Transcription

Ice Whale just sent me this, a Zima Board 2. Let's open it up. Spoiler alert, I think it's gonna be a pretty good firewall. I'm gonna work on that here. And install these SSDs. And here we are. Yes, Proxmox running on this little guy. This thing's making some weird noises. It's gonna verify connection. This was not working before. Yes! It's connected via the virtual interface Ready, set, go. Ooh, 107%! Ouch! Welcome to Zima space. So we got a little, uh, orange headband here. It's, uh, I think it's because you would not be able to get this box out otherwise. Let's, uh, bungee it up here. I almost dropped it. Alright, I almost dropped it again. Thank you, Zima Board. Okay, so I like the cardboard. I'm taking this off. Alright, it's got a nice message. Dear friend, I kind of love this line. While AI reshapes industries, you've anchored us to the timeless needs of explorers, sovereign control over personal data, locally rooted intelligence, and the freedom to pioneer digital frontiers with relentless curiosity. There's no way AI didn't help with that. Alright, enough of that. Thank you, Lauren. Okay, here it is. Now, cut here. What does that mean? I'm not sure. And there were slots for SSDs. Is this like a case you can use? No, we'll find out. But here it is. Oh, it wasn't heavy. I'm not sure why I made that noise. The Zima Board. It looks silver. Let's open it. Okay, it's, uh, it's a solid, girl. Feels very futuristic. That's kind of their thing, right? Like they had a cyberpunk feel with the one before. Where's the one before? Let me go grab it. Actually, no, it's running by. Okay, here is the old Zima Board. And here's how they compare. You know, I kind of like the design of the old one. Had a cool feel to it. Kind of retro futuristic. But this one's like all futuristic. Now, same form factor as before. We've got the PCIe slot on the side. We'll go over the specs here in a second. We got two SATA ports, two USB ports, display port, and two Ethernet ports. Roughly the same size. This guy's a bit heavier because he's rocking metal. And I don't know what this is for. I feel like this is for something. I don't know. Let's see what else they sent us. How to set things up. Nothing. Power adapter for every location. And a SATA cable. A white cable so we can connect two hard drives to it. It's a very strange form factor. All right, let's talk about the specs. This sucker's rocking an Intel N150. Four cores with speeds up to 3.6 gigahertz. It's a pretty good processor upgrade. For memory, we're talking about the same quantity, eight gigabytes. But speed is where it's at. We've got LPDDR5X, 4,800 megahertz. That's a massive RAM upgrade compared to the first one. Double the speed. Hey, Network Shock from the future here. They actually do have a 16 gig model they forgot to tell me about. And I wish they would have sent me that one. Now, the Ethernet ports are where things start to get exciting. The Xenoboard 2 is rocking two 2.5 gigabit Ethernet ports, compared to the one gigabit ports on the first Xenoboard. This right here is why I'm excited to use it as a firewall. Oh, and this also is an Intel chip versus the Realtek chip on the first one. This will be more important later. Now, if we turn them sideways for a bit, let's talk about the PCIe port. Xenoboard 2 has a 3.0 PCIe slot, compared to 2.0 on the original. For USB, we get a jump from 3.0 to 3.1. And the last thing to note is the graphics. The Xenoboard 2 is going to have a frequency up to 1G megahertz, while the original was rocking 0.7. And the other big thing is that it says it supports fanless and active cooling, meaning you can have a fan cooling it. Now, as I said before, I'm going to turn this into a firewall running PFSense. Hey, Network Chuck from the future here. Instead of doing a dedicated PFSense install, we're going to do a full-on home lab. I'm talking Proxmox, PFSense as a VM, a few other things. I'm excited. I'll see you there. Kind of perfect. It's got two ports, 2.5 gigabit Ethernet. And based on the specs, it seems fast enough to do what I want it to do. Okay, so it's bigger, better, and faster. We expected that with the sequel, but what about price? I don't know yet. They haven't told me. Hopefully they tell me soon and I'll put it right here. If it's not too much more than the $89 that the Xenoboard 1 is, then I think it's a pretty stinking good deal. Hey, they finally sent us pricing the day of launch and they sent me this screenshot. And there are some options and some things they forgot to tell me. So let's try to zoom in and see what's happening. First, we have the base model, what they sent me. This seems kind of pricey, but it is a premium device. That's kind of how they're marketing it here. Two, two and a half gig NICs, a really good processor, onboard storage. RAM is like, eh. Now this is early bird pricing for the first 200 orders. So hurry. Oh man. I hope you're quick, buddy. And then we have our special for Kickstarter, which is only $10 more. And then we had the Xenoboard 1664 version, which has 16 gigs of RAM. Again, guys send me this one. And that seems to be the only difference. And this is the price on the first 200 orders only. So be an early bird and then $10 more for the special Kickstarter pricing. Then we have our bundles. It looks like we're getting a PCIe NVMe adapter and a two bay HDD rack with two gifts, a display port and two ethernet cables for $10 more. Then we have our smart home kit for 400 bucks. What are we getting? Actually, this is kind of cool. We're getting a GPU docking station, which again, why didn't you send this to me? And a USB wifi six adapter and the GPU docking station. That sounds pretty interesting. Get a low powered one that can run your Proxmox transcoding. That sounds, that sounds nice. And finally the master kit, $769. They're proud of this one. What are we getting beyond? Oh, we're getting two. We're getting two, right? Is that what they're saying? So that's the pricing. Now let's go play with it. And by the way, they are not paying me for this. They just sent it and said, Hey, play with it. I said, okay, let me get my coffee. I want to have fun with that. Now, as I said earlier, I'm going to do a full on home lab. And I think it's going to do pretty well because this processor is kind of good compared to its predecessor. It's going to be 40 to 70% faster because not only did it bump up the cash and we're getting more speed, but this is a new architecture we're working with the Intel N150. The N150 is rocking their grace mount cores, which offer 35 to 45% better IPC than gold mount the N3450s architecture. Now, because we're doing a hypervisor installation, RAM is pretty important. I really wish they would have had more RAM, but I'm happy. It's a bit faster, twice as fast. The onboard storage is not a lot, but I'm not too concerned about that. I'm going to use the built-in SATA ports and install these SSDs. But given that my primary focus is making it a networking appliance, I'm very excited about the LAN. Going from one gig to two and a half gig ports is a big jump. Not to mention that we're rocking an Intel chip versus a real tech chip. Now, why does that matter? Coffee break. One of the biggest advantages is that we get hardware offloading, which is perfect for a PFSense firewall. And by the way, in case you're wondering, how are you installing Proxmox on a little device like this? I don't know why I'm not holding it. Here it is. Because normally on SBCs, you can't install Proxmox like the Raspberry Pi. You couldn't do that here. It's rocking an ARM-based CPU, but not the Xema board 2. It's x86, which is one of its big advantages. Way more compatibility with pretty much everything. And of course, they have all the virtualization support we could want. VTX, VTD. Enough talking about it. Get your coffee ready. Let's get this thing going and see what happens. Now, here's our home lab battle plan. First, we'll install Proxmox. I've done this before on the Xema board 1, and it works pretty well. This guy should handle it like a champ. And in case you're wondering, Proxmox is a type 1 hypervisor. Software that will install directly onto our device that allows us to spin up virtual machines. It's magic. Virtual machines will always be magic to me. And speaking of virtual machines, once we have Proxmox installed, we'll set up two VMs. First, PFSense. And we're going to go crazy with it. Install IDS, IPS, deep packet inspection, everything that normally requires a tremendous amount of horsepower and can severely affect your throughput or the speed of your network. We'll do some testing, see how it does. And of course, we'll need a host to test everything on. So we're going to set up a small Ubuntu VM. I will install a GUI, and this will be our lab machine. And finally, in step three, we'll set up some containers. Normally, I use Docker. That's my favorite. But what I've never played with is LXC, Linux containers. This is built right into Proxmox. You can manage those side by side with your virtual machines. And by the way, what's very exciting about this is the PFSense firewall will be the networking for all of our stuff. For our Ubuntu machine, for our containers, the way that happens is also magic. And finally, step four, we'll do some testing. A little bit of IPerf, a little bit of Nmap, testing some firewall rules. If all goes well, this device might be one of the most amazing things you can buy for your home lab. This could be your home lab or a travel home lab. Now we're doing this together. I have not done anything with this. I haven't even booted it up. So get your coffee ready. Let's go. By the way, have you hacked the YouTube algorithm today? Let's make sure you do. Hit that like button, subscribe, notification bell, comment. You got to hack YouTube today. Ethically, of course. All right, let's get things connected. I'll plug in my SATA drives. The SATA ports on the Xema boards are probably my favorite thing. Plug in our DisplayPort connector so we can see stuff. And the keyboard. And finally, power. Here we go. Okay, Xema board setup. I went to the BIOS and made sure all my virtualization settings were enabled and they were by default. That's awesome. It took me a while to figure out that you press escape to boot into the BIOS. I think it's escape. I shouldn't be having this much problem. I could just look it up, but I'm not going to. Then I grabbed my USB with a Proxmox ISO written to it, booted to that on my Xema board. I installed Proxmox, no problem. And it's amazing we can have Proxmox running on this little bitty device. I just, I can't get over it. Hey, it's time for a coffee break. And during this coffee break, I want to tell you that I'm pretty mad right now. Why? Someone sent me this, an email saying that all my information, my phone number, my addresses, all the important stuff that's private about me has been exposed. And it's on a website. They sent me a link. So I opened up this link in the Networkchuck cloud browser, because I don't know what this link is. I don't want to get hacked. It turns out I already was hacked. A site called contactout.com, just sitting there for anyone to access with all my information. What? So real quick, I want to talk about two things. First, how did they get my information? And two, how do I stop this from happening? I need a coffee break for this. One, getting my information is not that hard. At some point, I gave my information to someone, a company or whatever, and they got sold to a data broker. This happens to everyone. It's probably happened to you. Data brokers have your information. They have large swaths of databases full of everybody's information. You know what? They don't care about you at all, except for how much you're worth. And they sell that information to all these companies. That's the reason you get all those random stinking phone calls. Like how'd they get your number? These guys. You can thank them. Spam emails. And that's just the light version. Criminals can do things like get your social security number, open up loans in your name, credit cards, ruin your life. And it's not just data brokers. It could also be hackers. There's a thing called OSINT or open source intelligence. Hackers will use all kinds of advanced techniques, including AI to scour the web to find out information about you. Now, I just made a video about the biggest cyber threats we're facing in 2025. And one of the biggest ones is impersonations of you and your family. All they really need is personal information about you to make their deep fakes and AI chatbots sound more convincing. Okay. So number two, what do I sneak and do about it? Now I could go to this one website. This guy told me about send them an email, find a number. They didn't have one and request my information be removed. And they might do it. But then a year from now, they might get the information again and again and again. And they're not the only ones who might have it. Other websites might have it. What I don't, this can't be my full-time job. There's not enough coffee in the world. This is where the sponsor of this video comes in incognito. Now I've talked about them before that whole process of trying to get my data removed. They do that for me and they'll do it for you. Now I've had them up and running for a minute. Let me show you my dashboard. It's impressive. They have sent 354 removal requests, completed 327, saved me 245 hours. And what's cool is I haven't logged into this in a while. It just does it for me. I don't have to worry about it. Now, getting back to this website, this guy told me about, which by the way, thank you for telling me about it. And CogniMail has a new feature called custom removals, which I'm going to go through right now because I want my stuff removed. It's where a website may not be in their database of things to check for. So I can actually take that URL and submit a new request. And that's all I have to worry about. It's like having an amazing assistant. Not only will they reach out and take care of this for me, but they'll make sure I stay off of the list because they routinely check all these databases to make sure I don't show up again. So seriously, if you want to protect your identity and the identity of your family, check out incognito. I've got a link below incognito.com forward slash network check. And if you use my code network check, you'll get 60% off. I thank you to incognito for sponsoring this video and also keeping my data off the internet. Now back to the video. Well, after the Proxmox install, they do have a web GUI that you need to access to do things, install virtual machines, and that required network access. Now, currently this email board is not connected to any kind of network. So I have to plug in my laptop. Okay. I'm remoted into my laptop. Now I'll need to give it a static IP address because there's no DHCP server set up. I'll give it 10.62.1.7 something random. Okay. And okay. Let's see if we can ping our Proxmox server. There it is. And let's try to access the web interface port 8,006. And here we are. Yeah. That's Proxmox running on this little guy. I love it. Let's get logged in. I guess roots. And then I, did I send a password? Now time to set up our first virtual machine PFSense. And has it always been this much of a pain to download the ISO from PFSense or from Netgate? Rather you have to register an account, buy it for the zero cost. It is anyways. I have my ISO. I'll upload to the storage here in Proxmox done. And then I'll set up my VM, create a VM and the PFSense. Choose my ISO. I uploaded the wrong ISO. Pop OS. What the heck? Try this one more time. Oh, PFSense is much smaller. Nailed it. Now with the right ISO, let's make our VM. PFSense won't need much storage. I'll give it like 50 gigs. CPU. We've got four cores total on the Xema board. I'll do two cores. And then for memory, we'll do about three gigs of RAM. Now for networking, we're going to add both network interfaces here. And I'm realizing this might break some stuff for us. What am I going to do? We'll worry about that here in a second. And actually what we're going to do is do PCI pass through dedicating these NICs to PFSense and not just virtualizing it. I'll leave that there. We'll do that here in a bit. Now, what am I talking about? PCI pass through sharing NICs? Well, normally Proxmox. This is my Proxmox square because I'm too lazy to go grab the logo. It will control the network interface cards of the host system. So here's our Xema board and here's my very ugly ethernet ports. So whenever I provision a new VM in Proxmox, for example, PFSense, normally we might provision a virtual NIC for our VM to access. This is great because both Proxmox and the virtual machine can use the same network interfaces and we don't lose access. But here, that's not what I want to do. I want to skip Proxmox. I'm going to go over his head. I want to give PFSense direct access and control over these NICs. Now why do that? Better performance. The downside is that now Proxmox doesn't have any network interfaces and I can't access it. Okay, we'll finish that. It's creating the VM now. There it is. Let's go to hardware and let's add a PCI device. And we'll do a raw device and we'll do our first ethernet controller. Again, this will probably, ah, this might break what I'm doing right now. And that's exactly what happened. As I was setting this up, I very stupidly tried to assign both network interfaces to PFSense, forgetting that I will lose network access to Proxmox in the process. And that happened. This thing's making some weird noises. Let's be the fan. It's getting hella hot. I think I may have lost access to it. I did. I should have known that. So I had to access the console of Proxmox, delete the VM PFSense in order to get access again to Proxmox. All right, I'm just going to destroy it. We can always recreate it. QM destroy. I destroyed it. Give me my NICs back. All right, I'm rebooting. Okay, it's back up. Back in baby. Networking is fun. So at this point, it seems like I can't use both NICs for PFSense, but I still want to, and I'm going to, but thankfully I have this PCI ethernet card. I've got a PCIe little ethernet port for ethernet ports. Plug it in. No, it hated that. Hated that so much. I killed it. I'm sorry. So you can't hop plug in that sucker. And with these extra ports, I can dedicate one to a virtual Linux bridge and set up a new management network. Now, I don't want to do that long-term. I do want to remove this eventually. I'm going to try some magic here later to fix that. Let's trade out some ports. Try and guess which one is which over here. Not getting any link lights on this thing. Oh, there we go. Ah, we got it. Yes. Okay. So I should, in theory, be able to go to 10.63.1.10, port 8006, and we're golden. So now I can dedicate both of these physical NICs, the 2.5 gigabit to PFSense and maybe do something fun later for the management. But for now, we're stuck with this PCIe adapter, or not adapter, it's a card. Now let's add our VM. And now I'll add my PCIe devices or PCI devices. And there are so stinking many, which one's which? Oh, there's got to be a way to tell. Oh no, did not see this problem occurring. Now, another problem I ran into is that I could not figure out which ethernet ports were which in the Proxmox config. There really wasn't a strong indication. Thankfully, with a few commands, I learned from chat. Thank you. I figured it out and I was able to pass through both of those 2.5 gig NICs to PFSense. Yes. Now, of course we could have run PFSense bare metal straight onto our Xema board too. And that would have worked great. But with Proxmox, we get so many more options. Not only can we run other things besides just PFSense, but we can do snapshots of PFSense, take a backup of it when we need to make changes and all kinds of other networking magic. It's just fun. And I started the PFSense virtual machine setup, but then I ran into a really frustrating issue. Setting up PFSense involves setting up a WAN port, which will be the internet port and a LAN port for your local area network. The WAN is where I ran into a problem. The WAN is where I ran into a problem. That's what I felt like I wanted to say. Sorry. I set it up to receive an internal IP address from my studio via DHCP. All right. Let's try and guess the WAN port. Okay. WAN is plugged in. Why don't they have port numbers on this thing? I'm going to have to like write down with a Sharpie, which is the WAN and LAN. And by the way, this is connected to my current network. It's receiving an IP address from my DHCP server. It's going to be a private address, but it should still work. That should totally be fine. But it wasn't. For some reason, it wasn't receiving an address. No network connectivity at all. I tried for a minute, but it's five o'clock on a Friday. I threw my hands up, said I was done. And I said, you know what? That's a problem for Monday. Chuck could deal with. New day, new me. I ran into a problem and I gave it the weekend to let it just kind of sit. You know how that works. Essentially my PCI pass-through didn't seem to be quite working, even though I could see the NICs and PF sends. For some reason, I wasn't getting any real network access. What was the problem? I have no stinking idea. It was the weekend. Time passed. I rebooted the thing. And yes, I did that before, but for some reason today on Monday, it's working. I think I thought I was going to have to abandon this part of the project, but I'll do a full WAN on the full WAN full DHCP on the WAN. And then I'll set up my land. All right. Things are looking good. I'm so excited to get the setup continue. It's going to verify connection. This was not working before. Yes. And we'll do community addition on PFSense. We'll do default everything. Yes, yes, yes, yes, yes, yes, yes, yes. Here we go. Installing PFSense on a virtual machine on a little bitty Xenoboard 2. Um, I want the stable release. Try to get me to do beta. I'm not testing your stuff for you right now. I'll do it later. And it's done. Woo. And reboot. Why didn't it configure my land correctly? It's so frustrating. I did it through the GUI and it just went to default again. I'll do it later. So now in theory, I should be able to unplug my laptop from the Proxmox Nix and plug it into the LAN port over here and receive an IP address. And actually I should have to, um, go back to DHCP here. Okay. Okay. And we do have an IP address. So let's get to the default gateway here. 192.168.1.1. Here we go. PFSense. What's the default password? I think it's admin and PFSense. Try again. PFSense. Yeah. I actually have not set up PFSense in a long time. It's having to do things again. It's fine. Okay. PFSense is set up. Now time to install Snort. Snort will be our IDS IPS or intrusion detection and prevention system. Essentially it'll monitor whatever network interface we set and look for any nefarious traffic based on rules that we set. And I went through and enabled every rule I could, trying to add as much overhead so we can test this. I even signed up for a free Snort account, got my oinky code, and now we have all the rules. And then I set up my LAN interface, but did not enable it just yet. I want to test throughput with and without IDS IPS. Okay. Now we're at the point where I want to remove my PCI card. How am I doing that? I mean, it works fine for now, but I want to make this thing as portable as possible. I don't want this thing just jutting out its side. It's weird. So how can I do that while still being able to access and manage my Proxmox setup? Because right now the only two network interfaces I have are dedicated to PFSense. Proxmox can't touch them, which means I can't touch Proxmox yet. Here's how I'm going to overcome this. Here in Proxmox land. First, I'll create a new Linux bridge. Essentially it's a virtual network interface. I named it VMBR7 because I like the number seven. And I set up a new network, assigning it the IP address 10.64.1.10. And then here's the important part. I set up a gateway IP address. It's default gateway of 10.64.1.1. This right here will be PFSense. It just doesn't know it yet. We're going to assign this IP address to one of the interfaces on PFSense. And Proxmox will actually use PFSense as its default gateway. Kind of a weird inception thing. The very VM we set up on him will be the router he'll use for stuff. That sounded more epic in my head. So now that Linux bridge or virtual network interface set up, I then assigned it or set up a new network interface on my PFSense VM. With that interface created on PFSense, we can now access the PFSense interface. Notice it does see that interface. We can now set this up and I'll assign it the IP address 10.64.1.1. Now I did run into an issue. The issue was me. First I set the side of notation wrong, which is the shorthand version of the subnet mask. It was 32 needed to be 24 reflecting the entire 24 bit network. 32 bits means it was just that one IP address, which is not true. And then after adding a firewall rule that gave me access, boom, we did it. This should work. I was about to cry. You almost let me cry in this video. Now we can remove the PCI card. We don't need it anymore, but I'm too scared. So I'm not going to. It broke it when I plugged it in. So what's fun is we're running pretty much everything right now. Actually, we are running everything off this Zima board with a couple of SSDs attached. Now, looking back at Proxmox, let's look at our host here and go to our summary. And here's our usage right now. Using about 55% of RAM. CPU is almost nothing. Of course, we really have no network traffic right now. We're not doing anything. Now it's time to set up our Ubuntu virtual machine. And I'm going to give it a GUI too, which again is more resource intensive, but we're testing stuff here. I gave it two cores, three gigs of RAM, and I assigned it the new PFSense network that we just set up. 10.64.1.0 slash 24, the VNBR7. And this is cool because Ubuntu will use PFSense for all of its networking and routing needs. But I forgot to set up DHCP on that network. So I had to run into PFSense, enable DHCP. And after we got that configured, boom, Ubuntu had access. Kind of. Can we ping the gateway? We can't. Why? I ran into more issues. It's kind of a theme in IT. You'll experience it, but it's how we learn, right? Oh, we learned so much through troubleshooting. If everything worked, we would be stupid. Speaking of stupid, I realized it was my own firewall rule. I was only allowing TCP traffic, which wasn't allowing ICMP traffic or ping traffic, which is what I was using to test the interface, allowing any fix my issues. Again, it's amazing we're able to do all this on this little device. I know I keep saying that, but it kind of feels like magic, right? And just think about this. If you're trying to learn this stuff, the amount of things you can learn just by purchasing this, this alone, you're doing virtualization, networking, firewalls, security, Linux. I'm just, oh, so many things. The barrier to entry to learning tech is so low now. Now it's time for some throughput testing. Here's the setup. First, IDS, IPS, not enabled. And we're testing the connection between my Ubuntu VM inside Proxmox and my laptop, my physical machine. And again, the virtual machine Ubuntu is using the virtual machine PFSense as its network connection, as its router. It's connected via the virtual interface VMBR7. And then my laptop is physically connected to the LAN NIC on the PFSense. Actually, I lied. What I did do that you didn't see, because I was thinking about testing more physical hosts, is I added a little small unmanaged switch, but this turned out to be a very obvious limitation. We'll talk about it here in a bit, but here we go using iPerf to test. I want to run a lot. With this command, we're going to obliterate this host with 10 parallel streams for 30 seconds. Ready, set, go. And bam, up here, notice this. Here's our throughput, which we're getting up to about 100 megabits. Let's check our CPU. Yeah, PFSense is taking a hit. Ooh, 107%. Ouch. Okay. He's a little stressed out and we don't even have any kind of IDS IPS running right now. Yikes. Let's do it again for like 60 seconds. Ready, set, freak out. And we're going nuts. Woo. Dude, I'm going to lower that a bit to like, let's do four simultaneous streams because we're doing a small little lab here. Probably not going to have 10 hosts on this. Let's try it out. Doesn't matter. It's stressing that guy out. Taking a hit, but we're keeping our throughput pretty high. I mean, it's almost line speed, one gig. And that's all that really matters here. We are stressing it out a lot. Now getting back to my switch limitation, this little unmanaged switch is only a gigabit switch, meaning it's max speed per port is one gigabits per second. Remember the cool thing about the Xema board too? It has a two and a half gigabit port or two of those suckers. The switch is my bottleneck. So let's remove that switch and connect my laptop directly to the LAN port of my Xema board. Cause my laptop just so happens to have a two and a half gig port as well. I ran Iperf again and unsurprisingly, we had more throughput clucking in about 1.09 gigabits per second. And oddly enough, the CPU utilization was lower. Comment below why you think that is. Now it's time to test this with IDS and IPS. Back in PFSense land, I added my Proxmox VM network, 10.64.1.0.24 to Snort, added all the rules and enabled Snort on both interfaces and then ran my test. I'll just do 10 like I did before and let's see what we're getting. So wow. Okay. Definitely hitting the CPU like crazy, but okay. We're getting to the over gigabit speeds, but the CPU is taking a beating. Yeah, it's taking a hit. Let's stop it there. Let's do 15. See, has it calmed down yet? I don't know why I'm like trying to do this. So 15, here we go. CPU is crying. I'm going to watch VT net zero now to look at on the receiving end. We're seeing the same story though. Getting, getting about 1.10 gigabits per second. So far throughput hasn't been too bad with and without IDS and IPS enabled. I'm impressed. Sure. We're killing the CPU, but we're also doing more traffic than I would ever expect to do on this little device. Also keep in mind asterisk that we're sending a ton of clean traffic, meaning the ideas and IPS aren't going to freak out about it, but the overhead is still there. And that's what we're testing. Now I want to throw some containers out. So currently right now, as it stands, we have a firewall router running all of our stuff with IDS IPS enabled. We also have an Ubuntu virtual machine with three gigs of Ram. And right now our system is pretty taxed on Ram. At least we may be able to squeeze in some containers, especially running LXC containers here in Proxmox. It's going to have lower overhead than you might see with Docker. So we'll go to create CT for container. I'll call it my little buddy set a password. I've actually never set up an LXC container before here in Proxmox. So we're learning this together. You need a template. What does that mean? We probably need those. Let's figure out how to do that. Oh, here we go. So under the same place we have ISOs and go to CT templates and let's go to templates. Oh, they have some already. What do we want? We'll throw in some Rocky Linux. How about that? All right. I selected it. How do I download it? Where's the button to download? Am I missing it? Let's enlarge the screen. Oh yeah. There we go. It was just hidden. All right. Download Rocky Linux template. Oh, and it's downloaded the image, I think too. Okay. That's done. So now if I go create a CT, name it my little buddy, select our template. Yeah. I'll give it eight gigs of space. I'll give it 15. I'm feeling generous. We'll give it one core. We really can't spare anymore. Memory's fine. It's going to be a container and we'll put that on our PFSense network and that should be it. Let's start it after created and finish. It's telling me it's done. A little coffee break to celebrate. And he's alive right there. Let's go check him out. My little buddy. Yeah. I got the console. I think it'll be root. Yeah, we got it. What's your IP address? He's on the network. Can I ping another host? Perfect. I'm picking my laptop here and tell you what, on my little buddy container, I'm going to run Pyhole. So I'll install it real quick. If you don't know what Pyhole is, it's a great DNS server and it does amazing things for ad blocking. And I believe that could run that inside PFSense. If I went to packages, see Pyhole. Oh, yeah, maybe not. I take that back. Oh, Pyhole does not like Rocky Linux. So let's set up a Ubuntu container. So like right now, my system, it's being pegged, but it's not crazy. Let's create another one. I'm going to grab another template. All right, this time I'll do Ubuntu, create a container, call this Pyhole. And no, Pyhole does not have a ready-built container for things like LXC. And I could just run Docker on my Ubuntu VM that I have, but I want to put it through its paces here. Okay. Pyhole is running. I've got a console. Let's get logged in. Let's update. I don't have a network connection yet. Oh, it's not set to DHCP. What are you doing over here? Okay. Now we have an IP address. Now we can update. And now we can install Pyhole. After we install curl, let's check our performance right now. Still, it's not crazy. I mean, like we're at the top end in our RAM, but these little containers aren't going to kill it. All right, the IP address is 102. I'll go to my PFSense and change all DNS to point to 102. Save that, apply, do the same thing on my other networks here. Apply. And I should be able to access my Pyhole login. 1064.1.102. There it is. What's my password? Oh, it tells me right there. Z-M-I-U-N. All right. And things are moving along. Check this out. In my dashboard, I'm seeing queries blocked and stuff. Yes. Things are working. And you know, my system's not dying. This is not bad at all. So here's my verdict. I love this thing. It's not the most powerful SBC. This could be a portable app. I mean, really, I don't even need this PCI card that I have with it. All I need is an external hard drive and that's it. This thing can run Proxmox, PFSense, containers, VNs. I've got a full network running right now with IDS and IPS enabled. That's fun. I could probably push it further, but the one limitation we have is RAM. I wish there was an easy way to upgrade the RAM here. I don't know if there is. I don't think there is. That's the biggest limitation here. If I just had 16 gigs of RAM, this thing would be amazing. And maybe they will come out with a model with 16 gigs of RAM. But right now, I don't know. Hey, Network Shuck from the future here again. They did talk about a 16 gig model, which they did not send me. I think that one is probably the way to go. If you're looking to do something like I did in this video, I could have really used the eight gigs of extra RAM. Now, let me know your thoughts below. What do you think of the Xema Board 2? Will you add this to your lab? Will this be your travel lab? I think I actually might use this as my travel lab, or if anything, use it as an air-gapped network, meaning it's not touching my other networks. I can just plug in an access point into this. Actually, I could run a unified controller on this as a container, plug in an AP, and have a little air-gapped Wi-Fi network. Anyways, that's all I got. I'll catch you guys next time.