On Mon, Oct 4, 2010 at 3:51 PM, russell <russ...@dotplan.dyndns.org> wrote: > Stuart Henderson wrote: >> >> On 2010-10-04, David Higgs <hig...@gmail.com> wrote: >>> >>> I am building a replacement router/firewall for home use and am >>> soliciting suggestions/commentary/alternatives on the components >>> below. >> >> What sort of internet connection and what will be running over it? >> Will you be doing crypto on the firewall (ipsec/some other vpn)?
Just your basic consumer-class cable connection, and practically nothing. Crypto acceleration might be nice, but in no way a requirement. >>> I was planning to use an SSD in the 32 GB size range, but the archives >>> indicate we don't have TRIM support yet. Though this obviously isn't >>> a showstopper to usage, am I better off getting an older-generation >>> SSD that doesn't require TRIM, or perhaps hold off on SSDs until the >>> tech is more mature? >> >> Newer SSDs don't *require* TRIM, it is optional. I think it's probably >> a better idea to get the newer generation. Though a 2-4GB CF might be >> quite good enough too. >> >> For what a lot of people need for a router/firewall a 2-4GB CF >> card in an IDE adapter would be fine too (smaller works too if you can >> still find them, but it's easier to have this much space). I know SSDs don't require TRIM, but most benchmarks are made by knob-twiddlers that are presumably overemphasizing the performance degradation you get without it. Is this even noticeable in practice? Good suggestion on the CF card, though I would feel dirty using it in that overpowered Atom system... >>> Finally, I want this box to act as wireless AP, and hope to have >>> out-of-the-box 802.11n support (when eventually available). I've read >>> that run(4) is a solid chipset in this regard; any other suggestions? >> >> run(4) does not support host AP. >> >> athn(4) is likely the best choice, I haven't used it with OpenBSD but it >> looks like this is the most actively developed wireless driver at the >> moment. >> I have used it with commercial APs running their embedded linux-based OS >> and the hardware itself works very well indeed. >> >> As I think you're aware we don't support 802.11n capabilities yet, also >> note we don't support clients that use power-saving mode (this is an >> absolute show-stopper for some users; some client hardware has no way >> to disable this). >> > I tend to swear by ral(4) > Mainly due to the unscientific but proven mechanisim > all my ral cards have worked, and all my ath cards end up having a > unsupported chipset. > and there was something freaky about that zyd, > almost working is worse than not working at all. > > Given half a chance stay away from usb radios. > > but ral has always been there for me. > best of luck. > I know I enjoy my k6-2(450) based firewall/nat device infinitely more than > the netgear piece of crap it replaced. Crap, missed lack of AP support in run(4). Disappointing that USB radios aren't all that great. I've been pretty happy with my ral(4) card as well, even in the face of occasional interface hangs. Thanks. --david
