Re: [Soekris] Want to build a router
Bill Maas [EMAIL PROTECTED] wrote: On Fri, 2008-05-23 at 12:51 -0400, Stephen Brown Jr wrote: You may find that you prefer one of the BSDs. I was just sitting here playing with OpenBSD and it's been a hair raising experience so far :/ Maybe this will reassure you: tho OpenBSD approach towards new (Linux) users seems to be that only if you manage to get past the BSD disklabel and the least user-friendly implementation of fdisk in existence, areth thou worthy of operating our Softe Ware. The fdisk implementation is easy. Just answer 'yes' to 'Do you want to use the hwole disk?' and you don't even have to look at it. And, if you want to create multiple partitions, it isn't hard to figure out. That is, if you already understand the concepts (the same ones that you may have worked with using fdisk under DOS.) The disklabel implementation is somewhat tedious, until you know some of the shortcuts documented through examples in the install faq (faq4) Which you apparently have, so congratulations;). The good news is that after that, in OpenBSD everything is infinitely more intuitive and simple than it is with Linux. Amen brother. ___ Soekris-tech mailing list Soekris-tech@lists.soekris.com http://lists.soekris.com/mailman/listinfo/soekris-tech
Re: [Soekris] Want to build a router
Although one of my favorite distros, IMO pfSense just won't make it on the 4501 any more. I don't know how either of them will fare on the 4801, I run pfSense on a couple of Net4801 units - they do quite well for my usage, including the newest 1.2 release. One of them is a full NAT/ firewall occasional VPN server for my home-office LAN, the other is doing routing-only (firewall turned off) on a WISP with about 45 clients. And sorry... no spares from me - I still need 'em! ;) Sean Murphy [EMAIL PROTECTED] On 22-May-08, at 10:04 PM, RB wrote: I notice nobody has suggested a net4501. Although older and slower, it is fairly capable and would probably cover your needs for a basic router. m0n0wall 1.2 runs pretty well on the 4501, but 1.3 just about exceeds he 4501's resources last I checked (during beta) when you try to do anything useful. Although one of my favorite distros, IMO pfSense just won't make it on the 4501 any more. I don't know how either of them will fare on the 4801, but if anyone wanted to send me a spare unit to test... :) I've become pretty attached lately to putting OpenWRT on my 4501s, other than the raw CPU frequency they're actually pretty high in the specifications it normally runs on. Given that you already have the rest of the infrastructure and are just going to be routing for a residential network, the 5501 probably would be overkill, but would give you more flexibility and future. If you need to cut it closer, the 4801 will still be a long-term friend. ___ Soekris-tech mailing list Soekris-tech@lists.soekris.com http://lists.soekris.com/mailman/listinfo/soekris-tech ___ Soekris-tech mailing list Soekris-tech@lists.soekris.com http://lists.soekris.com/mailman/listinfo/soekris-tech
Re: [Soekris] Want to build a router
On Thu, May 22, 2008 at 04:08:40PM -0400, Stephen Brown Jr wrote: I'm new to this platform, and embedded computing as well and I want to build a router for my home network. Right now I'm using Smoothwall on an old Gateway system. I'd like to stay with that, or maybe try pfsense or possibly roll my own using Debian. I run a small network with about 3-5 machines which includes a webserver, an iMac, two laptops, and another linux desktop. I also have a dedicated switch and WAP. Based on my needs, what would be the best Soekris solution to get? Is your need to make an embedded box just to replace the firewall, or an embedded box to perform the webserver function as well? If it's the former, and you have a very tight budget, you could look at using OpenWrt on a compatible consumer access point like the Buffalo WHR-G54S (around $50). It has 4MB flash, 16MB RAM, a MIPS processor, a 5-port VLAN-capable switch and 802.11 wifi, and uses squat power. OpenWrt is a compact Linux distro, so your firewalling would be iptables. The main advantages of going the Soekris / Alix / RouterBoard route are, depending on the model you choose: - larger flash space (e.g. interchangable CF card) - internal hard drive support - PCI and/or miniPCI expansion slots - familiar i386 platform, so you can use the same distro as your desktop systems It's up to you which of these points are important to you, and hence whether you are prepared to pay for them. If you are just looking for a learning experience, then OpenWrt has a lot to offer. After downloading, just a simple 'make' will build the entire environment, including all the cross-compiling tools. You can then install your choice of packages using 'ipkg install ...'. And it's not just for MIPS; you can build it for the Soekris too. HTH, Brian. ___ Soekris-tech mailing list Soekris-tech@lists.soekris.com http://lists.soekris.com/mailman/listinfo/soekris-tech
Re: [Soekris] Want to build a router
Hi Stephen, I was in the same situation as you previously a few years ago. I bought a net4801 and have found it more than powerfull enough for my 20mbit internet cable connection, it also has a Wirlesless Atheos card in it and so acts as the WAP as well. Whilst I had previously a good knowledge of Linux and FreeBSD, I decided to go for OpenBSD becuase of its security standpoint, I really believe it is the best option for this application. Otherwise if you want something like Smoothwall, you may want to take a look at M0n0wall, which is based on FreeBSD but uses the same packet filter (Firewall) application as OpenBSD which is very well respected. I am very impresed with both the net4801 and OpenBSD as a combination and would happily recommend it to anyone else, with a bit of Googling it is very easy to get started and get OpenBSD installed on a Soekris. Thanks Adam. On Thu, May 22, 2008 at 9:08 PM, Stephen Brown Jr [EMAIL PROTECTED] wrote: I'm new to this platform, and embedded computing as well and I want to build a router for my home network. Right now I'm using Smoothwall on an old Gateway system. I'd like to stay with that, or maybe try pfsense or possibly roll my own using Debian. I run a small network with about 3-5 machines which includes a webserver, an iMac, two laptops, and another linux desktop. I also have a dedicated switch and WAP. Based on my needs, what would be the best Soekris solution to get? I'm interested in the Net5501 but I feel it might be slightly overkill for what I need and it is a bit pricey Also, are there any guides out there on setting up linux, pfsense, or smoothwall on these devices? tnx Stephen ___ Soekris-tech mailing list Soekris-tech@lists.soekris.com http://lists.soekris.com/mailman/listinfo/soekris-tech -- Adam Retter Software Pimp Extraordinaire ___ Soekris-tech mailing list Soekris-tech@lists.soekris.com http://lists.soekris.com/mailman/listinfo/soekris-tech
Re: [Soekris] Want to build a router
Wow some awesome responses!!! Thanks guys! Seems like the consensus says that the 4801 is an obvious choice for me, I may focus my sights on that. Still not sure what firewall solution I am going to use yet, I'll admit I'm a little Debian biased, but playing with BSD may be advantageous as well seeing as how both my desktop and laptop are Mac's :) Thanks to everyone that responded, I'm going to start shopping for a Net4801 and hope to get one soon. I'll undoubtedly have some more questions as time marches on! Thanks all, Stephen On Fri, May 23, 2008 at 4:30 AM, Adam Retter [EMAIL PROTECTED] wrote: Hi Stephen, I was in the same situation as you previously a few years ago. I bought a net4801 and have found it more than powerfull enough for my 20mbit internet cable connection, it also has a Wirlesless Atheos card in it and so acts as the WAP as well. Whilst I had previously a good knowledge of Linux and FreeBSD, I decided to go for OpenBSD becuase of its security standpoint, I really believe it is the best option for this application. Otherwise if you want something like Smoothwall, you may want to take a look at M0n0wall, which is based on FreeBSD but uses the same packet filter (Firewall) application as OpenBSD which is very well respected. I am very impresed with both the net4801 and OpenBSD as a combination and would happily recommend it to anyone else, with a bit of Googling it is very easy to get started and get OpenBSD installed on a Soekris. Thanks Adam. On Thu, May 22, 2008 at 9:08 PM, Stephen Brown Jr [EMAIL PROTECTED] wrote: I'm new to this platform, and embedded computing as well and I want to build a router for my home network. Right now I'm using Smoothwall on an old Gateway system. I'd like to stay with that, or maybe try pfsense or possibly roll my own using Debian. I run a small network with about 3-5 machines which includes a webserver, an iMac, two laptops, and another linux desktop. I also have a dedicated switch and WAP. Based on my needs, what would be the best Soekris solution to get? I'm interested in the Net5501 but I feel it might be slightly overkill for what I need and it is a bit pricey Also, are there any guides out there on setting up linux, pfsense, or smoothwall on these devices? tnx Stephen ___ Soekris-tech mailing list Soekris-tech@lists.soekris.com http://lists.soekris.com/mailman/listinfo/soekris-tech -- Adam Retter Software Pimp Extraordinaire ___ Soekris-tech mailing list Soekris-tech@lists.soekris.com http://lists.soekris.com/mailman/listinfo/soekris-tech
Re: [Soekris] Want to build a router
* Stephen Brown Jr wrote: Wow some awesome responses!!! Thanks guys! Seems like the consensus says that the 4801 is an obvious choice for me, I may focus my sights on that. Still not sure what firewall solution I am going to use yet, I'll admit I'm a little Debian biased, but playing with BSD may be advantageous as well seeing as how both my desktop and laptop are Mac's :) If you go with Debian, don't use the latest version, the latest versions of any software are usually not so stable. I suggest take a Debian from like mid-2007 or early-2008. oh, and use ssh and certificates to secure your communications... ssh-keygen on your Debian will happily create your security certs. ___ Soekris-tech mailing list Soekris-tech@lists.soekris.com http://lists.soekris.com/mailman/listinfo/soekris-tech
Re: [Soekris] Want to build a router
On May 23, 2008, at 5:43 AM, Marc Balmer wrote: If you go with Debian, don't use the latest version, the latest versions of any software are usually not so stable. I suggest take a Debian from like mid-2007 or early-2008. oh, and use ssh and certificates to secure your communications... ssh-keygen on your Debian will happily create your security certs. Cheap shot :) http://www.debian.org/security/2008/dsa-1571 ___ Soekris-tech mailing list Soekris-tech@lists.soekris.com http://lists.soekris.com/mailman/listinfo/soekris-tech
Re: [Soekris] Want to build a router
I saw that the other day, at least they fixed it quickly :D On Fri, May 23, 2008 at 9:06 AM, Trevor Talbot [EMAIL PROTECTED] wrote: On May 23, 2008, at 5:43 AM, Marc Balmer wrote: If you go with Debian, don't use the latest version, the latest versions of any software are usually not so stable. I suggest take a Debian from like mid-2007 or early-2008. oh, and use ssh and certificates to secure your communications... ssh-keygen on your Debian will happily create your security certs. Cheap shot :) http://www.debian.org/security/2008/dsa-1571 ___ Soekris-tech mailing list Soekris-tech@lists.soekris.com http://lists.soekris.com/mailman/listinfo/soekris-tech
Re: [Soekris] Want to build a router
Been spending the afternoon reading about PF, it's really grabbed my attention! I think I'm going to play with this some more this weekend, looks extremely robust. I also found NSH on the flashdist site that was mentioned earlier, that looks pretty good as well. On Fri, May 23, 2008 at 3:15 PM, Chris Babcock [EMAIL PROTECTED] wrote: Stephen Brown Jr wrote: You may find that you prefer one of the BSDs. I was just sitting here playing with OpenBSD and it's been a hair raising experience so far :/ I set up a basic install in Vmware and the install was a little tricky, but I managed to get it. OpenBSD may be a little more for me to swallow right now as I'm only familiar with linux, but I'm not going to give up just yet. Does OpenBSD use iptables just like linux for packet filtering? Are there any good front ends for it? (I really like Firehol, Shorewall, or a web based frontend) Nope, OpenBSD uses a system called pf. You should be able to find some pretty good documentation out there on setting it up. I'm not sure about good GUIs for it, but in my experience it has far more readable syntax than iptables. You may not need a GUI or wrapper once you get familiar with the syntax. Also, you may want to read a bit about IPFilter which is the system used by FreeBSD/NetBSD. There are a lot of similarities between pf and IPFilter, and many of the same concepts are applicable to both. An example page for pf can be found here: http://www.openbsd.org/faq/pf/example1.html ___ Soekris-tech mailing list Soekris-tech@lists.soekris.com http://lists.soekris.com/mailman/listinfo/soekris-tech ___ Soekris-tech mailing list Soekris-tech@lists.soekris.com http://lists.soekris.com/mailman/listinfo/soekris-tech
Re: [Soekris] Want to build a router
On Fri, 23 May 2008 12:51:54 -0400 Stephen Brown Jr [EMAIL PROTECTED] wrote: Does OpenBSD use iptables just like linux for packet filtering? Are there any good front ends for it? (I really like Firehol, Shorewall, or a web based frontend) Try pf: http://www.openbsd.org/faq/pf/ http://en.wikipedia.org/wiki/PF_(firewall) Of course, it's also available on FreeBSD... I don't know about front ends for it. Regards, -Farid. ___ Soekris-tech mailing list Soekris-tech@lists.soekris.com http://lists.soekris.com/mailman/listinfo/soekris-tech
[Soekris] Want to build a router
I'm new to this platform, and embedded computing as well and I want to build a router for my home network. Right now I'm using Smoothwall on an old Gateway system. I'd like to stay with that, or maybe try pfsense or possibly roll my own using Debian. I run a small network with about 3-5 machines which includes a webserver, an iMac, two laptops, and another linux desktop. I also have a dedicated switch and WAP. Based on my needs, what would be the best Soekris solution to get? I'm interested in the Net5501 but I feel it might be slightly overkill for what I need and it is a bit pricey Also, are there any guides out there on setting up linux, pfsense, or smoothwall on these devices? tnx Stephen ___ Soekris-tech mailing list Soekris-tech@lists.soekris.com http://lists.soekris.com/mailman/listinfo/soekris-tech
Re: [Soekris] Want to build a router
On Thu, May 22, 2008 at 04:08:40PM -0400, Stephen Brown Jr wrote: I'm new to this platform, and embedded computing as well and I want to build a router for my home network. Right now I'm using Smoothwall on an old Gateway system. I'd like to stay with that, or maybe try pfsense or possibly roll my own using Debian. I run a small network with about 3-5 machines which includes a webserver, an iMac, two laptops, and another linux desktop. I also have a dedicated switch and WAP. Based on my needs, what would be the best Soekris solution to get? I'm interested in the Net5501 but I feel it might be slightly overkill for what I need and it is a bit pricey Also, are there any guides out there on setting up linux, pfsense, or smoothwall on these devices? tnx Have you thought about getting a Soekris 4-port lan card, plugging it into your old computer and running pf on OpenBSD as your router/firewall? Stephen ___ Soekris-tech mailing list Soekris-tech@lists.soekris.com http://lists.soekris.com/mailman/listinfo/soekris-tech ___ Soekris-tech mailing list Soekris-tech@lists.soekris.com http://lists.soekris.com/mailman/listinfo/soekris-tech
Re: [Soekris] Want to build a router
Well I'm looking to get away from my old PC and jump into an embedded platform because I think it will be challenging, fun and educational while fullfilling a need at the same time, and I already have a dedicated switch so the 4 port card wouldn't help me. I have been running Smoothwall for a couple of years now with no hiccups, but would really like to try out building my own. The Net5501 looks like a nice platform, but it's not cheap and I want to justify the costs, not sure if I would take full advantage of all it's capabilities. [EMAIL PROTECTED] wrote: On Thu, May 22, 2008 at 04:08:40PM -0400, Stephen Brown Jr wrote: I'm new to this platform, and embedded computing as well and I want to build a router for my home network. Right now I'm using Smoothwall on an old Gateway system. I'd like to stay with that, or maybe try pfsense or possibly roll my own using Debian. I run a small network with about 3-5 machines which includes a webserver, an iMac, two laptops, and another linux desktop. I also have a dedicated switch and WAP. Based on my needs, what would be the best Soekris solution to get? I'm interested in the Net5501 but I feel it might be slightly overkill for what I need and it is a bit pricey Also, are there any guides out there on setting up linux, pfsense, or smoothwall on these devices? tnx Have you thought about getting a Soekris 4-port lan card, plugging it into your old computer and running pf on OpenBSD as your router/firewall? Stephen ___ Soekris-tech mailing list Soekris-tech@lists.soekris.com http://lists.soekris.com/mailman/listinfo/soekris-tech ___ Soekris-tech mailing list Soekris-tech@lists.soekris.com http://lists.soekris.com/mailman/listinfo/soekris-tech
Re: [Soekris] Want to build a router
For a home network a few megabits of Internet connectivity, anything modern would be overkill, especially as you already have a dedicated switch and wireless AP. If you're just building a one-off personal machine and want to save a few bucks, there's nothing wrong with buying one of the end of life Net4801's (check eBay). I've been building firewalls with OpenBSD for many years, but am just getting started this year with Soekris, and found http://wiki.soekris.info to be a good resource for Soekris-specific questions, and http://www.daemonforums.org/ for firewall and networking questions for any Unix-like OS. And if you do decide to go with OpenBSD, there are several good print books on the subject. For my personal deployment (and for my F500 employer), I decided to go with an embedded platform after several machines failed solely due to moving parts. I justified a Net5501 as my latest 'home' firewall because that's the platform we're deploying on a large scale for work, and I can make good use of the extra capacity by running more than just a packet filter, for example, running Squid (caching to RAM only, not to disk) directly on the firewall. Kevin ___ Soekris-tech mailing list Soekris-tech@lists.soekris.com http://lists.soekris.com/mailman/listinfo/soekris-tech
Re: [Soekris] Want to build a router
--- Stephen Brown [Thu, May 22, 2008 at 07:46:24PM -0400]: --- Well I'm looking to get away from my old PC and jump into an embedded platform because I think it will be challenging, fun and educational while fullfilling a need at the same time, and I already have a dedicated switch so the 4 port card wouldn't help me. amen, brother. all about the hack. if you want challenging, fun and educational, get the 5501, find a 4801, doesn't matter, get a Soekris box with some rj45 ports and install OpenBSD. configure and run a filtering bridge. you'll learn all kinds of really cool things about layer 2, and from there you just work your way up the stack. and you'll be doing on a 4.4BSD-based UNIX-like operating system. how's that for challenging, fun and educational? I have been running Smoothwall for a couple of years now with no hiccups, but would really like to try out building my own. The Net5501 looks like a nice platform, but it's not cheap and I want to justify the costs, not sure if I would take full advantage of all it's capabilities. well only you can decide how much you want to spend, but remember it's all in the name of education... ___ Soekris-tech mailing list Soekris-tech@lists.soekris.com http://lists.soekris.com/mailman/listinfo/soekris-tech
Re: [Soekris] Want to build a router
On Thu, 22 May 2008, jmc wrote: --- Stephen Brown [Thu, May 22, 2008 at 07:46:24PM -0400]: --- Well I'm looking to get away from my old PC and jump into an embedded platform because I think it will be challenging, fun and educational while fullfilling a need at the same time, and I already have a dedicated switch so the 4 port card wouldn't help me. amen, brother. all about the hack. For me it turned out to be all about the quiet. I got the 5501 to replace an ailing 486/66 tower as my home firewall. I planning to repair the 486 and use it for something else, even purchased the parts, but it is so much quieter in here with it off that I may never get to it. -Jed ___ Soekris-tech mailing list Soekris-tech@lists.soekris.com http://lists.soekris.com/mailman/listinfo/soekris-tech
Re: [Soekris] Want to build a router
On Thu, May 22, 2008 at 04:08:40PM -0400, Stephen Brown Jr wrote: I'm new to this platform, and embedded computing as well and I want to build a router for my home network. Right now I'm using Smoothwall on an old Gateway system. I'd like to stay with that, or maybe try pfsense or possibly roll my own using Debian. I run a small network with about 3-5 machines which includes a webserver, an iMac, two laptops, and another linux desktop. I also have a dedicated switch and WAP. Based on my needs, what would be the best Soekris solution to get? I'm interested in the Net5501 but I feel it might be slightly overkill for what I need and it is a bit pricey I use a net5501 running OpenBSD as my home router. The CPU usually runs at about 98% idle and it uses about 50MB of RAM. It is definately overkill. I think your could go with a net4801 if you want to. Also, are there any guides out there on setting up linux, pfsense, or smoothwall on these devices? http://wiki.soekris.info/Main_Page tnx Stephen -- Sean Malloy www.spmalloy.com PGP KeyID: 0x13EEB747 ___ Soekris-tech mailing list Soekris-tech@lists.soekris.com http://lists.soekris.com/mailman/listinfo/soekris-tech
Re: [Soekris] Want to build a router
On May 22, 2008, at 1:08 PM, Stephen Brown Jr wrote: I'm new to this platform, and embedded computing as well and I want to build a router for my home network. Right now I'm using Smoothwall on an old Gateway system. I'd like to stay with that, or maybe try pfsense or possibly roll my own using Debian. I run a small network with about 3-5 machines which includes a webserver, an iMac, two laptops, and another linux desktop. I also have a dedicated switch and WAP. Based on my needs, what would be the best Soekris solution to get? I'm interested in the Net5501 but I feel it might be slightly overkill for what I need and it is a bit pricey I notice nobody has suggested a net4501. Although older and slower, it is fairly capable and would probably cover your needs for a basic router. However, it does not support HDs, and from what I can tell pfsense and smoothwall have abandoned 486-class systems with 64MB RAM. m0n0wall supported the net45xx originally, but I can't tell if it still does; the site contradicts itself. This could make getting a 4501 to do what you want either an interesting challenge, or just too much work. Also, are there any guides out there on setting up linux, pfsense, or smoothwall on these devices? There's a wiki that has collected various info: http://wiki.soekris.info/ ___ Soekris-tech mailing list Soekris-tech@lists.soekris.com http://lists.soekris.com/mailman/listinfo/soekris-tech
Re: [Soekris] Want to build a router
I notice nobody has suggested a net4501. Although older and slower, it is fairly capable and would probably cover your needs for a basic router. m0n0wall 1.2 runs pretty well on the 4501, but 1.3 just about exceeds he 4501's resources last I checked (during beta) when you try to do anything useful. Although one of my favorite distros, IMO pfSense just won't make it on the 4501 any more. I don't know how either of them will fare on the 4801, but if anyone wanted to send me a spare unit to test... :) I've become pretty attached lately to putting OpenWRT on my 4501s, other than the raw CPU frequency they're actually pretty high in the specifications it normally runs on. Given that you already have the rest of the infrastructure and are just going to be routing for a residential network, the 5501 probably would be overkill, but would give you more flexibility and future. If you need to cut it closer, the 4801 will still be a long-term friend. ___ Soekris-tech mailing list Soekris-tech@lists.soekris.com http://lists.soekris.com/mailman/listinfo/soekris-tech