Slashdot Mirror

Why spend $500 on a noisy, failure prone PC when you can buy a small embedded computer that acts as an access point and a router? A Soekris net4521 is an excellent choice at $235. You can even get a high power 802.11b PCMCIA card, pigtail, and antenna kit

The OS work is already done for you as well, check out m0n0wall for a complete FreeBSD solution with a fancy GUI config system, or one of the small Linux AP distros, or roll your own. I run OpenBSD on mine.

I've got one of Soren Kristensen's little units and I really like it.

Come on, its easier to build a _small_ and _compact_ 1 GhZ celeron with a better config for about $400-500 with off the shelf components than shell out that kinda money for this thing.

I don't doubt it. And as I pointed out in my first post - I have been looking at a way to do it myself ... and as I pointed out in my second post, I have not yet been able to get to the site to see the price. I wasn't aware that it was "$1395 or something"

Sounds like it might be what I've been looking for. I've been wanting to "build" (or buy) a small e-mail server. I just don't like the idea of running a complete PC based Linux Server just for e-mail for myself. Waste of power consumption, big foot print, etc.. I'd like something about the size of my cable modem that uses very little power. I have been look at these. Anyone know of any other ideas?

http://www.soekris.com/?

Soekris. Check out their net4801. Whack OpenBSD on that and you are pretty much done.

Soekris. Check out their net4801. Whack OpenBSD on that and you are pretty much done.

check out soekris engineering, I buy single units all the time: website

Belkin is busy flooding the market with their low grade crap. It is getting really hard to find non-Belkin accessories, but in the router/firewall market there are a lot of choices. I'm partial to the old NetGear stuff myself but have since gone the DIY route.

Buy a small embedded board (Soekris is awsome), install OpenBSD (or FreeBSD or Linux), and voila you have a super secure platform for a router, firewall, access point, IPv6 gateway, etc. You can't even buy a small network appliance with all the features you can stuff on a 128mb CF card, and if you could it would cost $1000+

they come with scripts and docs

they produce bare (no dev tools) images to use on compact flash cards

The dev machine is separate
I use a modified version of an OpenBSD on an old watchguard box.

See Soekris on OpenBSD and Soekris on FreeBSD

I have a Soekris net4501 box as a firewall. It runs FreeBSD 4.x and has a 1GB microdrive as it's primary storage, which is mounted "noatime" and with no local logging, so the microdrive rarely spins up. (I plan on changing it to log to a ramdisk and flush it to the microdrive once a day since sometimes I miss log entries, but that's another project). I actually only need about 64MB but I had the microdrive handy. In fact you can strip it down to 4-5MB if you are insane (see the excellent m0n0wall project).

I build the entire thing on another FreeBSD machine (actually, a FreeBSD virtual machine running on VMWare on Red Hat, but that's not important) using a separate make.conf. I.e., I run something like this on the BSD source code:

make __MAKE_CONF=/my/special/make.conf DESTDIR=/my/special/destdir buildworld

Next I install the FreeBSD distribution /etc files into /my/special/destdir/MERGE-ETC/

Next I reboot the Soekris box at securelevel -1 (which lets me clear the immutable flags), then I clear the immutable flags on all the executables and kernel so they can be replaced.

Then I rsync the whole mess from my development box over to the Soekris box, but *excluding* any development tools, indeed, excluding all non-essential stuff. /etc is also left untouched.

Then I run mergemaster on the soekris box, merging /MERGE-ETC with /etc to pick up any new /etc changes. Then I delete mergemaster and /MERGE-ETC.

Finally, I re-set the immutable flags on the kernel and important binaries, uncomment the securelevel stuff in /etc/rc.conf (I run in securelevel 3, can't clear immutable flags and can't change firewall rules). then reboot for brand-spanking new install.

It sounds complicated but I have it automated with a handful of scripts: run #1 on the VMWare box, run #2 on the soekris, run #3 on the vmware to clean up and remove the build files, done.

The same procedure should also be possible with Gentoo Linux, which I'm going to try on my new net4801 Soekris box. That will be less necessary since the net4801 supports an IDE hard drive and could theoretically be self-hosting if I'm patient, but I want to try my FreeBSD technique with Gentoo Linux.

Other possibilities include NFS-mounting your firewall contents to your development box and chrooting into it, or netbooting the firewall somehow . What I love about these Free Software products is the amazing FLEXIBILITY!!

Even without hardware crypto, any modern 1GHz CPU can saturate a fat pipe using AES or Blowfish as the cypher algorithm. Quit blaming sftp and find a way to make sftp work properly.

still using it for home firewall/NAT and web server, running a homebrew mishmash of Linux programs (no distro, no package system, just how I used to do it in the "old days" and never thought to change it).

like I tell my friends "it's still as fast as when I got it you know" I don't want to give it up until it breaks but it has worked flawlessly for nearly 10 years .. don't make em like they used to, eh?

it is going to be replaced by a tiny soekris machine (133MHz 486 baby! no fans!) with a 1GB microdrive.

Also have a Rev.A iMac that I installed OpenBSD on for some reason but I have no idea what to do with it...

I think anything mroe than 500MHz is overkill except for specific purposes like multimedia. for day-to-day email and surfing my other 600MHz iMac is more than enough.

I Do have a few multi-Ghz "development machines" but nothing beats an old clunker for personality....

(I even wrote about my Soekris/m0n0wall box on my website recently).

This company makes several models targetted at routers/firewalls: Soekris Engineering

I'd like to run UNIX on one of those things, and I'd like a serial console. In fact, if they had a board that had no video and just serial, that'd be grand, I'd buy one.

The Soekris net4801 seems pretty similar to this Via board (only a 266Mhz processor though, and the size is 13.2x14.7 cm). It has a serial console instead of video, and is designed for BSD and Linux.

Try one of this guy's boards.

1) Get OpenBrick (www.openbrick.org)

Nope, get a Soekris board, save about $100, that's what I call profit.

Your project sounds very similar in needs to another application I'd discussed with a friend some time ago. When the Civil Air Patrol gets called out on a search-and-rescue mission, they frequently fly over the suspected area with a video camera, sending frames down to the ground with slow-scan TV so that an expert on the ground can identify likely spots to search. The image quality sucks and the data rate is worse.

It'd be nice if these folks could carry a multi-megapixel digicam on the plane, snap pics of anything interesting, and have the images sent to the ground for viewing/zooming on a laptop. The only trouble is, the search area is usually several miles on a side, well over the range of normal 802.11a/b. The solution we came up with involves a cadet on the ground with a high-gain dish antenna being told "keep this pointed at that plane". Cheaper and more reliable than an automatic antenna tracker, for sure. :)

So what we need here is a way to interface with the digital camera. As soon as a photo is taken, we should suck it of the camera's memory and buffer it for transmission to the ground station as soon as possible. Point to ponder: Assume that wireless connectivity is intermittent. Do you transmit the most recent pictures first, or the oldest pictures first, to make sure the base station has the most useful data possible? (LIFO or FIFO?)

Some time ago, I proposed a bluetooth CF module which would appear as a large FAT filesystem. It would have a limited amount of "cache" memory, where images would immediately be written, and then it would then link to a large hard drive sitting in the user's pocket and free the cache for more images. An 802.11b version would suck more battery than bluetooth, but allow longer range operation. The trick isto emulate a filesystem, so firmware hacks aren't needed. (If you could mess with the camera's firmware, you could use an existing CF wireless card and let the camera handle the protocol, right?) Nikon seems to have released a similar product but it's vaporware and only works with one particular camera.

In lieu of sitting straight in the camera's media slot, there's always software that controls the camera via serial or USB. The problem is, most of it seems designed for interactive use. I don't know whether the protocols support lurking in the background to just suck files off the flash card, without interfering with the camera's normal operation. Several of the packages are based on a common code base with a protocol that's fairly well documented, so rolling your own isn't out of the question. Let's assume for the sake of discussion that your camera supports this and suitable software can be found or written.

If you can get by on RS232's peak speed of 115200bps, and if the software can be worked out, there are several hardware options. Several other posters have suggested PDAs with wireless cards. That's a great idea, especially if you can strip off the screen and case to save weight. Some suggested the Soekris net4511 or similar. It's got a low-power 486 chip, serial ports, ethernet ports, and a PCMCIA slot for your wireless card. Or, you could hack up an existing 802.11b accesspoint to run linux and use its console port to connect to the camera. (Note: The Eumitcom-based APs are getting hard to find now. Not a platform with future potential.) There's a similar project for the Apple Airport base station, but it's limited to etherbooting, probably not suitable for this application.

You could use a pair of Ricochet modems dialed to each other (auto-answer on the chopper, and dial from the ground), in which case they simp

If they can make a better product than the soekris boards I might get interested. It is generally accepted that Intel chips have not been capable of being passivly cooled since the early Pentium days. I'd say the pentium 166(??) was the last passivly coolable design before active cooling became mandintory. A router doesn't need that much processor to operate unless its some sort of ultra-utilized mega router.

Interesting, I just finished setting up this on one of these.

I was pretty damn impressed with m0n0wall, it's freebsd-based and fits on an 8MB CF card, and has a nice web interface. Of course it's free software so you can hack it and improve it all you like (you need another FreeBSD box to do it on).

Check out this combo, it's the best of "play and play" and "high quality free software" in one Institutional Green sheet metal case!!

Just pick up a soekris if you want fun. :)

You can either find yourself a damaged laptop off ebay and strip the parts out of it that you need or you can get yourself a soekris board - downside of those are that it's going to cost about $150 each... Good luck.

I'm working on a similar project (well, if you consider trying to raise the money to be "working"). Being a professional photographer, I want professional results, and that means remote preview through the camera via USB (why oh why don't prosumer cameras come with FireWire?) and of course USB craps out after about 5 meters.

I would personally would try to go wireless instead of trying to pull a 1000' cable with the baloon. You could plug your USB cable to a very small computer (Soekris) and have that computer send the JPG preview wirelessly using 802.11b. You could see the previews with a laptop computer using a 802.11b card.

That's an interesting project, good luck with it,
GFK's

The net4521 is an amazing product! I built a AP/firewall/etc appliance with one, using the 200mw card from NetGate. They have soekris kits too now. I used OpenBSD not Linux and couldn't be happier with the result.

My wireless network is secured with IPSec, pf makes for an amazing firewall, have a caching DNS server, upstream rate limiting for my cable connection, etc. Not only is my network as secure as can be, but I can upgrade to 802.11a/g with only a new network card (and antennas if a) and new releases of OpenBSD in the rare event a hole is found.

If a company would come out with a cheap mini-pc just like the one in this article(no fans, small, etc) with 3 or 4 interfaces, I bet they would sell like hotcakes for use as cheap linux firewalls that don't take up a huge amount of space and don't sound like a jet engine all the time.

Soekris Engineering already has these. They build custom single-board PCs which are low-power and run fanless. They are not going to replace a PC for desktop use, but are terrific for firewalls, VPNs, wireless base stations, and the like.

They have several different models, with 2 or 3 network interfaces. The units with 2 interfaces have a slot to take a wireless PCCard to become a base station. They boot off compact flash, or tiny IDE drives. They can take a crypto hardware acceleration card. They can be powered by PoE (Power Over Ethernet).

The new net4801 takes the processor clock up to 233MHz. Like I said, not a speed demon, but it's a beautifully designed piece of hardware.

There's also a nice turnkey firewall package for the Soekris boxes, called m0n0wall, that's pretty functional and virtually idiot-proof. You could build a business selling these things, it's commercial quality polish.

While I like m0n0wall (seriously -- check it out!), it's based upon FreeBSD, and not Linux.

M0n0wall (yes, the l33t spelling is correct), was originally written for the low-cost Soekris communication PCs, which I also recommend that people check out, although the new VIA EPIA boards are also attractive (but more expensive).

I have a Soekris net4521, and it works great with PowerDsine's PD 6001 (part of their PD 6000 mid-span series).

They (PowerDsine) have been doing 802.3af since its earliest drafts, and it's been working as designed.

At the bottom of this page

Soekris makes a much better choice for low-power networking hardware. I run an IPSec secured wireless access point/router/firewall/QoS manager/etc on the net4521 and a 200mw 802.11b adapter. This one isn't mine, but pretty, isn't it. As soon as a HostAP driver supports 802.11a/g I'll be set to add another PCMCIA card, what a cheap ugprade.

Soekris makes a much better choice for low-power networking hardware. I run an IPSec secured wireless access point/router/firewall/QoS manager/etc on the net4521 and a 200mw 802.11b adapter. This one isn't mine, but pretty, isn't it. As soon as a HostAP driver supports 802.11a/g I'll be set to add another PCMCIA card, what a cheap ugprade.

Soekris Engineering also sells a crypto card for VPN applications. It says it also does compression.

You want a Soekris box. 486/133, 64mb ram, three 10/100s, compactflash, even a 3.3v pci slot. 10 watts and 4.9"x5.7".

Additionally, if you're looking for higher end right now, choose one of the many mini-itx configurations available. http://www.mini-itx.com is a wonderful site based in the UK. Buy directly from them or use one of the vendors they recommend.

Sorry Linus , but people developing for tiny platforms can't afford to spend an extra $400-$500 for a Transmeta solution.

The wireless group in Houston is building even smaller boxes that are capable of doing everything that this box does. A HOWTO is being assembled here. They are using the Soekris Net4501 in combination with the DWL-520 802.11b PCI card to run Linux and push HostAP and NoCatAuth. The Soekris comes with 3 NICs and no moving parts!

There's also http://www.bcmcom.com/tech/BOX-3410/BOX-3410.htm
Geode 300mhz, 2 NICs in 106mm (W) x 178mm (L) x 65mm (H)

and http://www.nexcom.com/product/ebc/ebs1563p/
VIA C3 processor, 3 NICs, 177 (W) x 51 (H) x 228.6 (D) mm

Depending on what you need, you could buy an old laptop off of ebay and get 2 nics for it.

I've been eye-balling a similar system over at Soekris. Same idea, but with 2 or 3 NICs integrated.

Nope. It's fairly easy, but doesn't contribute much to security.

Then I can keep the WiFi behind the firewall, and I don't have to worry about a VPN or any of that mess. Does this sound reasonably safe?

NO! The easiest approach should be (depending on the firewall and wiring, of course) is to add a third NIC to the firewall. Connect the basestation(s) to THAT NIC, and block everything from it except VPN or IPSECed traffic.

I'm 802.11-less for now, but starting to plan a firewall+802.11a/b setup for once I move: probably a mini-PC from these guys with one of their PCI crypto accelerators. Add OpenBSD with the built-in IPSEC, and I'm a few client-side tweaks away from a fully secure WLAN and firewall, all in one! (That's the theory, anyway...)

Soekris Engineering PC104 sbcs designed specificaly for Free/Net/Open BSD and the occasional Linux. Very nice they be.

(if only I could get my hands on the hardware...)

http://www.soekris.com/

These are great little PC's the boards are about the size of a piece of toast, with the case they are about the size of 2 pieces of toast, they only use 800 milliamps at 12 volt (if I remember right), have no moving parts, serial console and 3 network ports, and a CF slot for the disk. I have been using one with a IBM microdrive and OpenBSD as a border router for about a year now, and it works great.

If you are not too concerned about processorperformance, you might want to look at Soekris Technologies' Net4501 or Net4521. It is not very expandable, but seems to fulfill your requirements nicely. More information is at Soekris' website. Other options would be the PC104 series of modules... but you'd have to find your own enclosures.

Showing off the soekris Net4521's which consume.net may be adopting as there weapon of choice.

The french guy with the singing birds and the cybernetic parrot sausage is Paul Granjon from zlabs.

For small routers/firewalls (and if you don't mind spending a modest amount of money), check out the small PC-compatibles from Soekris Engineering. Their (well, his) main product is a small PC-compatible board designed for routers/firewalls: a 133MHz 486 class processor (AMD ElanSC520), 64MB RAM, three (3) LAN ports, a type II compact flash socket, BIOS, and a serial console port. Note that there's NO video, sound, or IDE ports (you boot from LAN or from the compact flash port, which can be used with an IBM microdrive). It's low power (under 20 watts), very quiet (no fans), and pretty small. Cost with metal case and US wallwart power supply is something like $250 plus tax and shipping (bare boards are available, too). In the past, availability has been a bit intermittent ("in stock" maybe once a month), as they seem to sell out their incoming production batches fairly quickly, so be warned.

Also, I believe that they're about to ship a version with PCMCIA slots (but only two LAN ports), basically designed for people to build wireless access points/firewalls.

People have FreeBSD and Linux (I think) currently running on it. I bought one to create a FreeBSD-based home firewall, and it's pretty cool (I haven't yet deployed mine, but I'm getting close). There's also a mailing list (check out the web site).

However, if you need video, sound, or IDE ports, one of the Shuttle boxes might be a better match (although they'll probably use up a lot more power).

Just wanted to add that this is not embsd.org's board, it's developed by a guy called Soeren Kristensen. I don't really think you will be able to make NAS with something that essentially is a 133 MHz 486, you should definately not count on being able to saturate all 3 10/100 interfaces at once. When running BSD on this board, the kernel stats shows about 90% interrupt time with 2 nics running about 20 megabits of traffic to it. Nice little board for firewalls, though.

And how do I stop employees from bringing in these things? Metal detector and searches at the door? How long do you think my employees will stay?

Further, if it was my intent to hack a network I would use something like Soekris' net4501 set up to bridge across the net ports and put it inline with my PC at the office. Let it sit and collect information all day then unplug it and take it home at night to see what it found.

I think a lot of peeps here have made the accurate point that if you treat your employees better than slaves that (typically) your employees will be more concerned about the wellbeing of the company and won't do things to damage it. Exceptions do exist but how much money and time should you expend to oppress the innocent just to prevent the guilty from harming you? (For those looking for greater meaning, yes this argument can be extended to our current problems with terrorism in America)

A little larger (maybe) but still nice and small, with 3 Ethernet, CompactFlash, SSD, 486/100MHz based and more:

But: Why are these devices all so limited ? Honestly, I want all my Networking done in one box (Gateway,Firewall,Printserv,external Modem (FaxServ), wireless access-point, ethernet and HomePNA, no additional hubs/switches...I am at home, you know ?!

I know...

Musenski must have better PR people, but don't forget about Soekris. They make network computers that include two slots for radios and one slot for hardware encryption, running *BSD or Linux.

With a device like the Soekris net4521, your base station is just a compact general purpose unix machine with two radios and hardware encryption. Many people have also hacked regular base station products to boot Linux or BSD instead of the vnedors software.

So remember, every access point is a software base station. The only difference in Apple's Software Base Station is that the nouns are capitalized.

Check these guys out, along with these guys.

Really nice headerless SBC with 3x 100TX, BIOS supports serial console, etc and OpenBSD whittled down to fit into 32MB CF card `disk'.