Slashdot Mirror

A full blown mini mainboard with serial, parallel, video, audio and usb ports, much more RAM and processing power, compact flash, mini-pci and pci slots, etc. plus a powerful wifi mini-pci card. It's not N, for now, but who cares? The day you need N it will just be a matter of shelling out 20-40$ to get a new mini-pci card that supports it.
Call me when these open routers' prices drop to $25. Today everything above $50 is a complete ripoff.

Disclaimer: I'm not affiliated in any way with that shop. I just have been a very happy customer in the past when my company needed some embedded boards and after a good search on the net we ended up purchasing some of their their old WRAP systems to develop wireless stuff and firewalls.

Using the PC Engines ALIX platform - http://www.pcengines.ch/alix.htm an Atheros based AR5413 802.11abg 500mW mini-PCI card
External omni-directional antenna
8GB CF card
rugged case
Sprint USB card
External cellular antenna
Ubuntu 8.10

Picture here (opened) http://www.flickr.com/photos/dougnaka/3921609717/
I think costs were about $500, but would probably be under $300
I've had one in my car for the past couple months, and it's been constant, roving Wifi.
Don't take the Sprint cards to Canada though, $5k in one month roaming fees isn't fun ;)

http://www.pcengines.ch/alix.htm

http://www.soekris.com/

http://h10010.www1.hp.com/wwpc/us/en/sm/WF05a/15351-15351-3328412-241644-241475-1121516.html

You have been able to get serial over TCP/IP for a while too, and Intel even build it in to some boards:

http://software.intel.com/en-us/articles/using-intel-amt-serial-over-lan-to-the-fullest/

Now stop being a retard and google your own fucking links.

After running a fire-breathing Celeron 2.5GHz as router/fileserver/torrentbox/freepbx for a few months, I finally bit the bullet and picked up a soekris net5501 and installed pfsense and freeswitch on it. My firewalling and phones run right at well under 20 watts.

Of course that leaves me without fileserver or torrentbox, but an inexpensive alix or fit pc running freenas will fill that role nicely.

m0n0wall has ipv6 support. Just get a cheap router like Alix

It's not this fast, but PC Engines will sell you a Geode-based device that can do that (or run on, IIRC, 8-20VDC.) Some of their computers just run on 12V, so look around to see which is which.

I've used Geode systems in tiny little ALIX boxes that measure about 6"x6"x1" and then installed pfSense on them for firewall duties.

They work great and have enough grunt to push 50-80Mbps. More than enough for your typical internet connection. With better NICs (the ones embedded on the ALIX don't do much in the way of CPU offload or interrupt mitigation) it could push more. And they do this while drawing about 4 watts. Yeah, seriously!

CPU power is a bit lacking if you need to push a bunch of VPN traffic, but if you do, a cheap Sempron based system will push a lot of VPN traffic while drawing only about 30w total if you build it right.

PC Engines are another option.

Meh, the software catalog was always a bit limited. I mean, OK, they had Bonk's Adventure - but how does that measure up against the likes of Sonic the Hedgehog, Super Mario Brothers, or Rockman?

PC Engines are another option. Their boards are very similar to the Soekris ones, but easier to find in Europe. They run OpenBSD (and FreeBSD/Linux) very nicely.

We were talking about USB-sticks, right?

I'm talking about USB disks.

All these things mean nothing when you're over at a someone elses computer and just want to copy a friggin' file from or to the stick.

Some of them don't matter, some of them do matter. However when I am using the disks on my own system, all of those things do matter. And you can't suddenly change the file system at that point.

FAT will work every time.

Unless the files are larger than 4GB. And if you don't copy the files from the USB disk, but instead use them directly from the disk, then the performance will be what you can get from FAT.

Any other filesystem will simply not work on some of the computers that you come across without installing extra drivers.

For that reason I keep a small FAT partition on the beginning of each USB disk, where I can put the drivers. But maybe I should just start bringing a small Linux machine along with my USB disks, then I know it will work, and from a security perspective it is also better. Will of course only give me 100Mbit/s, which is about half the speed of a USB disk, but I suppose I can live with that.

One of these, running OpenBSD. They only draw 7W, so leaving them turned on all of the time is pretty cheap. I used to use an old PC, but it was costing over £100 per year in electricity.

If power is the issue, just buy a cheap embedded system http://www.industrial-embedded.com/products/search/fm/id/?33411 or http://www.pcengines.ch/alix3c3.htm and put Linux on it.

I like the way you think. alix2c3 uses 6 Watts - a little more with a VPN card installed. I agree on keeping the wireless devices separate, they're just not gonna be rock solid.

I only reboot my router when the power goes out in my house (a few times a year?). I use a PC Engines WRAP board running monowall and it is rock solid. It is pretty green using only ~1.5W. http://www.pcengines.ch/ Soekris makes similar boards. http://soekris.com/ Monowall rules. http://m0n0.ch/wall/

This really feels like a neat piece of tech just LOOKING for a market. The linked website doesn't say anything about fitting a laptop hardrive or anything inside of it. It just says "flash card". So it can't store much, but it DOES have ethernet ports.

So is this thing pointing itself at the Soekris or W.R.A.P boards then (these devices are both aimed at embedded firewalls, and wireless access points)? It really doesn't look that way.

So you've basically got yourself a little box, with a flash card slot in it, and some ethernet ports on it. It doesn't have a very big Processor, or a much RAM.

So what, really, is the point of this thing?

could a hacked Linksys router running something like Sveasoft firmware work?

You're going to need a lot more memory and/or some place to put these logs. (Searching around it looks like depending on your rules and amount of traffic, Snort can occupy over 200MB of RAM, bad news for a linksys with a few MB and no swap) You might do better with something like a PC Engines or a Soekris device, either of which come with a lot more RAM and a CF slot (or you can use a 2.5" IDE drive). Keep in mind that while running from an IDE drive might be easier to setup, it'll cost more power and heat.

Otherwise, you're going to want to come up with some criteria other than "all network traffic".

There is also the WRAP which was replaced with the ALIX board from PCEngines. I use one of those with PfSense. Works great.

There is also the WRAP which was replaced with the ALIX board from PCEngines. I use one of those with PfSense. Works great.

for the similar Alix products see also http://pcengines.ch/ (mini-itx and even smaller, may also be used for router applications, there are special linux and bsd distros for he devices)

The ALIX board looks almost identical and it's very cheap. Even after adding a hard disk and a cabinet the price tag should be much smaller than the fit-pc.

Note: I'm in no way paid by or affiliated to pcengines.ch, just a very happy customer who set up some firewalls and wlan repeaters in the past with their WRAP boards.

If you want a firewall, why not pick up something like this from PC Engines (or its successor, the ALIX, with the same processor in TFA), or one of the Soekris equivalent, with up to four network adaptors. Both of these have a miniPCI slot which can take a crypto accelerator for offloading VPN stuff from the CPU, and both are very well supported by OpenBSD.

Cheers! Are you a Manuel Kasper disciple too? I just upgraded my 3-year old net4501, developed with Manuel's old MiniBSD notes, to a PC Engines WRAP 1.E board, also running FreeBSD 6.2 on a 32 MB flash.

Both the Soekris and the WRAP are the most fun routing platforms I've ever played with. Of course, at $300, its not as cost-effective as a WRTG54L but much more of a learning experience.

I know routers like the WRT54GL v1.1 choke after 64 or so connections.

pfSense is quite capable of running on either Soekris SBCs or PC Engine WRAPs, which to use your phrase, are both "small, quiet and wireless!" ;) Granted, the WRT54s are cheaper, but both the Sokeris and WRAP boards offer more flexibility.

you could also use a WRAP board from http://www.pcengines.ch/wrap.htm,
and no i don't work for them but i've installed mine yesterday and plan to use another one at work.

A bit more than $100, but less than $150, and a lot less if you buy them in bulk. I paid a little over £50 for mine, which is about $100, but that was on eBay...

A bit bigger than that, but I've got me a http://pcengines.ch/ WRAP, 3x100MBit, 1xSerial, 233Mhz Pentium-I-compatible processor, 128MB Ram, MiniPCI-slot and a Compact-Flash slot. Make a perfect firewall.

Humf. I have a third gen WAP-54G (I believe SveaSoft & co. only work for gen1 and gen2) and bricked it repeatedly before figuring this out. I originally bought the thing because I don't (or want) a wireless router--the WAP is hanging off the third interface of my PCEngines WRAP running M0n0wall.

That thing is a bit more expensive than the WRT, but M0n0 is such an awesome firewall distro that it's worth it.

You could also do it all yourself. Get this, a MiniPCI card, an antenna and a Compact-Flash card and off you go. It's basically a standard PC with CF as IDE and a custom BIOS redirected to console.

It's fanless and thus zero-noise and uses 7W. I love it.

Why isnt anyone selling this?

Whilst Ralink & prism54 cards work great under Linux, the madwifi drivers for Atheros are not bad at all. They are under really heavy development at the moment, so I do expect some glitches - I found that one version of the CVS snapshot worked perfectly for me, whilst the next week's failed completely - but madwifi has some killer features which are quite a bonus if you can use them. I guess it's the open-drivers & these features that made PC Engines choose atheros cards as standard options for their embedded PC boards which they pitch as a "Wireless Router Application Platform".

Specifically with madwifi-ng you can use an Atheros card in master mode, have your PC as a base-station, and you can have multiple virtual access-points (VAPs), each assigned a different interface. Thus you can have trusted clients connecting via WEP to one VAP and allow open-access for unencrypted access to another VAP (using a single wireless card), but firewall the second VAP using iptables so that clients using it can only access the internet and not the LAN. Finally, madwifi also supports 802.11a as well as b&g with appropriate hardware (and there are a few cards out there that do a/b/g); I guess that not many people need this feature, but I can see it would be useful if there's a lot of b/g/cordless-phone interference in your area &/or if you just want a point-to-point link for connecting two office LANs and you'd prefer it to be a little off the radar.

Ralink's rt2500 might be a better chipset for someone who is coming from Windows and who just wants to install Ubuntu, but I wish I could get more of the Atheros cards (at the right price). If you're prepared to compile your own drivers & tinker a little bit to get it working then Atheros is surely the best wireless chipset for Linux available right now.

Ned.

DON'T use tinc, CIPE, vtun or PPTP!

http://www.cs.auckland.ac.nz/~pgut001/pubs/linux_v pn.txt

Really, OpenVPN must be the best thing since sliced bread. Runnable as non-user, chrootable, interfacing with standard tun/tap devices, certs. None of the complexity of IPsec. I love it.

My 266MHz Geode WRAP can handle 6Mbps which is enough to connect a LAN wirelessly. Faster boxes should handle more than that, despite someone else saying 5Mbps would be a limit.

I'd also recommend the PC Engines WRAP line. I have one in a 6"x6"x1" box, and it boots happily from a compact flash card. It has two mini-PCI slots, one of which has an 802.11a/b/g card (antenna mounted on the case, four antennae supported) and the other will gain a crypto accelerator at some point.

Just in case anyone else was curious, here is there price list in USD (they are a Swiss outfit):

http://www.pcengines.ch/order1.php?c=4

Short version:
2 LAN / 2 miniPCI / 128MB = $130
3 LAN / 1 miniPCI / 128MB = $136
1 LAN / 2 miniPCI / 64 MB = $115
1 LAN / 2 miniPCI / 128MB = $122

Not bad, actually. Although if you have the space, you can get a surplus 1U rackmount server for not much more than that, as I recently found out.

I mean, nobody has ever built a small low-powered PC based on a Geode chip before...

The only thing that's really novel about this is the integrated video, and having some (possibly lobotomized version of) Windows pre-installed. Otherwise, this isn't exactly a remarkable technological development.

Also seconding the "how could they make this and not include a display" question. The boards I cited above are intended for embedded development, and I've never used a monitor on any of them. (I've got probably fifty of them, all running various customized Linux and BSD distributions, scattered over four counties in my network. They're intended to be used that way, which is why they don't even have a VGA port.)

Seriously, once you add a monitor, you're pretty close to low-end Dell pricing, which gives you a computer with roughly 20 times the raw horsepower, and a lot more versatility, so I suppose they're marketing this to the "omg computers are scary" crowd. Best of luck on that. I'd like to think at this point the American public is smarter than this, but I'm probably setting myself up for another disappointment.

CF cards are compliant to ATA specs. Interfacing them to and IDE port requires no logic.

http://pcengines.ch/cflash.htm

Ditto the postfix bit. I have used it for several small companies, and it runs beautifully. Spam filtering (blacklists, spamassassin, greylisting) works nicely, you can easily view statistics via munin or something similar, and there are a ton of log analysis scripts and proggies out there.

My preferred combo is FreeBSD + Postfix with TLS/SMTP (for "outside" clients) + Dovecot secure imap + OpenSSL + Openwebmail. If you absofuckinglutely must, you can drop this setup in a DMZ or third interface of a PCEngines WRAP box running M0n0wall and have it talk to an exchange server in your "inside" network. That way the monkeys can use MAPI, although you'll probably run into problems with different mail spools and all that.

For added fun, some decent PHP-based groupware like PHProjekt or PHPGroupware is a nice touch.

As for redundancy, do nightly incrementals, use a decent RAID-5 controller (adaptec 2810SA or equivalent) with hot standby and don't forget to use hard drives from different lots, and maybe mirror your drives to another box if you're paranoid (I've never needed to do this but if you're really worried you can do RAID-10. Also don't forget to have a secondary MX that will actually deliver mail (can be a backup hot standby mail server that's just a mirror image of your primary) and a tertiary MX that just queues mail until you're up and running again.

I'm assuming, of course, that you're willing to do this in-house. Get good support contracts (despite what people say, I've had good experiences with Dell) and hardware warranties, make a complete backup of your system once you've installed it and before putting it online.

To conclude, I have absolutely no problem whatsoever with an entirely homebuilt freeware-based solution, assuming you have (a) good backups, (b) redundancy as described above, and (c) hardware support contracts from your vendors. That's the only thing I would not ever skimp on.

If the PC you use only eats 90W, it's only a minor change to the math.

The 90W box is my desktop with a 3D card, 1 gig of RAM and 2 HDs. Wasn't the talk about PCs acting as routers? The 30W box is more appropriate to the discussion. It's old, it has no graphics card, 64M RAM, one HD, 2 NICs.

Running 30W 24/7 is way more reasonable than running 100W continuously. Although personally, I'm going the 6W, yet with the power of a BSD route.

I use WRAP with NetBSD.

Compact Flash based, 3x Ethernet + MiniPCI slot, drawing ~5W, totally silent. Love it.

The WRT54G might be a nice piece of hardware. But I still like my WRAP more. It has a Compact Flash slot and, most importantly, a serial port.

I find a WRT54G extremely cumbersome to use without a low level access port and the danger of wrecking the device by uploading a wrong firmware.

With the WRAP, I can prepare "firmware" images on an extra computer, I can even test-boot them in a virtual machine and then transfer them straight to a CF card knowing that there is no way the device will ever get inoperable due to a bad OS image (except flashing a wrong BIOS, which sits in a separate area outside of any compact flash card).

Speaking of BIOS, there even is a BIOS update for WRAP with included Etherboot to boot an OS over the net, yay!

The WRT54G might be a nice piece of hardware. But I still like my WRAP more. It has a Compact Flash slot and, most importantly, a serial port.

I find a WRT54G extremely cumbersome to use without a low level access port and the danger of wrecking the device by uploading a wrong firmware.

With the WRAP, I can prepare "firmware" images on an extra computer, I can even test-boot them in a virtual machine and then transfer them straight to a CF card knowing that there is no way the device will ever get inoperable due to a bad OS image (except flashing a wrong BIOS, which sits in a separate area outside of any compact flash card).

Speaking of BIOS, there even is a BIOS update for WRAP with included Etherboot to boot an OS over the net, yay!

Well, there are a couple of options I can think of off-hand that will run on 12V and would be convenient to power, but they aren't powerful and probably wouldn't be suitable for a jukebox application. I'm talking about the WRAP (http://www.pcengines.ch/wrap.htm) and maybe the Soekris net4801 (http://www.soekris.com/net4801.htm). Definitely more suited towards simple applications such as networking, but they do at least have serial ports, miniPCI and compactflash support built-in.

I am currently consulting for a large drug company; I was asked to help evaluate and deploy a small firewall device to protect networked diagnostics equipment at customer sites. The device had to be
-small
-cheap (less than ca.$250)
-robust
and a whole slew of other qualities, including having to work in an environment where ca. 3,000 boxes could be easily managed individually, by non-technical field service staff (as there's no chance of central management access to customer nets.)

We settled on M0n0wall running on a PCEngines WRAP board, after evaluating a pretty extensive number of commercial and a few open source products or packages.

I was really impressed by the openness that this (mainly Microsoft) shop showed towards this sort of thing--I encountered none of the "but if it's proprietary it's more secure" or "if it's proprietary, we have someone to sue" garbage you often get from management. There are good reasons to pick commercial, non-open software products, but these are entirely dependent on the companies that sell them.

In addition, what I really appreciated about this client was their willingness to put the developer on retainer while he finishes his studies, and to kick him some cash for time spent making changes, 3rd level support, etc. The guy who wrote M0n0 is a really superb and bright individual, and it's great to see a large company sponsor such people (plus it's costing them absolute peanuts.)

Their 2-NIC model (for use as firewall) goes for $140.

Their flash is not overpriced either ($17.25 for 128MB CF).

I run OpenBSD on one of those, so I am pretty sure NetBSD should run on them too.

M0n0wall is great. Hardware-wise I would strongly recommend a PCEngines WRAP board (WRAP 1D-2) instead of the 4501. We're deploying these on a grand scale, and they are amazingly robust (and cheap--$150-ish.)

As for the M0n0 VPN component, you don't even need static IPs on each end (just on the central location assuming you have a star configuration), as long as it's the branch offices initiating the connection.

it's here but you're right - it wouldn't really do what you want because it won't do wireless (not easily anyway)

There is a good list of small embedded linux devices at (strangely enough) linux devices which should help you out.

One that isn't on that list but which looks pretty much perfect is the meshcube

but there's also the Wireless Router Application Platform which looks pretty interesting and is actually affordable without any expensive developer kit required

HTH

Nice post :-)

Just for yuks, you might want to consider M0n0wall. I'm evaluating it for a client right now, and it's very impressive (BSD-based with a good PHP interface.) I'm running it on a PCEngines WRAP 1C-2 board (cheaper & faster than Soekris) and it works a charm (I ditched my cantankerous PC firewall for this a while ago.)

One tricky bit is booting. LILO can't find your kernel if you use Software RAID 5, which leaves you in a bit of a chicken and egg scenario (you want to put your kernel on a RAID 5 partition for the same reason as everything else, presumably). What I did was buy a 16MB compact flash card and a $15 CF TO IDE adapter from Here. I then put the kernel on the CF card and used syslinux as the boot loader. Works like a charm.

Also, as others have said, you may be SOL if you're using hardware raid, the controller dies 3 years down the line, and the manufacturer isn't willing or is unable to get you a replacement. eBay can be a life saver in this situation, but having gone through that I don't care to do it again.

I'm using Software RAID 5 with 5 SCSI disks and I've been VERY happy with the performance and reliability.

I have an old Packard-Bell (woo, brand name!) Pentium 120 standing around, since I replaced it as my firewall with a PCEngines box running M0n0wall. Runs FreeBSD beautifully, and you get not one, but three network cards with it.

Provided someone comes and picks it up, that is. This great product comes for the low low price of...nothing!

All this, and I'll even throw in a keyboard, mouse and 15" CRT monitor. And for a limited time only, I'll include a set of FreeBSD boot floppies. One caller only, special offer expires...as soon as someone takes the f'ing thing away.

What's wrong with me digging that old celeron-400 out of the corner, installing smoothwall on it, and shoving it away in the cupboard to serve out it's days?

Well, nothing, obviously, and many of us would no doubt do that rather than (or as well as ;) spending money. But... this little box draws no more than 5W power. That's certainly an argument my significant other can understand at electricity-bill time...