On Jun 10, 2010, at 12:28 PM, Teemu Rinta-aho wrote:
> On 06/10/2010 09:18 PM, E.T wrote:
>> Hi all
>>
>> I would like to make a firewall / router running OpenBSD. I
>> watch the ARM processors / Geode but they are less powerful and expensive
>> for a complete solution. I also looked at the solution Soekris but is
>> expensive compared to D510mo from Intel.
>
> Well it depends what size of a box etc. you want, but for example I have
> a Jetway NC92-330-LF mini-itx motherboard with a daughterboard of
> 3 Intel gigabit NICs and everything works great with OpenBSD! :-)
I'm curious about the 'expensive' part of the OP. What price for good little
firewall? And what level of performance are you looking for? I only need
5M/.7M for a small number of client machines and a couple of servers
(web/dns/mail).
I've been running my firewalls on old Sun IPX machines (upgraded to Cyclades
motherboards, and Fujitsu TurboSparc 170) for so long that I recently thought
I should move out of the 90s. So I bought a PC Engines Alix 2d13 (same as a
2d3 but with a real time clock). I spent a total of < $150US on it (including
2G CF card, case, power supply and motherboard). Showed up in like three days
from Europe to CA, US. Installation was little more than hooking up to a box
that could be a PXE server, and bam, Bob's your uncle, the OS installed in no
time (first time with the new installer -- VERY SLICK).
I haven't gotten the box installed as a firewall (planning on doing that
tonight, maybe tomorrow), but the only thing I've had an issue with so far is
the real time clock (I only got the 2d13 because the 2d3 was out of stock).
The Jetway referenced above seems to be about the same price (maybe a little
bit more expensive) than the Alix board. I didn't go with an Atom board
because, well, PC Engines makes it clear they work with OpenBSD -- Money where
my mouth is and all that. Not that I wouldn't have gone with the Jetway, I
hadn't stumbled on it.
Because the RTC isn't read correctly I had to switch ntpd to use -s to set the
time. That's the only thing I've had to work around at all. And I really
could care less about that. (and I've done NOTHING to try and fix it yet,
since I only noticed it on the last reboot last night.
dmesg follows.
Sean
PS I have to admit I'm befuddled why you'd want a frame buffer on a firewall
-- it's a firewall, not a desktop. But whatever. Do what you want, buy what
you want. Hell, I used old desktops for over 10 years (granted, without using
the frame buffer)! I'm happy with how my stuff's working out. And I buy the
CDs. :-)
OpenBSD 4.7 (GENERIC) #558: Wed Mar 17 20:46:15 MDT 2010
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Geode(TM) Integrated Processor by AMD PCS ("AuthenticAMD" 586-class) 499
MHz
cpu0: FPU,DE,PSE,TSC,MSR,CX8,SEP,PGE,CMOV,CFLUSH,MMX
real mem = 268009472 (255MB)
avail mem = 250978304 (239MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 11/05/08, BIOS32 rev. 0 @ 0xfd088
pcibios0 at bios0: rev 2.1 @ 0xf0000/0x10000
pcibios0: pcibios_get_intr_routing - function not supported
pcibios0: PCI IRQ Routing information unavailable.
pcibios0: PCI bus #0 is the last bus
bios0: ROM list: 0xe0000/0xa800
cpu0 at mainbus0: (uniprocessor)
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 1 function 0 "AMD Geode LX" rev 0x33
glxsb0 at pci0 dev 1 function 2 "AMD Geode LX Crypto" rev 0x00: RNG AES
vr0 at pci0 dev 9 function 0 "VIA VT6105M RhineIII" rev 0x96: irq 10, address
00:0d:b9:1d:89:e0
ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI
0x004063, model 0x0034
vr1 at pci0 dev 10 function 0 "VIA VT6105M RhineIII" rev 0x96: irq 11, address
00:0d:b9:1d:89:e1
ukphy1 at vr1 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI
0x004063, model 0x0034
vr2 at pci0 dev 11 function 0 "VIA VT6105M RhineIII" rev 0x96: irq 15, address
00:0d:b9:1d:89:e2
ukphy2 at vr2 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI
0x004063, model 0x0034
glxpcib0 at pci0 dev 15 function 0 "AMD CS5536 ISA" rev 0x03: rev 3, 32-bit
3579545Hz timer, watchdog, gpio
gpio0 at glxpcib0: 32 pins
pciide0 at pci0 dev 15 function 2 "AMD CS5536 IDE" rev 0x01: DMA, channel 0
wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: <SMI MODEL>
wd0: 1-sector PIO, LBA, 1919MB, 3931200 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
pciide0: channel 1 ignored (disabled)
ohci0 at pci0 dev 15 function 4 "AMD CS5536 USB" rev 0x02: irq 12, version
1.0, legacy support
ehci0 at pci0 dev 15 function 5 "AMD CS5536 USB" rev 0x02: irq 12
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "AMD EHCI root hub" rev 2.00/1.00 addr 1
isa0 at glxpcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com0: console
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pcppi0 at isa0 port 0x61
midi0 at pcppi0: <PC speaker>
spkr0 at pcppi0
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
usb1 at ohci0: USB revision 1.0
uhub1 at usb1 "AMD OHCI root hub" rev 1.00/1.00 addr 1
biomask 73e7 netmask ffe7 ttymask ffff
mtrr: K6-family MTRR support (2 registers)
nvram: invalid checksum
vscsi0 at root
scsibus0 at vscsi0: 256 targets
softraid0 at root
root on wd0a swap on wd0b dump on wd0b
clock: unknown CMOS layout
[demime 1.01d removed an attachment of type application/pkcs7-signature which
had a name of smime.p7s]
