Slashdot Mirror

This is similar to the Soekris net4801, which also uses a GEODE CPU. I'm using one of those boxes @home as an ADSL router, thttpd, postfix, cyrus/imap server, running FreeBSD 5.3-RC using a 2.5" laptop hdd. Works like a charm! And uses less than 10 watt power too.

on a soekris net4801 + vpn1401, and an 802.11b mini-pci from netgate

pf does ingress and egress filtering

all wireless is accomplished via ipsec. after packets are decrypted, they too are filtered

I wonder if free e-mail providers are using compression to make the provision of free 1GB+ accounts possible. Most e-mail is quite compressable. The only problem I see would be the CPU overhead of the compression/decompression. I've seen SSL accellerator PCI cards and HTTP compression PCI-X cards but I don't think I've ever seen a card that can do offloaded gzip compression.

Chris

Now that's a fun way to add Wi-Fi to your local coffeehouse--slip a m0n0wall Soekris and a DSL modem inside an old portable radio and put it on the countertop.

I think we'd want to have some weighted rules for judging a good "sympathetic" installation (highest first):

1. If the radio works, it should continue to work (do no harm)
2. As minimal damage to the original casing as possible
3. The wi-fi unit is easily removed to return item to an old style radio
4. Operation simple for the user (plug/unplug)
5. Network indicator lights visible (through the mesh?)

Rob

P.S. For do-it-yourselfers, check out ebay's 1930's radios and NYCwireless's primer on setting up community nodes

The comments seemed to lean towards the Soekris and similar GEODE products, and the VIA EPIA.

Here's a link: Soekris Engineering
Here's another: an unofficial OpenBSD Sokeris HOWTO

These are both excellent, low power consumpsion, single board computers. They will both run FreeBSD without trouble. I know the WRAP is capable of POE; not sure about Soekris machines.

http://www.pcengines.ch/wrap.htm
http://www.soekris.com/

Currently running m0n0wall on a WRAP and FreeBSD on a Mini-ITX. Both run like a dream.

This PDF is the manual for the bare-bones Soekris 4501 - the first page has pictures of the bare board and the "box" version. It is a router/hub form factor.

Wow, thanks! I've been looking for something similar too, and their net4801 seems really nice and compact - and $250 isn't all that too much, either.

Do you know of anything similar for a webserver, something like a compact off the shelf thing running either *BSD/Linux? I guess I could always solder in a hard-drive onto the 4801 (since the website says that they do have both CompactFlash Type I/II socket and UltraDMA 33 int.) - but one that comes built in with something like that would be cool.

Most of the solutions out there kinda seem really complex and expensive, I just need something to serve a few static pages, and something I can just ssh into remotely to do stuff.

Any suggestions?

Soekris boxes are exactly what you're looking for. They're cheap, stable, low power, interface-rich and run FreeBSD like a dream. They're super boxes.

Check out Soekris Engineering.

You might also find it interesting to read about other efforts for making small systems on other OS, amongst others flashboot, flashdist, MeshBox, Pebble Linux. You'll probably also learn a lot about this by examining how 'live-cd' software is prepared (e.g. livecd.sf.net, knoppix).

A lot of these techniques are aiming at small single-task embedded systems (often on minimal hardware, e.g. net4501/net4801), but the techniques are generally applicable, and can be used to make all types of system on various OS.

I switched recently to a Soekris net4801 with a 2.5" harddrive as my main ADSL router, Postfix, Cyrus/IMAP, and thttpd server, running FreeBSD 5.2.1.

One of the main reasons was the noise of the PC being always on. Of course, the other reason was to save (a lot of) power. Now, my desktop PC is still not silent, but it's great to be able to turn if off before going to bed.

If you're looking for a router/firewall, you're going the wrong way.

Here: http://www.soekris.com/net4501.htm

The OpenBrick costs EUR 300 to 400, while you can get a Soekris for US $135 to $240 depending on the model. The Soekris boards have RAM included (AFAIK, OpenBrick and VIA boards don't), and the optional cases are cheap, so they're not as expensive as they seem.

The WRAP and RouterBoard are the only things I've seen which are comparable to Soekrises in terms of features and price.

The OpenBrick costs EUR 300 to 400, while you can get a Soekris for US $135 to $240 depending on the model. The Soekris boards have RAM included (AFAIK, OpenBrick and VIA boards don't), and the optional cases are cheap, so they're not as expensive as they seem.

The WRAP and RouterBoard are the only things I've seen which are comparable to Soekrises in terms of features and price.

A firewall with one built-in nic??? I'd rather use a soekris board. http://www.soekris.com/

It actually happened to me last week. Luckily, I'm using a low-power net4801 FreeBSD router, postfix server... and an ADSL modem on a UPS. It's amazing how long those 30 minutes UPS last when operated that way! I was able to use a laptop to email the power company. Of course, a phone call would have been easier, but try to find it in the dark :-)

it uses a much more monolithic kernel than Linux, making it lose some flexibility

Wrong. FreeBSD uses KLD modules just as extensively as Linux.

You wouldn't really want to use FreeBSD for an embedded system

I'm using FreeBSD on Soekris net4801 boxes as router/postfix/imap/http/... low-power ADSL appliance.

Read the soekris website, it puts it nicely:

FreeBSD The most powerful x86 open source Unix OpenBSD The most secure open source Unix available NetBSD The most portable open source Unix available Linux The most popular open source Unix

If you want that, get a Soekris box. I run a few of them and they're very nice.

Soekris has an interesting board that is said to be optimized for use as a wireless router(Model net4526)
I imagine it would fit in to a project such as this quite easily, and it has pretty low power consumption.
But, at 133 Mhz and 128 Mbytes of RAM, it's not as powerful.

We used 2 6 volt 220 Ah trojan deep cycle batteries wired in series for 12 volts and a 65 watt solar panel.

This was all to power a soekris board which only draws about .3 of an amp. So even without the sun, it would run for something like 6 weeks.

But we plan on many more of these, specifically on mountain tops where there isn't power. This one was mainly as a test, but it's been up rock solid for about 2 or 3 months now.

-M@

Or you could get a Soekris 4501 and case, then install a really small linux distro like Pebble linux and have a homemade solid state firewall/router in a really small form factor.

There's a mailing list:

http://cinematic.forko.com/pipermail/soekris-tech/

There's also, "m0n0wall", a FreeBSD-based firewall originally designed for the soekris boards:

http://www.m0n0.ch/wall/

I'm in the process of upgrading my home firewall to soekris/m0n0wall, although I plan on using an EPIA VIA M 10000 board for an home fileserver.

or maybe one of these.

Soekris Engineering produces 486-based routing hardware that will run your choice of Open Source OS. They aren't quite as cheap as a Linksys or Netgear router, but they are hackable and upgradable, since the network interfaces are PCMCIA or Mini-PCI cards and they have Compact Flash interfaces for storage.

Routers would definitely be able to make use of such a chip.

Using old machines as APs is all well and good, if you have plenty of power and a clean environment. PCs have cooling fans which suck in dust, moisture, and small critters. They also consume a good bit of power, which is an issue if you're running from generators or simply over a very long chain of extension cords.

You're reinventing the wheel here. Building your own kernel with all the features needed to become an AP is simply replicating all the effort expended by the AP vendors. There are also prebuilt configurations (third-party firmwares) for a lot of APs.

Purpose-built APs are smaller and lighter, which makes them easy to nail into trees or whatever for mounting. They're easy to stuff into ziplock bags for weather resistance, because they don't need much cooling. The software is already built.

If you're still interested in building your own equipment, look into hardware from Soekris Engineering and Mikrotik. Hardware that's designed for embedded operation has nice things like serial configuration (ComBIOS), onboard CF slots, simple power supply requirements, and low heat generation. Most such boards also have general purpose I/O lines that you can use for things like door sensors, thermal management, status lights, etc.

Build your OBSD firewall in a Soekris box. Low power, low noise, runs from a CF card (or boots via PXE). Some models accept power-over-ethernet. And Soekris directly supports FreeBSD, OpenBSD, NetBSD and Linux.

There are other hardware crypto accelerators. OpenBSD uses them to offload all possible crypto and random functions from the CPU whenever one is present. VIA's is nice, in that it comes with the computer, but $100 will get you the same functionality in a PCI card.

Anybody here thinks that securei easy IM might not facilitate terrorist message interception?

You mean, like Jabber with SSL? That cat's already out of the bag.

I've got a similar problem to you, and, after years of noisy living rooms and bulky kit, I think I've found a solution.

Not racks, nor wooden bookshelves. I rescued four racks once. Bloody useless things. Free racks still cost 'cos they need expensive cases. If you put ordinary PCs in on the shelves, you might as well use ordinary shelving, like some guys have mentioned here. Since then, I've always wanted small, small PCs, and I've finally found them. They're silent. They're the size of routers. They're cheap.

But these PCs don't have any fancy extras, like video, keyboard or mouse (you use serial I/O, or SSH). They're only supported with free (as in four) operating systems, e.g. the BSDs and Linux. If you can work within those limitations, and I can, then you've gotta consider them. Since you didn't mention operating systems, I assume you want to keep your costs down, so you've gotta be going the not-unix route ... aren't you?

I'm willing to bet there are a number of manufacturers about. I know of Soekris, from Santa Cruz, a town famous, so I've heard, for the silly decisions some people have made after long visits to its excellent beer festival. Soekris interest me because they specifically support Open BSD.

2. READ THIS.

2. Buy and install this.

3. Read this, this and this.

Trolling aside, Linux has got its places but if you want to do things right in a scenario such as the one you describe, OpenBSD is the only smart choice.

http://www.soekris.com/ has a Mini-PCI based hardware encryption device, the vpn1211.

It is designed to be used with their micro-systems (which are much better suited for the frequently suggested task of being a firewall, due to the available dual NICs), but miniPCI is miniPCI, and there are experimental linux drivers (as well as full driver support for Open/NetBSD)

What about a Soekris ? It has mini-PCI.

My house/life have been Windows and MS-DOS free since I was on the Internet (1983 or so). I *did* inherit a zenith 8086 laptop (battery is now dead), but as a friend I visited at MS looked through and saw "DR-DOS... is that a DOS clone?"
Yeah, 1976 copyright. Its the clone.
"TurboC... WordPerfect... [other stuff]. Is there anything from Microsoft on this?"
I suppose mouse drivers. But I have a trackball for the laptop.

... LAST FALL, when I helped remove a rootkit from a friend's brother's Linux box [which came with a billion services on, including the dreadfully unsecure rpcbind)...

The intel boxes run a variety of OSs. I've got the legal source for all of them.

I've used IPFilter to help harden my Irix, SunOS, Solaris and BSD boxes... The Apples (Mac IIci and Classic 2 running BSD and a laptop running OS X) are behind a self built firewall/WiFI/IPSec endpoint/boot from readonly CF box for extra security.

The housenet ran Kerberos for a while,because it's often a testbed for my work. You run Kerberos at your homes for authentication, right? Everything in the house uses IPv6 except for a printer. Stupid printer. Oh, and the terminal server. Anyone have IPv6 firmware for a microAnnex? They are on a subnet of the firewall (an IPv4 DMZ).

So no "soft chewy center" to that network.

Now try as I might, I can't get these viruses and worms to run on my machines. Perhaps I can use an emulator. But I'd likely have to buy a virus runtime environment from MS.

whoops, forgot to answer "where can you get them?".. Soekris Engineering. Keep in mind that mine is considered dated but if you only want to fill a mid-speed VPN tunnel it's fine.

All that crypto and random goodness doesn't come for free.

True enough, but with a ~US$90[0] Soekris crypto accelerator it's damn close :) Nothing like having a heavily used IPSec tunnel with your CPU being relatively idle.

[0]- when I bought mine in mid 2002

Does anybody know if there is a Soekris-like board built with Transmeta?

I'd like to buy a low-power embedded server with something better than a souped-up 486. A micro-micro-ITX system might be cool, too.

...one of my firewalls to a Compaq Contura 50MHz 486. The power supply says that it takes only 26W.

Various OpenBSD people get excited with the Soekris. I think this super-486 board is underpowered for the price. I'd like to see a Transmeta Crusoe or VIA Eden in the same form factor, which should be much faster. Never seen one though.

I have a Soekris VPN1201 in my OpenBSD firewall. Works like a champ and the CPU doesn't flinch.

Soekris makes a variety of little boxes and boards, mostly for low-power small applications. Based in Santa Cruz California.

If you're looking for a much lower-end solution (e.g. you're running a web server on your DSL line), makes some low-cost little boards, one of which can support laptop hard drives. No graphics, supports a variety of Linux and *BSD operating systems.

Or you can get a used laptop from eBay or a local used-computer dealer. Power use is low, size is small, operating system support is easy to figure out, and they theoretically have built-in UPSs, though used laptop batteries are often pretty dead. Prop them up for good airflow to avoid heat problems.

You can setup a Soekris box running m0n0wall and do everything in a single small box with no moving parts. Alternately you can save some cash using an old PC and either a CD-R or some sort of bootable flash drive.

It's embedded FreeBSD and will do all of the basic AP functions plus firewalling, traffic-shaping to keep P2P hogs from becoming nuisances, local DNS registration, etc.

Soekris

I've seen this in use and it's quite impressive.

Here's some info copied right off the main page:


SkyNet GNU/Linux is small distribution of GNU/Linux designed for embedded devices such as the Soekris boards. Its targeted specificly as a gateway for community wireless projects such as The Tacoma Wireless Community Network and similar projects like SeattleWireless. With some modification, it should be easily adaptable as a general purpose router, an inexpensive home based wireless access point, or a drop in solution to building temporary mesh networks.

Over Christmas, my D-Link wireless rotuer (B) died.

I had a Soekris Net4521 and a D-Link DWL-650 wireless B card laying around.

The Net4521 is a 133 MHz AMD Elan (486 compat) system with 64 Mb of RAM, a CF slot, 2 10/100 ethernet ports, a mini-PCI slot and 2 PCMCIA/Cardbus slots. It is small (10" x 6" x 1/2") and not very expensive ($235 for 1).

Pebble Linux is a Debian-based distro designed for the Soekris line of boxes. It includes NoCat Auth, Mad WiFi and HostAP tools for making your own WAP.

You'll need a minimum of 64 Mb CF card to load it on, though it boots read-only and runs in RAM. You'll also need a wireless card that supports Host AP mode.

The whole setup cost me less than $300, and it is more than just a WAP. It is a real linux box with SSH, auditing tools, logs, etc.

Soekris also makes the VPN 1211, which is a mini-PCI crypto accelerator. From what I've researched, OpenSSL supports it for offloading SSL/TLS transactions. I'll be testing this out over the rest of the week.

The Net4521 also has a hardware watchdog, for resetting itself in case of problems AND supports power over Ethernet (802.3af) for those hard-to-find-juice locations.

If you're really ambitious, plug in a B/G card and an A card (second PCMCIA slot) and provide the whole spectrum of coverage. Let me know if you find a G or A card that Linux can put into HostAP mode, though.

Good luck.

-Charles Hill

Over Christmas, my D-Link wireless rotuer (B) died.

I had a Soekris Net4521 and a D-Link DWL-650 wireless B card laying around.

The Net4521 is a 133 MHz AMD Elan (486 compat) system with 64 Mb of RAM, a CF slot, 2 10/100 ethernet ports, a mini-PCI slot and 2 PCMCIA/Cardbus slots. It is small (10" x 6" x 1/2") and not very expensive ($235 for 1).

Pebble Linux is a Debian-based distro designed for the Soekris line of boxes. It includes NoCat Auth, Mad WiFi and HostAP tools for making your own WAP.

You'll need a minimum of 64 Mb CF card to load it on, though it boots read-only and runs in RAM. You'll also need a wireless card that supports Host AP mode.

The whole setup cost me less than $300, and it is more than just a WAP. It is a real linux box with SSH, auditing tools, logs, etc.

Soekris also makes the VPN 1211, which is a mini-PCI crypto accelerator. From what I've researched, OpenSSL supports it for offloading SSL/TLS transactions. I'll be testing this out over the rest of the week.

The Net4521 also has a hardware watchdog, for resetting itself in case of problems AND supports power over Ethernet (802.3af) for those hard-to-find-juice locations.

If you're really ambitious, plug in a B/G card and an A card (second PCMCIA slot) and provide the whole spectrum of coverage. Let me know if you find a G or A card that Linux can put into HostAP mode, though.

Good luck.

-Charles Hill

I've been using one of their older models, the Net4501, for over a year now as an OpenBSD firewall. It's nice to have a configurable firewall in my home office that makes zero noise whatsoever.

The end result of this is a small integrated PC with no moving parts, and mounts it's file-system read-only so no worries about corruption, with a built-in access point. These work great, and are a bit larger than the size of a VHS casette.

I've deployed a number of these, and they are rock solid. Plus, they have advanced routing capabilities thanks to Linux, and the ability to block infected or abusive users from re-associating with the AP.

As far as going with 802.11 a or g... You must be pulling in some pretty mighty bandwidth to need to use something faster than 802.11g. Pebble includes "MadWiFi", a driver for some a/g cards, but I haven't used it.

Sean