From owner-freebsd-embedded@FreeBSD.ORG Wed Mar 5 03:04:11 2008 Return-Path: Delivered-To: freebsd-embedded@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9E4DD106566C for ; Wed, 5 Mar 2008 03:04:11 +0000 (UTC) (envelope-from mike@jellydonut.org) Received: from mail1.sea5.speakeasy.net (mail1.sea5.speakeasy.net [69.17.117.3]) by mx1.freebsd.org (Postfix) with ESMTP id 75C0A8FC13 for ; Wed, 5 Mar 2008 03:04:11 +0000 (UTC) (envelope-from mike@jellydonut.org) Received: (qmail 17312 invoked from network); 5 Mar 2008 03:04:11 -0000 Received: from marconi.jellydonut.org (HELO localhost) ([216.27.165.148]) (envelope-sender ) by mail1.sea5.speakeasy.net (qmail-ldap-1.03) with SMTP for ; 5 Mar 2008 03:04:10 -0000 Received: from plato.localnet (192.168.0.11) by marconi.localnet Message-ID: <47CE0D9C.4090902@jellydonut.org> Date: Tue, 04 Mar 2008 22:03:56 -0500 From: Michael Proto User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.12) Gecko/20080213 Thunderbird/2.0.0.12 Mnenhy/0.7.5.666 MIME-Version: 1.0 To: Aaron Siegel References: <200803031807.53588.aj@siegel-tech.net> In-Reply-To: <200803031807.53588.aj@siegel-tech.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-embedded@freebsd.org Subject: Re: Building my first gateway firewall with wireless support X-BeenThere: freebsd-embedded@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Dedicated and Embedded Systems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Mar 2008 03:04:11 -0000 Aaron Siegel wrote: > Hello > > My almost ten year old pc that has been running 24/7 as a firewall gateway is > about to die. (Of course it is running Freebsd) I would like to build a > embedded gateway, DNS server, with DDNS client, wireless access point, > IPSEC , and firewall. > > I appreciate some guidance, some helpfull links, or maybe share some of your > experiences. I hobbyist not a developer. I do not expect this to be easy. > > My dream access point would have two interfaces one protect by IPSEC vpn and > an unsecured (just a cheap linksys device connected to the LAN). The big > question how much processor power will I need to support one to ten clients? > > The LAN will support a couple of desktops, and maybe a toy server (backup mail > server). > > I am looking at Soekris 48xx and if needed the vpn board.. As of now I like to > stick with x86 platform. Any other suggestions? > > Thank You > Aaron > _______________________________________________ > freebsd-embedded@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-embedded > To unsubscribe, send any mail to "freebsd-embedded-unsubscribe@freebsd.org" I'm currently using 6.3-RELEASE on a PCEngines ALIX board, http://pcengines.ch/alix2c1.htm. Its currently configured as a DSL gateway and wifi access point with a minipci Atheros 802.11b/g card installed, with WPA2-Enterprise, QoS, vlan, DHCP, DNS, stateful filtering and NAT (pf), snmp, and a few other services. I'm using my own roll of FreeBSD but there are projects like m0n0wall, http://m0n0.ch/wall/, and pfsense, http://pfsense.org/, that put it all together for you and bundle it with a full-featured web interface. If you're looking to roll your own, there are some great starter sites at http://neon1.net/misc/minibsd.html and http://www.ultradesic.com/index.php?section=125. The Soekris 48xx should work just as well, if a little slower (I had a 4501 before getting my ALIX in the same setup). The soekris-tech mailing list has several BSD and Linux users and the community support is helpful. On an even more powerful side, you could get an embedded VIA Eden system like http://e-itx.com/jetway-j7f4k1g2e-mini-itx-motherboard.html with on-chip accelerated IPSEC support via the padlock(4) module. In any case they are all great systems, fanless, totally quiet, and extremely power-friendly. I hope those links are good enough to get you started. Good luck! -Proto