Slashdot Mirror

I've had m0n0wall running on a soekris board with over a year of uptime....probably the most viable "prosumer" router I know of.

its not cheap but I think its worth it. the hardware, that is. the software is free (freebsd m0n0wall).

a high res photo of mine:

http://www.flickr.com/photos/linux-works/1655498926/sizes/o/

link to its product page: http://www.soekris.com/net5501.htm

its fanless, its very low power, its fast booting, it uses throw-away (seriously!) compact flash cards to boot from and the model I have has quite a few ethernet ports (admittedly, 10/100 and not gig-e; but its a wan gateway, not really a lan-router).

its gui is nice and clean, it pretty much works and the system's uptime is months and months. I think the last time my UPS ran down when the power failed, that's the last time the thing needed a reboot.

there is also a wireless option for this (it has a regular pci slot, too).

soekris is a small company and I do recommend people consider them for their embedded networking devices. (I'm just a customer, but I'm local and I drove down to where the comany is located and bought my unit in person. it was cool to see such a small operation turn out such a nice set of small fanless bsd-capable systems.)

You may be thinking of Soekris Engineering. I run OpenBSD on a Soekris net4501 and I've had wonderful uptime with no problems. http://www.soekris.com/ http://www.caseybanner.ca/2007/08/19/hackback-1-soekris-router/

What I wonder, though, is whether there's a middle ground: a "pro-sumer" router. Maybe somebody has got some suggestions.

Here's two: Soekris, Mikrotik/Routerboard.

Couldn't you do a low heat/low power CPU that doesn't need active cooling, RAM, and a USB thumb-drive to boot off of?

If you're really serious about having a good router with excellent uptime, runs Linux, doesn't use much power, you can build yoursel, and has no moving partsf, I'd recommend the the following configuration (this is what I run at my house with zero problems:

• Soekris Net4521
• CM9 (Atheros) Wireless card (if wireless is desired)
• Pyramid Linux

Load a CF card with Pyramid Linux, pop it into the CF slot on the Soekris board, ssh into it, configure to your liking and away you go. I've been running one of these guys for years w/no problems (other than the ones I created thru experimentation ;) ). I have a firewall script setup utilizing QoS that gives all of my 'interactive' application-based traffic higher priority over my 'bulk-download' traffic. I can completely max out my upload/download with FTP/Bittorrent/usenet/etc and still have zero lag while I'm gaming/browsing/etc.

I run 2 VOIP adapters, one for NextAlarm, and the other for iTaklBB for local and international calls.
m0n0 has a very good traffic shaping configuration tool. When configured properly it will always grant the highest priority to the VOIP ports. And set P2P traffic as bulk/hated status. Even giving you good performance for web,im,etc without having to shape it as it falls in the everything else category.
Even under full load, several torrents running, ReplayTVs sending shows, it has never given me a problem.

You can even get it in a nice power saving box at Soekris
Write the m0n0 image to a CF card and you are ready to go. With it's very intuitive web interface you will be up and running without having to learn any command lines, etc.
Any old PC with a couple NICs and a bootable CD or USB flash will work too, but in the long run the PC will cost you about $15/month in power.

There are many howtos etc at http://m0n0.ch
I can't recommend it more. I have deployed dozens of these to replace underpowered routers and pretend firewalls.

One thing you will need to learn is how NAT and Rules work on this FW. You first need to create NATs for incoming ports that you want open. During the NAT creation process there is an option to auto-add it to the firewall Rules to make it easier. But creating a NAT alone without a Rule will not allow incoming traffic. Plenty of tutorials are on their site.

you could use them as the basis for your own set-top boxes, routers, and things like that, or even just a small, low-power, inconspicuous server.

Ever heard of Soekris? That's what you are asking for....

You'd advise hosting a serious website on an ADSL line + consumer router?

My website is hosted in exactly that configuration, so I can't really talk, but then it's only public insofar as you don't get 403s on most of it - I run soley for my own benefit. But I still don't like being behind that unknown Netgear firmware - I'm replacing my router with a Soekris running Debian as soon as I have enough spare cash to buy one.

This embedded system, this wifi card, this antenna, a >= 64 MB Compact Flash card, and Pyramid Linux should solve that problem for you.

I'm thinking about adding another 5501 in the same case for firewalling, routing and providing wireless for the rest of my network.

Power usage is minimal, it is *completely* silent (no fans) and it has been proven to be rock solid.

More info at Soekris or kd85.

Disclosure: I'm just a happy customer.

For exatly those reasons, and the fact that we don't have a basement, so the machine makes noise in our office room, I want to go Soekris. Small, silent, power efficient. It's a bit more expensive than your solution though...

I'm not arguing the case of embedded applications--though I WOULD point out my other post to this article which mentions devices like Soekris http://www.soekris.com/ which are x86, powerful, and small.

No doubt some/many embedded devices benefit greatly from non-x86. X86 is very steadily improving. Part of this is for sure because of Intel+AMD research divisions and fabs. What I'm saying is, the "why" is irrelevant.

How can you say that x86 is relatively inferior when compared to ARM, performancewise? Show me an ARM that competes with the latest offerings from AMD or Intel? It's all theory! Incidentally, I've read papers analyzing relative performance that suggest the modern ia32/ia64 architectures actually benefit from their hybrid risc/cisc design in terms of optimizing the flow of microops.

Depends on what exactly the definition of embedded device is, but Soekris (http://www.soekris.com/) and a number of competitors are quite popular. Very cool products, all of them.

I'm currently designing a system using one to monitor weather + soil conditions in my garden.

Just as a point of reference, I have a Soekris net4801-60 connected to a USB-audio adapter, PCI USB2 card and external USB hard disk, and this machine plays MP3s just fine. It was a little bit of a gamble when I purchased the hardware, since I did not know if it was fast enough, but I did some tests using mpg123 on a similar machine (AMD K6) and it handled MP3 playback just fine. I briefly thought I was in trouble when I discovered that the USB-audio device could only playback audio at 48KHz, but surprisingly, the Soekris is fast enough even to upsample 44KHz to 48KHz and play it back. It works well as long as I don't do big network transfers while I am playing music. BTW, the box runs OpenBSD, not Linux-- more out of familiarity on my part than technical merit. We're talking about a 586-class machine here, so I suspect that the machines in the article will do MP3 playback just fine. Ogg, I don't know-- I don't use it.

This really feels like a neat piece of tech just LOOKING for a market. The linked website doesn't say anything about fitting a laptop hardrive or anything inside of it. It just says "flash card". So it can't store much, but it DOES have ethernet ports.

So is this thing pointing itself at the Soekris or W.R.A.P boards then (these devices are both aimed at embedded firewalls, and wireless access points)? It really doesn't look that way.

So you've basically got yourself a little box, with a flash card slot in it, and some ethernet ports on it. It doesn't have a very big Processor, or a much RAM.

So what, really, is the point of this thing?

could a hacked Linksys router running something like Sveasoft firmware work?

You're going to need a lot more memory and/or some place to put these logs. (Searching around it looks like depending on your rules and amount of traffic, Snort can occupy over 200MB of RAM, bad news for a linksys with a few MB and no swap) You might do better with something like a PC Engines or a Soekris device, either of which come with a lot more RAM and a CF slot (or you can use a 2.5" IDE drive). Keep in mind that while running from an IDE drive might be easier to setup, it'll cost more power and heat.

Otherwise, you're going to want to come up with some criteria other than "all network traffic".

If you really want to tinker around with Linux as a home NAT/Firewall device, you would love the Soekris NET4801 or NET5501 boxes.

I have one (I have no financial relationship with them other than customer) and I really love it. Very low power, 4GB flash card (up to 8 now I think), 1GB of RAM, no fans, no noise and if I want to I can put a large USB external drive (or small laptop drive inside) to do NFS/SMB/ETC.

All that and the wonder of Linux IPTables, routing, NATting, OpenVPN, OpenSSH for around $300. I replaced an old P3 box I had been using as a router and my power bill thanks me every month. :)

Also, each unit ships with a free pudding!! (Warning: Pudding may be evil.)

If you really want to tinker around with Linux as a home NAT/Firewall device, you would love the Soekris NET4801 or NET5501 boxes.

I have one (I have no financial relationship with them other than customer) and I really love it. Very low power, 4GB flash card (up to 8 now I think), 1GB of RAM, no fans, no noise and if I want to I can put a large USB external drive (or small laptop drive inside) to do NFS/SMB/ETC.

All that and the wonder of Linux IPTables, routing, NATting, OpenVPN, OpenSSH for around $300. I replaced an old P3 box I had been using as a router and my power bill thanks me every month. :)

Also, each unit ships with a free pudding!! (Warning: Pudding may be evil.)

If you really want to tinker around with Linux as a home NAT/Firewall device, you would love the Soekris NET4801 or NET5501 boxes.

I have one (I have no financial relationship with them other than customer) and I really love it. Very low power, 4GB flash card (up to 8 now I think), 1GB of RAM, no fans, no noise and if I want to I can put a large USB external drive (or small laptop drive inside) to do NFS/SMB/ETC.

All that and the wonder of Linux IPTables, routing, NATting, OpenVPN, OpenSSH for around $300. I replaced an old P3 box I had been using as a router and my power bill thanks me every month. :)

Also, each unit ships with a free pudding!! (Warning: Pudding may be evil.)

I can imagine that many here will have a hard time seeing the utility of a device like this because it doesn't have the horsepower for gaming or 3D rendering.

Are you new here? Most of us see a use in such machines. Heck, I'm a notorious dumpster diver, and specs like this are a "gem find" for me. Consider this: it's a kickass small server for the price. Sure, it won't run a whole corporate network, but if it's relatively quiet, I could run a fileserver on it (replace the 60Gig with something bigger)... A nice firewall (not sure if one can add a second NIC), or simply a nice computer for the kids. After all it comes in cheery colours, and they can run an x-session to the home server for more heavy duty stuff.

People around here love things like Soekris boards or Gumstix modules and you should have read the enthousiasm about the EEE PC. For 200$ (135€), I'd buy one without thinking. Heck, I'll take three!

Have you considered a linux based router using a flash card for the storage, and the Soekris net4801 board? I have one for my home router (Debian, FYI) and it uses a very low amount of power. For me, generally on the order of 10 watts.

http://www.soekris.com/net4801.htm

There's a newer, higher powered 5501 board if I recall correctly but the 4801 performs routing, firewalling and OpenVPN for me quite nicely.

Does it run FreeBSD?

Probably not but you could likely port it. Or... Soekris" has a nice package that runs a variety of FOSS OSes and is very power friendly. A friend uses OpenBSD and has quite good success with it.

"The current Mac Minis are useless as dedicated firewalls as they only have one NIC."

The Fit PC doesn't make a great router/firewall either. It has a hard drive. Something that wears out. For 24/7 operation a compact flash solution like on a Soekris box is better for this role. Plus you get more ports, is expandable with a 3.3V PCI and Mini PCI. And most of the Soekris boxes cost less than the Fit PC too.

If you want a firewall, why not pick up something like this from PC Engines (or its successor, the ALIX, with the same processor in TFA), or one of the Soekris equivalent, with up to four network adaptors. Both of these have a miniPCI slot which can take a crypto accelerator for offloading VPN stuff from the CPU, and both are very well supported by OpenBSD.

Soekris has a whole lineup of single-board machines with this processor. The prices are pretty reasonable, and they have cases and a some accessories. Netgate makes wireless hardware kits for Soekris aystems. Soekris made the hardware for the MIT RoofNet project.

Have you seen the benchmarks on that box? 26 Mbit/s, which was achieved by downloading a large file from the other machine onto /dev/null on the net4801. TWENTY SIX MEGABITS. Are we living in 1996? That's the kind of performance I would expect out of a $10 router from frys, not a $200 router running linux.
I was looking for a router to put in front of a colo server, as much as I like the idea of the Soekris board, performance like that is pretty much a joke.

I had been wondering when a tiny computer with 2 ethernet ports and decent CPU would come out.

Some years ago? The only advantage I see to this unit is that it's black (instead of green), and it offers video output, none of which may or not be useful or appropriate.

That said, it's good to see other product offerings in the market.

Dude, you are truely clueless. This isn't a competitor with the XO-1. The is a competitor for the Soekris board (re: http://soekris.com./

The price is right in line with Soekris' new top-end system, though a little underpowered. But it does have a video display.

The real question is whether this new system supports serial console in the BIOS. That's a big plus for the Soekris board. These types of boxes are perfect for secure servers for small outfits.

With OpenBSD, Soekris has been the best firewall around. I also have one as a mail server, running all the RBL add-ons to Postfix, along with spamassasin and recently I added domainkeys. Next up is DKIM.

My Soekris box is a little underpowered at 266 MHz. But this mailserver has been SUPERB for my own needs. I get a couple thousand email messages per day, plus about 1000 SPAM attempts per day. Almost no SPAM gets though, and what little does is about to be tuned out.

I'm thinking about upgrading to the newest Soekris board, which should provide more than ample horsepower for my site. The box that this article is about may be a contender; it's certainly competition.

The big question will be whether it provides a serial console.

But no, the market here isn't the XO-1, or your normal PC supercomputer. It's for small footprint embedded systems.

By way of comparison, the 1 GHz AMD Geode runs on about 1 watt of power, and ARM processors can get by for even less.

Great, but where do I get a AMD Geode and a motherboard for it? I'd love to have a silent PC (actually, server: I made the mistake of believing AMD's Cool 'n Quiet hype and it really isn't all that quiet... but enough ranting). I know about Soekris Engineering. The fastest they have is a 600MHz Geode. Probably more than enough for my needs, but they aren't exactly cheap. (I know why, volume, etc...) For the same price, I get a much faster CPU/motherboard comba that's much more performant. Of course, it isn't silent....

Better yet, if you know where to find them in Europe, I'm all ears. (I know where to get the Soekris ones http://www.kd85.com/)

Soekris is now shipping a New and Improved product, the net5501. Early reports suggest that this is their first product that's able to route at line speed. I have two on order that I should receive next week.

The release of Vista suggests that we need more and more powerful systems to do our work, but the irony, at least for me, is that I keep buying more of the little guys. Being able to use fanless cases and/or flash drives is a definite selling point, but there's a surprising amount of processing power available in such products and their uses are as limitless as your own imagination. Besides, hacking those ubiquitous blue boxes can never be as satisfying as building your own.

The VIA units I own could be described as underpowered, but having onboard MPEG decoders, for example, can make up for the shortcomings.

"I just wish I could find a small embedded device using *any* architecture that wasn't very expensive..."

What is your idea of expensive? Soekris has a range of products for what you want. The low end is ~$185 USD for Mobo + case + power supply.

These things are pretty good and cheap: http://www.soekris.com/index.htm

Let the 500MHz Celerons embrace their 128MB of RAM and run the world's best browser without feeling like they're being bent over a table and bitch-slapped by more capable machines.

Get yourself a Soekris box and build your router. It may cost more than a WRT54GL but it is very fixable. The net4801 has a USB port even. You can install a laptop hard drive in it but a CF would be better for long-running.

I'm always wondering why Linksys, or their OEMs, or anybody, don't sell a 'naked' router, or 'micro PC' that runs linux, and by default doesn't do much more. Developing and maintaining the firmware must cost them money, and they don't earn any money by including nagware (like Dell does), so these naked, no-firmware micro PCs should actually be cheaper than the real ones. But all i can find online which comes close to "a Linksys router without an OS, so go ahead and hack the hell out of it" would be stuff like the Gumstix or Soekris devices, which all seem way more expensive than e.g. a basic, re-flashable Linksys router.

Does anybody know of someone selling a Linksys-router-class micro-PC, that easily exposes stuff like the internal serial port, has at least one USB port, and a Wifi-module plugged in? Imagine what a standard hackable platform like that could end up doing, if it were even cheaper than the "branded" devices, and and a guarantee that alternative firmwares like like OpenWRT ran on it!

I especially don't understand why Linksys for example has header-pins for a fullblown serial port on their boards, but don't include an external DB9 connector, at least on their 'hackable' -L model.

Without going into business grade routers I've found one so far that seems well above any other solutions. I've tried many different brands and models but this is what I finally decided on and have running (and love).

http://games.dlink.com/products/?pid=370 DLink Wireless Gaming router
http://games.dlink.com/products/?pid=371 DLink Gaming router (same but no wireless)

I've never been a fan of DLink at all but these routers make up for it in spades. Firstly, the switch ports are gigabit and the WAN port is 10/100, not just 10. Also, with all the other "home grade" routers I never had enough port forwards (for hosting servers etc.). Those two DLink routers don't have that problem. So far I don't think there is a limit to the number of forwards you can have. My ping times have also been drastically reduced compared to other routers. It also has fairly robust QoS settings (for a home router anyway). The other big thing is that it can handle thousands of sessions at once. No more firing up Bittorrent and having to hard reset the router an hour lately because it's frozen and has stopped routing. The only things so far that I see that could even be improved would be better logging (so I could get bandwidth reports from it with Wallwatcher http://sonic.net/wallwatcher/). Currently it just does plain old syslog logging. My only other complaint is that the Dynamic DNS feature only will keep track and update one name for you. So if you have multiple domains pointing to your dynamic address you'll have to have another solution to update all but one.

I believe they do themselves a disservice by advertising this exclusively as a gaming router. This thing could handle most small (and even some not so small) business without any kinds of problems. It does cost more than the Linksys you can get at Walmart but, at least to me, it has been more than worth it. I personally use the wireless version since I prefer to keep my AP and router as 2 separate pieces of equipment (both for security and if my router breaks I don't wanna be out an AP or vice-versa.) I can tell you that I've put mine through the paces and it has not locked up or had to be reset once thus far.

The other option that I would have chosen would have been M0n0wall http://m0n0.ch/wall/ on a Soekris http://www.soekris.com/ board. In particular I was going to go with one of the bundles found at http://www.soekris.com/bundles.htm. I wanted the Net4801 with the Lan1641 4 port NIC expansion. That would have given a total of 7 ethernet ports. The only reason that I didn't end up going in that direction was because they offer no gigabit options. Otherwise that would have been an awesome setup.

My .02.

Without going into business grade routers I've found one so far that seems well above any other solutions. I've tried many different brands and models but this is what I finally decided on and have running (and love).

http://games.dlink.com/products/?pid=370 DLink Wireless Gaming router
http://games.dlink.com/products/?pid=371 DLink Gaming router (same but no wireless)

I've never been a fan of DLink at all but these routers make up for it in spades. Firstly, the switch ports are gigabit and the WAN port is 10/100, not just 10. Also, with all the other "home grade" routers I never had enough port forwards (for hosting servers etc.). Those two DLink routers don't have that problem. So far I don't think there is a limit to the number of forwards you can have. My ping times have also been drastically reduced compared to other routers. It also has fairly robust QoS settings (for a home router anyway). The other big thing is that it can handle thousands of sessions at once. No more firing up Bittorrent and having to hard reset the router an hour lately because it's frozen and has stopped routing. The only things so far that I see that could even be improved would be better logging (so I could get bandwidth reports from it with Wallwatcher http://sonic.net/wallwatcher/). Currently it just does plain old syslog logging. My only other complaint is that the Dynamic DNS feature only will keep track and update one name for you. So if you have multiple domains pointing to your dynamic address you'll have to have another solution to update all but one.

I believe they do themselves a disservice by advertising this exclusively as a gaming router. This thing could handle most small (and even some not so small) business without any kinds of problems. It does cost more than the Linksys you can get at Walmart but, at least to me, it has been more than worth it. I personally use the wireless version since I prefer to keep my AP and router as 2 separate pieces of equipment (both for security and if my router breaks I don't wanna be out an AP or vice-versa.) I can tell you that I've put mine through the paces and it has not locked up or had to be reset once thus far.

The other option that I would have chosen would have been M0n0wall http://m0n0.ch/wall/ on a Soekris http://www.soekris.com/ board. In particular I was going to go with one of the bundles found at http://www.soekris.com/bundles.htm. I wanted the Net4801 with the Lan1641 4 port NIC expansion. That would have given a total of 7 ethernet ports. The only reason that I didn't end up going in that direction was because they offer no gigabit options. Otherwise that would have been an awesome setup.

My .02.

I've used the Soekris Engineering boards for m0n0wall based firewalls before. They come in different models for different purposes: wireless, vpn (encryption acceleration), general network/communication, etc.

If, however, you want to do any kind of proxying (Squid for example) or run larger services off of the firewall and you have some old spare machine to use than something like IPCop maybe the right way to go.

I like keeping a powerful and flexible firewall (monowall) as a unit by itself. If later, I want to add web proxying, I can always put that on a separate box, and simply set the firewall to only allow web requests from the proxy.

But there are plenty of cases, where I've recommended something like Smoothwall/IPCop.

Personally I would prefer a PIX over a linux firewall.

Well, if you can afford it, and don't mind learning IOS, great. Reading the replies thus far, it seems the home-user would prefer something else, although that something else seems to include everything but the kitchen sink.

Maybe it's me, but my idea of firewall is something that I manage over a serial cable that isn't doing anything else but handling traffic, and perhaps logging to an external box. A web server, DNS, DHCP, ClamAV, SquidGuard, etc. etc. etc., might be handy, but those are standard network services and belong elsewhere.

Seems like a good enough book, though. My vote is still with pf on a *BSD system. The pf FAQ is as well-written as any book, and the examples provided should allow even the novice user to be up and running in minutes. Pick up a Soekris box and Bob's yer uncle.

I've tried both m0n0wall and Smoothwall, but neither of them seemed as easy to use. IPCop is (to me) logically laid out and incredibly easy to configure with nothing more than the descriptions on each of the config pages in the GUI.

As for hardware config, I'm running a 1GHz P3 that I swiped out of a friend's PC that he was upgrading (long ago - a socket 370). It's got 256MB of RAM, and a 4GB disk, as well. This setup is *way* more than enough to run IPCop. One of it's advantages is a small system footprint, so it can run on things like the soekris boards. The newest model - the 4801 - is a 266MHz AMD Geode CPU w/ 128MB of RAM. That system is also fairly peppy for IPCop.

Another friend of mine is running on a P90 and 32MB of RAM. With the proxy features turned on, he'd hit the swap space pretty hard. He has since turned the proxy features off and is running a cable-modem connection into his whole house with it (about 8-10 devices).

I'm sure Smoothwall and m0n0wall are similar in their system requirements.

For me, IPCop is just much easier to figure out and use. I was considering getting the book, but I'm not so sure now that I've read the review. I've pretty much figured everything out.

That's a good point. There's a lot of debate about this right now. Some people want more power and permission to from the FCC to use different parts of the spectrum to increase the range. Others are concerned about interference. The problem with wireless communications is that in physics there's a measurement called "skin depth" which is the distance a wave travels before it's power level drops by 1/e or about 1/3. The formula is something like (wavelength/2*pi).

As for the cost:

Probably the most practical outside APs right now are ones with soekris boards. These are what sflan uses. Not cheap like you say, but there's no reason a $20 board shouldn't work. Couple that with something like MIT's roofnet meshed network, boost the power just a bit, and you've got a pretty good system.

I have a Soekris vpn1401 and it works well, although I don't believe all the features are supported. IIRC, this is because hifn has not been forthcoming with their documentation. The vpn1201 is known to work as well. I'm not sure if later revisions (like the lan1461) work-- OpenBSD does not have a good relationship with hifn at the moment. BTW, I haven't done any benchmarking with my 1401, but the machine handles crypto much faster with than without it. That's all I can say.

I have a Soekris vpn1401 and it works well, although I don't believe all the features are supported. IIRC, this is because hifn has not been forthcoming with their documentation. The vpn1201 is known to work as well. I'm not sure if later revisions (like the lan1461) work-- OpenBSD does not have a good relationship with hifn at the moment. BTW, I haven't done any benchmarking with my 1401, but the machine handles crypto much faster with than without it. That's all I can say.

pfSense is quite capable of running on either Soekris SBCs or PC Engine WRAPs, which to use your phrase, are both "small, quiet and wireless!" ;) Granted, the WRT54s are cheaper, but both the Sokeris and WRAP boards offer more flexibility.

Sorry, I'll take my Linksys WRT54GS (v3) running OpenWRT or dd-wrt. Small, quiet, and wireless!

And this isn't?

Works much better, too, to say nothing of the other advantages.

Excellent idea. For Step 1, I suggest looking at this comment.

Of course, it may be that the AP already supports QoS and it just needs to be configured. If not, running OpenBSD's PF as a bridge on a Soekris 4801 (or equivalent low-power box) with compact flash for mass storage would allow him (with the owner's permission) to place it upstream of the access point and forget about it. The whole thing is US $300-$400 plus time.

(It could be done even cheaper on a salvaged old computer, of course, but the reliability would be lower and power consumption much higher.)

"...have you ever tried getting WPA to work with a Linksys WPC54G..."

Yeah, 802.1x implementations are not too free. Screw'em!

Increase your security even more. Build your own Wifi access point ( http://www.soekris.com/ ). Use authpf in your firewall rules and validate with OpenSSH and even tunnel your layer 2 or 3 protocol through OpenSSH as on option. Now you're not just another Joe Schmo running what everyone and their dog is using.

"Building a system that can compete on cost/mtbf ... not so easy..."

http://www.soekris.com/ You can build reliable routers and bridges out of these assuming they are within range of your network traffic needs. And at their cost, you can have several on hand ready to go in the event of a failure.