Slashdot Mirror
Low-Profile Firewalls?
rhyder asks: "I have seen articles on Low Power Computers , and articles on Cool Cases, and a few on Very Small Servers. What I would like to do is use a generic Pentium-Class to Pentium II Motherboard inside a small case with a power supply enough for 1 drive and a single CPU. My intention is to build a box which will run the NetBSD-I386 Firewall Project . Check it out, it is a remarkable free firewall. I already have enough juice polluting the atmosphere, and I would like to keep it to a minimum with this and future projects. Where can I find either slim X86 Clients or cases which meet the above description, and of course, get the best value for the $$$?" We've discussed firewall appliances before, but I think size and power consumption were never really discussed.
Slim cases here, here and, for the ultimate case (a pizza hut box), Here! :-)
... everything starts to look like a nail.
The point here is:
Use the right tool for the job
Now, I don't have the full facts, since your question leaves out quite a bit, but I'm going to assume (given the low-power interest) that you're a SOHO user - someone with a small network to defend, but no real need for VPN support at the firewall, and something limited to DSL/cable modem speeds. According to your question, you're obviously looking for a firewall only, and not something that will do other stuff (like mail, etc).
Simply put, you can't beat one of the turnkey solutions. The Netgear and LinkSys solutions mentioned in the previous Ask Slashdot draw miniscue amounts of power - far less than even the most miserly PC. They're tiny, completely silent (no fan needed!), and cheap (sub $200).
I don't have direct experience with the Netgear, but I do with the LinkSys. It has a web-based interface, and also allows you to customize a text config file for complex setup. I like it over the Netgear because it includes a 4-port 10/100 SWITCH. NAT and DHCP support.
If these are truely not for you, look into a Netwinder or a used Cobalt Cube. They're a bit more, but they have all the functionality you could wish for, and they draw very little power (and are pretty damn small). If you must have a x86 PC, look for an old Compaq Deskpro (there are some nice little LPX-form-factor ones) off of eBAY.
Don't approach the problem bass-ackwards. Draw up your requirements from a functionality standpoint, then look for solutions that fit your criteria. Don't decide on a solution until you've considered all the alternatives.
-Erik
There are always four sides to every story: your side, their side, the truth, and what really happened.
If you only need basic firewalling, Netgear and Linksys both make a nice unit that consumes little power. (Note to trims: the Netgear is actually a little nicer than the Linksys)
If you want a new, full Pentium-classs PC on the cheap and tiny, consider any of the 7x9 MediaGX point of sale boards. $70-$120, depending on what else comes glued to the board. Smaller than any of the MATX or MAT boards, but you still have to put the cards in vertically.
Otherwise, Olivetti, NEC and AT&T (NCR) made a small form PC (I have the NCR 3232 on my desk, playing MP3s) One and only one ISA slot in any of them. (although they did make a VLB model, I've never actually seen one). They came in SX, DX-2, DX-4 Enhanced, and 5x86 configurations, although you can ramp any of them up to 120 or 133 with blind jumper guesses. If you've got a multiport 3COM lying around, or are only planning on pulling over serial modems, this would be the way to go. Usually $20-$40, sans memory. Add another $10 for a decent DX4-120, and $10 for a 300M Seagate.
If you need more power than that, there are a few micro-ATX style Celeron boards, but those will run you $200 with chip. Most I have seen come with an onboard 'Netelligent' type Ethernet adaptor, so you will still need two Ethernet cards.
.sig: Now legally binding!
PicoBSD is a FreeBSD distribution trimmed down to the bare minimum so it can run on a floppy. You may want to check this out as the most current versions (see the mailing list or the source) are very configurable and run on various types of hardware (floppy, CD, SanDisk, etc).
There are also several links to other information available from the PicoBSD (small@freebsd.org) mailing list archives here (current) and also here (2000).
PicoBSD will run everything FreeBSD will, provided you can get it onto the boot media, including stuff in the ports tree. Stock FreeBSD firewall include ipfw and ipfilter with NAT (IPMasq for you Linux types) and various other options.
--
Eric is chisled like a Greek Godess
marotti.com
$1600?! That's way, way to much to pay. I can get a Netgear RT311 for a few hundred dollars that's the size of an obese Pop-Tart. I think building your own PC would be sort of overkill here.
--
I think there is a world market for maybe five personal web logs.
TAPR has a PC board that will let you use a CompactFlash memory card as a replacement for an IDE disk drive. You plug the memory card into the PC board and attach the IDE drive cable to the connector on the PC board. It looks ideal for Linux based controllers, routers and firewalls. Flash memory cards are getting cheaper. I've seen 16 MB flash cards selling for about $50.
Mea navis aericumbens anguillis abundat
If they are vulnerable from the outside, they'e vulnerable no matter where you put them -- That is to say, if there are remote exploits. Otherwise, they are not "vulnerable from the outside".
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"