Tito Mari Francis H. Escaño wrote on 11/24/16 13:15:
Hi everyone,
Can somebody please recommend me a firewall appliance that can run OpenBSD and
pf, and can be upgradeable to the latest version? It would be a great plus if
the appliance can also be configured as part of CARP firewall group. pfSense
with FreeBSD doesn't cut it :)
I would highly recommend the Lanner embedded or network appliances. I
bought a FW-7541 and a LEC-2280 back in 2012. I installed OpenBSD on an
SSD in each. I've upgraded to every release since with zero issues.
I use the FW-7541 for my firewall/gateway, which also runs dhcpd, httpd
(hosts OpenBSD sets/packages for the LAN), nsd, spamd, unbound, and
tftpd (PXE booting). I think I paid about $400 for the Intel Atom CPU
D525 @ 1.80GHz with 4GB RAM back in 2012, not including the SSD. It
works awesome and can be found here:
http://www.lannerinc.com/products/x86-network-appliances/desktop/fw-7541
However, it looks like the FW-7541 has been replaced by the FW-7525:
http://www.lannerinc.com/products/x86-network-appliances/x86-desktop-appliances/fw-7525
I also bought another Lanner, the LEC-2280, for my main application server:
http://www.lannerinc.com/products/embedded-box-pcs/industrial-automation/lec-2280
I did contact Lanner support with an OpenBSD question shortly after
setting them up. They were able to help. However, at that time, the
engineer said they employed a couple of people who were familiar with
OpenBSD, but basically they just made sure they were able to boot the
latest OBSD release; not much assurances beyond that. However, I now see
they have added OpenBSD and FreeBSD as officially supported OSes on some
of their models.
I originally bought these two machines because of their fanless design
and low power consumption. My meter measures 9-13W of power consumption
for the the FW-7541.
If you can instal OBSD yourself and configure everything from the
command line, I would highly recommend one of the Lanner desktop network
appliances. I use the uplcom Prolific Technology Inc. USB-Serial
Controller to access the console for administrative tasks like upgrades
and backups.
Here is the dmesg for my FW-7541 firewall:
OpenBSD 6.0 (GENERIC.MP) #2: Mon Oct 17 10:22:47 CEST 2016
r...@stable-60-amd64.mtier.org:/binpatchng/work-binpatch60-amd64/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 4267245568 (4069MB)
avail mem = 4133445632 (3941MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xfbea0 (22 entries)
bios0: vendor American Megatrends Inc. version "080016" date 08/03/2012
acpi0 at bios0: rev 0
acpi0: sleep states S0 S1 S4 S5
acpi0: tables DSDT FACP APIC MCFG OEMB HPET GSCI
acpi0: wakeup devices P0P1(S4) PS2K(S4) PS2M(S4) USB0(S4) USB1(S4)
USB2(S4) USB3(S4) EUSB(S4) P0P4(S4) P0P5(S4) P0P6(S4) P0P7(S4) P0P8(S4)
P0P9(S4) HDAC(S4) USB4(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Atom(TM) CPU D525 @ 1.80GHz, 1800.26 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,NXE,LONG,LAHF,PERF,SENSOR
cpu0: 512KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 7 var ranges, 88 fixed ranges
cpu0: apic clock running at 200MHz
cpu0: mwait min=64, max=64, C-substates=0.1, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Atom(TM) CPU D525 @ 1.80GHz, 1800.00 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,NXE,LONG,LAHF,PERF,SENSOR
cpu1: 512KB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 1 (application processor)
cpu2: Intel(R) Atom(TM) CPU D525 @ 1.80GHz, 1800.00 MHz
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,NXE,LONG,LAHF,PERF,SENSOR
cpu2: 512KB 64b/line 8-way L2 cache
cpu2: smt 1, core 0, package 0
cpu3 at mainbus0: apid 3 (application processor)
cpu3: Intel(R) Atom(TM) CPU D525 @ 1.80GHz, 1800.01 MHz
cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,NXE,LONG,LAHF,PERF,SENSOR
cpu3: 512KB 64b/line 8-way L2 cache
cpu3: smt 1, core 1, package 0
ioapic0 at mainbus0: apid 4 pa 0xfec00000, version 20, 24 pins
acpimcfg0 at acpi0 addr 0xe0000000, bus 0-255
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (P0P1)
acpiprt2 at acpi0: bus 2 (P0P4)
acpiprt3 at acpi0: bus 3 (P0P5)
acpiprt4 at acpi0: bus 4 (P0P6)
acpiprt5 at acpi0: bus 5 (P0P7)
acpiprt6 at acpi0: bus 6 (P0P8)
acpiprt7 at acpi0: bus 7 (P0P9)
acpicpu0 at acpi0: C1(@1 halt!)
acpicpu1 at acpi0: C1(@1 halt!)
acpicpu2 at acpi0: C1(@1 halt!)
acpicpu3 at acpi0: C1(@1 halt!)
"PNP0501" at acpi0 not configured
acpibtn0 at acpi0: PWRB
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel Pineview DMI" rev 0x02
inteldrm0 at pci0 dev 2 function 0 "Intel Pineview Video" rev 0x02
drm0 at inteldrm0
intagp0 at inteldrm0
agp0 at intagp0: aperture at 0xd0000000, size 0x10000000
inteldrm0: msi
inteldrm0: 1024x768
wsdisplay0 at inteldrm0 mux 1: console (std, vt100 emulation)
wsdisplay0: screen 1-5 added (std, vt100 emulation)
"Intel Pineview Video" rev 0x02 at pci0 dev 2 function 1 not configured
ppb0 at pci0 dev 28 function 0 "Intel 82801H PCIE" rev 0x04: msi
pci1 at ppb0 bus 2
em0 at pci1 dev 0 function 0 "Intel 82574L" rev 0x00: msi, address
00:90:0b:30:31:10
ppb1 at pci0 dev 28 function 1 "Intel 82801H PCIE" rev 0x04: msi
pci2 at ppb1 bus 3
em1 at pci2 dev 0 function 0 "Intel 82583V" rev 0x00: msi, address
00:90:0b:30:31:11
ppb2 at pci0 dev 28 function 2 "Intel 82801H PCIE" rev 0x04: msi
pci3 at ppb2 bus 4
em2 at pci3 dev 0 function 0 "Intel 82583V" rev 0x00: msi, address
00:90:0b:30:31:12
ppb3 at pci0 dev 28 function 3 "Intel 82801H PCIE" rev 0x04: msi
pci4 at ppb3 bus 5
em3 at pci4 dev 0 function 0 "Intel 82583V" rev 0x00: msi, address
00:90:0b:30:31:13
ppb4 at pci0 dev 28 function 4 "Intel 82801H PCIE" rev 0x04: msi
pci5 at ppb4 bus 6
em4 at pci5 dev 0 function 0 "Intel 82583V" rev 0x00: msi, address
00:90:0b:30:31:14
ppb5 at pci0 dev 28 function 5 "Intel 82801H PCIE" rev 0x04: msi
pci6 at ppb5 bus 7
em5 at pci6 dev 0 function 0 "Intel 82583V" rev 0x00: msi, address
00:90:0b:30:31:15
uhci0 at pci0 dev 29 function 0 "Intel 82801H USB" rev 0x04: apic 4 int 23
uhci1 at pci0 dev 29 function 1 "Intel 82801H USB" rev 0x04: apic 4 int 19
uhci2 at pci0 dev 29 function 2 "Intel 82801H USB" rev 0x04: apic 4 int 18
ehci0 at pci0 dev 29 function 7 "Intel 82801H USB" rev 0x04: apic 4 int 23
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
ppb6 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0xf4
pci7 at ppb6 bus 1
pcib0 at pci0 dev 31 function 0 "Intel 82801HBM LPC" rev 0x04
pciide0 at pci0 dev 31 function 1 "Intel 82801HBM IDE" rev 0x04: DMA,
channel 0 configured to compatibility, channel 1 configured to compatibility
pciide0: channel 0 disabled (no drives)
pciide0: channel 1 ignored (disabled)
ahci0 at pci0 dev 31 function 2 "Intel 82801HBM AHCI" rev 0x04: msi,
AHCI 1.1
ahci0: port 2: 3.0Gb/s
scsibus1 at ahci0: 32 targets
sd0 at scsibus1 targ 2 lun 0: <ATA, TS8GSSD25S-S, V090> SCSI3 0/direct
fixed t10.ATA_TS8GSSD25S-S_0028887500AB_
sd0: 7627MB, 512 bytes/sector, 15621984 sectors
ichiic0 at pci0 dev 31 function 3 "Intel 82801H SMBus" rev 0x04: apic 4
int 17
iic0 at ichiic0
spdmem0 at iic0 addr 0x51: 4GB DDR3 SDRAM PC3-10600 SO-DIMM
usb1 at uhci0: USB revision 1.0
uhub1 at usb1 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb2 at uhci1: USB revision 1.0
uhub2 at usb2 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb3 at uhci2: USB revision 1.0
uhub3 at usb3 "Intel UHCI root hub" rev 1.00/1.00 addr 1
isa0 at pcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com0: console
pckbc0 at isa0 port 0x60/5 irq 1 irq 12
pckbd0 at pckbc0 (kbd slot)
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
wbsio0 at isa0 port 0x2e/2: W83627DHG-P rev 0x73
lm1 at wbsio0 port 0xa10/8: W83627DHG
uplcom0 at uhub1 port 2 "Prolific Technology Inc. USB-Serial Controller
D" rev 1.10/4.00 addr 2
ucom0 at uplcom0
vscsi0 at root
scsibus2 at vscsi0: 256 targets
softraid0 at root
scsibus3 at softraid0: 256 targets
root on sd0a (933314fe7939104b.a) swap on sd0b dump on sd0b
