From owner-freebsd-isp Wed Jun 30 19:21:29 1999 Delivered-To: freebsd-isp@freebsd.org Received: from velvet.sensation.net.au (serial0-velvet.Brunswick.sensation.net.au [203.20.114.195]) by hub.freebsd.org (Postfix) with ESMTP id A36DC14F22 for ; Wed, 30 Jun 1999 19:21:16 -0700 (PDT) (envelope-from rowan@sensation.net.au) Received: from localhost (rowan@localhost) by velvet.sensation.net.au (8.8.8/8.8.8) with SMTP id MAA08440 for ; Thu, 1 Jul 1999 12:21:09 +1000 (EST) (envelope-from rowan@sensation.net.au) X-Authentication-Warning: velvet.sensation.net.au: rowan owned process doing -bs Date: Thu, 1 Jul 1999 12:21:07 +1000 (EST) From: Rowan Crowe To: freebsd-isp@freebsd.org Subject: Re: Using one FreeBSD box as router/firewall/vpn In-Reply-To: <377AAF9B.89017EBE@uq.net.au> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 1 Jul 1999, Andrew wrote: > You use a ram disk for the parts that need to be witeable or you could have > them mouted via NFS or SMBFS but kinda defeats the security aspect a bit. > > There is no decrease in speed except for when the system is loading. > From there it all runs from ram ( which the machine would have plenty of ). > > You would not use this for a server but for a firewall where all you are > doing is routing/filetrting/blocking packets then this is an interesting > way to bring down cost and improve reliablity. Do it *all* in RAM instead with a minimal (and I mean *minimal* :) ) installation, rather than having the CD-ROM start then stop every time it needs to load in a binary or config file. I set up a machine a few months ago with 32Mb RAM which boots from a floppy and then fetches a .tar file via HTTP. It has an 8Mb MFS partition which has about 30% free space during normal use. There's usually about 7-10Mb free RAM, depending on how many routes GateD is handling. Next on the agenda is experimenting with a flash IDE 'drive' to eliminate all moving media and the need to fetch a 3Mb tar file via HTTP. The flash IDE will only be used for booting, it will still run exclusively from RAM after boot. Later I may also experiment with the 'thermal' setup of the machine, it currently has a power supply fan and a CPU fan, however the CPU barely gets warm when the CPU fan is powered off - it's underclocked and also due to the nature of what it's doing probably idle a lot of the time. Because the power supply is not feeding something hungry like a HD, it may also be possible to reduce the fan requirements there - although I was under the impression the fan is mainly for the computer (contents) rather than the PSU itself? What I'd really love to do eventually is to build up a custom router using embedded modules - for example, I have a 386sx40 with onboard HD & FDD controller, 2Mb flash IDE drive, LPT, 2 serial ports, keyboard, 10baseT ethernet that is the size of a 3 1/2" floppy disk. It would be nice to be able to use something like this with some extra serial ports or ethernet ports (also embedded modules) and thus not require the minimum PC expansion card height in the casing, and the inherent waste of space that goes with it. Sort of related... I've never actually tried to boot FreeBSD from the flash IDE drive on this board because it only *emulates* an IDE drive via software (ie BIOS calls), but on second thoughts I'm sure I've heard mention that the boot process uses the BIOS to load in the kernel... is this correct? It only has 4Mb so I'm not really sure how practical actually *doing* anything after the kernel is loaded would be. ;-) I could add on a HD for swap but that defeats the purpose entirely... Cheers. -- Rowan Crowe http://www.rowan.sensation.net.au/ Sensation Internet Services http://www.sensation.net.au/ Melbourne, Australia Phone: +61-3-9388-9260 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message