Re: [Hampshire] Firewall hardware

Top Page

Reply to this message
Author: Gordon Scott
Date:  
To: Hampshire LUG Discussion List
Subject: Re: [Hampshire] Firewall hardware
On Thu, 2014-12-11 at 18:04 +0000, Bob Dunlop wrote:
> On Thu, Dec 11 at 11:07, Gordon Scott wrote:
> >
> > That was my thinking with the LinITX units. Three NICs on a lightweight
> > fanless x86 for ??140. The ones at that price are all out-of-stock at
> > present, though. I hope that's just temporary. Two NICs at sub ??100.
>
> Be warned the LX800 is a really gutless Geode processor.
> Think 500MHz Pentium with no real cache.


That should still be plenty to handle an ADSL2+ line.
My main fileserver is only a 600MHz Via x86 ITX box.

> Buy a MicroTik RouterBoard from the same site. If you don't like
> the supplied software the most of them will run debian. At least
> we have several running debian in the office, don't know how easy
> it was to install, didn't do the install myself. A lot are listed
> on OpenWRT as well. MIPS processor core I believe.


That's definitely very useful to know.

I'd stopped considering the RouterBoards, primarily because of too many
choices and too little detail. LinITX's idea of what constitutes a
specification is appalling.

Your comments prompted me to look again and further. MicroTik's
routerboard.com site gives much more information.

My specific needs/desires were PPPoA and/or PPPoE for the ADSL, IPv6
with firewalling and ideally three NICs so I can physically isolate the
DMZ. Even the lower cost boards appear(!) to do the first two. The 2011
series have two NICs each with a switch, so should do the third.

_Probably_ a 600MHz MIPS is better suited to firewall/routing than the
Geode.

> Myself I'd go with an ARM based board like the IPC-SAMA5D35 from
> armdevs.com. $140 plus postage/customs. Two ethernet ports one
> of the Gigabit and loads of extras. My main reason being I've
> programmed them at work so know the ins and outs, so I guess
> really it's go with what you are comfortable with.


Nice board-set, though by the time one's added postage, VAT and a
housing, it's getting quite costly. Two NIC's and no switches, so also
doesn't do the third above.

If one's happy to get that close to the hardware, one of these could
also be a candidate:
https://www.olimex.com/Products/SOM/AM3352/AM3352-SOM-EVB/open-source-hardware
60 Euros, two NICs, Debian/Android, again no housing.

The big advantage for me with the pre-built complete routers is that if
they just work sanely out of the box, that's great. If they don't do all
I need, a reprogrammable version based on a Linux/FreeBSD certainly
should. I'd prefer the former to the latter.

Gordon.


--
Please post to: Hampshire@???
Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire
LUG URL: http://www.hantslug.org.uk
--------------------------------------------------------------