From owner-freebsd-stable@FreeBSD.ORG Sat Jun 14 11:51:57 2014 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 4E7E72C6 for ; Sat, 14 Jun 2014 11:51:57 +0000 (UTC) Received: from smtp.pobox.com (smtp.pobox.com [208.72.237.35]) by mx1.freebsd.org (Postfix) with ESMTP id 17E02298B for ; Sat, 14 Jun 2014 11:51:56 +0000 (UTC) Received: from smtp.pobox.com (unknown [127.0.0.1]) by pb-smtp0.pobox.com (Postfix) with ESMTP id 70C321CED4 for ; Sat, 14 Jun 2014 07:51:55 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=date:from:to :subject:message-id:references:mime-version:content-type :in-reply-to; s=sasl; bh=XHsx1HJW38fKKJyNsDJ5ntaQx/8=; b=BCUAMVG 3xpfoAMhC3NcMFQS31PMGyw4LrBS//V4JFhta0h0+UVawhX7dLszjAOaMUgl67xa GPjdqP2N7Q0SmEfGnYYRS0j6xYhTjXdJff5QiRmqHiXHxvYIsQltmpD9n/iZjMad EdjLTuMYawcFDZpwAaq6wLXGtAQMk3fEZbbs= DomainKey-Signature: a=rsa-sha1; c=nofws; d=pobox.com; h=date:from:to :subject:message-id:references:mime-version:content-type :in-reply-to; q=dns; s=sasl; b=Q0+tXTtwP10A41QBH2mbrYDIX7zdgexVW JCEld/gdgpLkqp4dUpggL2M+rx1cOmt2PpbwQMtl8oDpSu0pM86ty8ryu1lqmEhB EKkXsx059ieT6vP7663oZ92Szba1RGeZDP7Qf66Q/fYvDCfKzzkPjWDDu8qiwLUB I4l3FlLUUo= Received: from pb-smtp0.int.icgroup.com (unknown [127.0.0.1]) by pb-smtp0.pobox.com (Postfix) with ESMTP id 67D3E1CED3 for ; Sat, 14 Jun 2014 07:51:55 -0400 (EDT) Received: from localhost (unknown [50.90.2.70]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by pb-smtp0.pobox.com (Postfix) with ESMTPSA id 491A31CEC9 for ; Sat, 14 Jun 2014 07:51:51 -0400 (EDT) Date: Sat, 14 Jun 2014 07:51:50 -0400 From: Chris Nehren To: freebsd-stable@freebsd.org Subject: Re: Suggestions for low-power gigE firewall? Message-ID: <20140614115150.GB61092@behemoth> Mail-Followup-To: freebsd-stable@freebsd.org References: <20140613121732.GA61092@behemoth> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="+pHx0qQiF2pBVqBT" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.23 (2014-03-12) X-Pobox-Relay-ID: 45E0DAB6-F3BA-11E3-A837-9903E9FBB39C-49531120!pb-smtp0.pobox.com X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 14 Jun 2014 11:51:57 -0000 --+pHx0qQiF2pBVqBT Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jun 13, 2014 at 21:06:01 -0700, Artem Belevich wrote: > On Fri, Jun 13, 2014 at 5:17 AM, Chris Nehren > wrote: > > Speaking of Soekris elsethread, I'm presently interested in > > picking up a small device to use as a router + firewall for my > > home network. I initially looked at what Soekris has to offer, > > of course, but they only have 4xgigE products (the net650x line). > > I don't need that many ports, but they don't offer anything that > > has just 2xgigE. I'd like something smaller than the net650x > > line[0], preferably similarly low power. > > > > The box will run pf, some form of local name resolution for the > > network, a RADIUS server for my wifi AP, and openvpn. It'd be > > helpful if the NICs and drivers support VLANs. > > > > Any suggestions? >=20 > ALIX apu1c may be an alternative: > http://www.pcengines.ch/apu.htm >=20 > The board is a bit cheaper - $145/$160, according to > http://www.pcengines.ch/order1.php?c=3D4 > The downside is that it's got Realtek RTL8111E NICs. I was initially concerned that the RTL8111E was in the same family as the dreaded 8139 (see the source for if_rl(4) for why I had apprehensions). However, I see that it's supported by the separate if_re(4), which is more comforting. While generally I'm trying to stick to server / workstation hardware, I realize I may need to compromise on that here to get what I want.=20 The APU definitely seems like what I will want to pick up, assuming I don't go with a used Juniper or something similar. Thank you, Artem and Kurt, for the information. > Or you can try Ubiquiti EdgeRouter Lite -- > http://www.ubnt.com/edgemax#edge-router-lite > The downside is that it's not a Tier-1 platform (mips). The hardware > under the hood is capable of a lot more than you could achieve on any > other box at that price point. If you can live with stock software or > willing to deal with rough edges of a new platform, this may work, > too. Hmm. I know that, by definition, I'm getting myself into some amount of work with setting up all the services I want. I'm more than a little wary, however, of having the network I need to pay the bills (I work from home) depending on a tier 3 (unsupported) architecture. If it was tier 2 I might experiment with it, but tier 3 is out of the question for my needs. Thanks for the pointer, though. --=20 Chris Nehren --+pHx0qQiF2pBVqBT Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQJbBAABAgBFBQJTnDdWPhSAAAAAABUAIHBrYS1hZGRyZXNzQGdudXBnLm9yZ2Nu ZWhyZW4rZnJlZWJzZC1zdGFibGVAcG9ib3guY29tAAoJEBHA+GJAM0vPiAQP/AgT LkUIu+mRvxMcTJXZWg6E9IW0CpxyXAxeeyw2IGgR70K502DnBAORNSiPED4AKYQz fL5DIMpLaXh0PwyQPwEFJJ1RXiNJJBEYwTotq8g3j+nncIkw//PaZmGObjbH5Lp7 Ayx6Io//HAwVRWK68oKPdE1KQzUu94bMjGuFL5xWxPhLmIb3u7vOzcax/jaKO9fU acrpRjWET9w02mcbZvdmdY9vr2Fgsok9hhSOmejXRAdkOGFO5Dp8fBBcVfybzs5C gbNKTgzikEOgAyHzf9SzXU1Ffghra5gHkhYJzXw8Tz//zY/L0cOkiPM/Gg26c0/M ZziAx5eli5CHyYdyGB45yITrcRgs3lReh1qwKLzNif2M53Isu6+Pz2sD6dTyUL1B bXElkTUl8CpvcRfW4HgeIZYSCVUSkprOmoYl/jInuwx18OejX1OnZ0BxoAuZOlRW qeJTmb2i0ohb6K89O6AEUFn+uADLxr421O0+poZ8f6Kv3DWuQupI5Z4q61RVrE+h WBpOgLZ6buKbRECSRBfJtjzd37Nyl3pRf733pBRON2WQnowwyYsZ7AbNO8awsrVX MDb3xxwg1CpW4923fxgkBeacm9UtL+NqwhE7ItVOTLBO//8gQXrhFTX+iyVB2TiI Qw02dKuedHZ/6G6+IdUqg9G4CRieFe3vNqIZAaHq =jCv/ -----END PGP SIGNATURE----- --+pHx0qQiF2pBVqBT--