Seen the interesting article linked from Deadly.org: “Why would one install his own personal gateway to the Internet? Because it is quite easy to do. And also because it simply is the most reliable, safest way to connect machines to a dedicated xDSL modem. Moreover, we can stash a whole bunch of useful features in such a little box.”
A Guide to Building an OpenBSD PPPoE Gateway, with Firewall
About The Author
Eugenia Loli
Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker.
Follow me on Twitter @EugeniaLoli
For most home networks, running “Whatever”, what real value is there in going through these hoops compared to a standalone broadband router that you can get today?
It would (almost) make sense if you could (easily) get a skeleton, low power, quiet, SBC and drive case that you could plug a drive and two ethernet cards in to.
But, rejuvinating an ancient, power sucking, loud, HUGE piece of equipment over a box the size of a paperback SILENTLY running off of a power brick…Where’s the value there now?
I agree with Will. A d-link router is $41, and has a $10 rebate good until Saturday.
http://www.pcmag.com/article2/0,4149,642878,00.asp
It’s only useful if you want to run some other software, such as Apache, SSH server, POP/IMAP server, Samba, etc on an older computer that you have lying around and want it to double as a firewall.
Also, some people might actually be interested in knowing how exactly firewalls work and how they are set up, and you _probably_ learn more doing it “manually”, so to speak, than you would buying a little piece of hardware to do everything for you.
That notwithstanding, I’m actually thinking of changing my router over to a cheap premade one because it is pretty loud.
It’s only useful if you want to run some other software, such as Apache, SSH server, POP/IMAP server, Samba, etc on an older computer that you have lying around and want it to double as a firewall.
And I would agree with that, I just wish someone would come out with hardware for something like the old NetWinder: Case, brick P/S, room for a hard drive, two ethernet ports, serial port, USB and/or parallel port (for printing), 64MB RAM or an upgradeable DIMM slot, Flash BIOS, no fan. Running a Strong-ARM CPU (or whatever). You get to provide your own OS and harddrive. Sell it for ~$200-$300. Be extra kind and put OpenBoot into the Flash.
Drop *BSD or Linux on it. Put a laptop drive in it. Voila!
I’ve seen bits that are close, but nothing really complete. Most of the SBCs are for completely embedded, no moving parts applications, or are very expensive.
The detail is that most people don’t need a server in the home, and if Apples Rendevous gets any traction, then the requirement will be even less.
So, it’s not the concept I disagree with (home based firewall/server), it’s the form factor and environmental issues. And, being a Cheap Bastard(tm), I’m not going to pony up the $$$ for the current crop of stand-alone servers.
Don’t forget EtherApe, Etheral, Snort w/ Acid, ntop, etc 🙂
All of them run well on an old box.
Well what makes it useful is the fact that with OpenBSD you get an actual quality firewall. Those Linksys, Dlink, SMC boxes only do NAT and aren’t real firewalls. Using OpenBSD as a firewall/proxy makes for a very secure internet experience. You can completely control what goes in and more importantly out of your network and set up rules to stop any threat out there. You just can’t do that with a cheapo router, and software firewalls are worthless as well. There is a reason that real companies use Pix and Nokia firewalls at the border and not desktop firewalls like zonealarm. Not to get into it, but real threats can’t be stopped by a desktop firewall like ZA or Kerio.
Its sure a heck not for everyone, and certainly isn’t plug and play. But for the more advanced user, using a BSD or linux firewall is vastly superior solution to any low priced Nat router.
And I would agree with that, I just wish someone would come out with hardware for something like the old NetWinder: Case, brick P/S, room for a hard drive, two ethernet ports, serial port, USB and/or parallel port (for printing), 64MB RAM or an upgradeable DIMM slot, Flash BIOS, no fan. Running a Strong-ARM CPU (or whatever). You get to provide your own OS and harddrive. Sell it for ~$200-$300. Be extra kind and put OpenBoot into the Flash.
Check this out:
http://www.caseoutlet.com/NWPc/2688R/CS-2688R.html
It seems that without too much work, this would be the perfect gateway / firewall / mp3 player (because of the S-Video out…)
It does have a fan on the CPU, but aside from that, it looks like it would be pretty quiet, low power.
Getting a PPPoE/Firewall/Web server running was on the ‘todo list’ during Xmas vacation … this should help quite a bit
Check these guys out:
http://www.soekris.com/
They make these boxes you are looking for.
This article is excellent. Though its based on OpenBSD 3.0, I’ve used it twice to help me set up OpenBSD 3.1 pppoe gateways/firewalls/proxy servers.
However, pppoe setup has changed in OpenBSD 3.2 (its gotten much simpler). Hopefully this article will be updated for use with OpenBSD 3.2.
Speed.
An old pentium100 will have a lower packet latency by tens of miliseconds. This can be significant for some online games. OpenBSD uses much better NAT and PPPoE code. With proper MSS clamping. and better packet queueing, some downloads should be slightly faster as well.