CT templates and let's go to templates. Oh, they have some already. What do we want? We'll throw in some Rocky Linux. How about that? All right, I selected it. How do I download it? Where's the button to download? Am I missing it? Let's enlarge the screen. Oh yeah, there we go. It was just hidden. Alright, download Rocky Lennox template when it's downloaded the image, I think too.
Okay, that's done. So now if I go create a CT, name it my little buddy. So we liked our template. Yeah, I'll give it eight gigs of space. I'll give it 15. I'm feeling generous. We'll give it one core. We really can't spare anymore memories. Fine.
It's going to be a container and we'll put that on our PF Sense network and that should be it. Let's start it after created and finish. It's telling me it's done. Little coffee break to celebrate and he's alive right there. Let's go check him out. My little buddy. I got the console. Think it'll be root. Yeah, we got it.
What's your IP address? He's on the network. Can I ping another host? Perfect. I'm pinging my laptop here and tell you what, on my little buddy container, I'm going to run Pi hole. So I'll install it real quick. If you don't know what Pi hole is, it's a great DNS server and it does amazing things for ad blocking. Now I believe I could run that inside pf sense if I went to packages, see Pi Hole? Oh yeah, maybe not. I take that back. Oh,
PI Hole does not like Rocky Linux. So let's set up a Ubuntu container. So right now my system, it's being pegged, but it's not crazy. Let's create another one. I'm going to grab another template this time. I'll do Ubuntu. Create a container. Call this pie hole and no pie hole.
Does not have a ready built container for things like LXC and I could just run Docker on my Ubuntu VM that have, but I want to put it through its paces here. Okay, pie hole is running, got a console. Let's get logged in. Let's update. I don't have a network connection yet. Oh,
it's not set. The DHCP. What are you doing over here? Okay, now we have an IP address. Now we can update and now we can install a pie hole after we install curl. Let's check our performance right now. Still, it's not crazy. I mean we're at the top end in our ram, but these little containers aren't going to kill it. Alright, the IP address is 1 0 2.
I'll go to my PF sense and change all DNS to point to 1 0 2. See that apply? Do the same thing on my other networks here apply and I should be able to access my pie hole login. 10 64 1 1 0 2. There it is. What's my password? Oh, it tells me right there. Z-M-I-U-N.
Alright, and things are moving along. Check this out. In my dashboard, I'm seeing queries blocked and stuff. Yes, things are working and my system's not dying. This is not bad at all. So here's my verdict. I love this thing. It's not the most powerful SPC. This could be a portable app. I mean really, I don't even need this PCI card that I have with it.
All I need is an external hard drive and that's it. This thing can run prox oxs, pf sense containers, VMs. I've got a full network running right now with IDS and IPS enabled. That's fun. I could probably push it further. But the one limitation we have is ram.
I wish there was an easy way to upgrade the RAM here. I don't know if there is. I don't think there is. That's the biggest limitation here. If I just had 16 gigs of ram, this thing would be amazing and maybe they will come out with a model with 16 gigs of ram. But right now, I don't know. Hey, network check from the future here again, they did talk about a 16 gig model, which they did not send me. I think that one is probably the way to go. If you're looking to do something like I did in this video, I could have really used the eight gigs of extra ran.
Now let me know your thoughts below. What do you think of the zema board to, will you add this to your lab? Will this be your travel lab? I think I actually might use this as my travel lab. Or if anything, use it as an air gap network, meaning it's not touching my other networks. I can just plug in an access point into this. Actually,
I could run a unified controller on this as a container. Plug in an AP and have a little air gapped wifi network. Anyways, that's all I got. I'll catch you guys next time.
2025-04-27 07:10
