Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Hardware

Low-Profile Firewalls? 24

Posted by Cliff from the size-matters---but-not-like-you-think dept.
rhyder asks: "I have seen articles on Low Power Computers , and articles on Cool Cases, and a few on Very Small Servers. What I would like to do is use a generic Pentium-Class to Pentium II Motherboard inside a small case with a power supply enough for 1 drive and a single CPU. My intention is to build a box which will run the NetBSD-I386 Firewall Project . Check it out, it is a remarkable free firewall. I already have enough juice polluting the atmosphere, and I would like to keep it to a minimum with this and future projects. Where can I find either slim X86 Clients or cases which meet the above description, and of course, get the best value for the $$$?" We've discussed firewall appliances before, but I think size and power consumption were never really discussed.
This discussion has been archived. No new comments can be posted.

Low-Profile Firewalls? More

Low-Profile Firewalls?

Comments Filter:
  • Slim cases here [cmsnet.ne.jp], here [procase.net] and, for the ultimate case (a pizza hut box), Here [jrcs.co.uk]! :-)
  • Thanks for promoting my firewall. If you need any changes to it to facilitate your setup, let me know..

    -John
  • If you can get a hold of an old LPX-case 486 or pentium computer, then you've got a case. You can find them pretty cheap (I picked up a pair of acer lpx 486's on ebay a while back for $20 ea., one of which is my home firewall/masq box.)

    Then you can probably find an LPX pentium board the same way. I've seen some gateway lpx (Pentium 1 class) boards for ~$50. I'm sure there are probably P2 boards out there as well. Find one with a built-in nic and you're all set.

  • When all you have is a hammer... (Score:3)

    by trims ( 10010 ) on Friday July 07, 2000 @05:31AM (#952326) Homepage

    ... everything starts to look like a nail.

    The point here is:

    Use the right tool for the job

    Now, I don't have the full facts, since your question leaves out quite a bit, but I'm going to assume (given the low-power interest) that you're a SOHO user - someone with a small network to defend, but no real need for VPN support at the firewall, and something limited to DSL/cable modem speeds. According to your question, you're obviously looking for a firewall only, and not something that will do other stuff (like mail, etc).

    Simply put, you can't beat one of the turnkey solutions. The Netgear and LinkSys solutions mentioned in the previous Ask Slashdot draw miniscue amounts of power - far less than even the most miserly PC. They're tiny, completely silent (no fan needed!), and cheap (sub $200).

    I don't have direct experience with the Netgear, but I do with the LinkSys. It has a web-based interface, and also allows you to customize a text config file for complex setup. I like it over the Netgear because it includes a 4-port 10/100 SWITCH. NAT and DHCP support.

    If these are truely not for you, look into a Netwinder or a used Cobalt Cube. They're a bit more, but they have all the functionality you could wish for, and they draw very little power (and are pretty damn small). If you must have a x86 PC, look for an old Compaq Deskpro (there are some nice little LPX-form-factor ones) off of eBAY.

    Don't approach the problem bass-ackwards. Draw up your requirements from a functionality standpoint, then look for solutions that fit your criteria. Don't decide on a solution until you've considered all the alternatives.

    -Erik

  • You don't need a rotating drive. If the capabilities of the single-floppy router/firewall configurations will meet your needs, you can get boxes with a few MB of flash disk (some even emulate an IDE drive).
  • Do you know if these are tall enough to hold expansion cards? If so, one of these would be perfect for my mp3 player.


    --
  • try http://www.calibri.net/, definatly small cases low power consumption etc. Linux compatible they run LRP linux.
  • If you only need basic firewalling, Netgear and Linksys both make a nice unit that consumes little power. (Note to trims: the Netgear is actually a little nicer than the Linksys)

    If you want a new, full Pentium-classs PC on the cheap and tiny, consider any of the 7x9 MediaGX point of sale boards. $70-$120, depending on what else comes glued to the board. Smaller than any of the MATX or MAT boards, but you still have to put the cards in vertically.

    Otherwise, Olivetti, NEC and AT&T (NCR) made a small form PC (I have the NCR 3232 on my desk, playing MP3s) One and only one ISA slot in any of them. (although they did make a VLB model, I've never actually seen one). They came in SX, DX-2, DX-4 Enhanced, and 5x86 configurations, although you can ramp any of them up to 120 or 133 with blind jumper guesses. If you've got a multiport 3COM lying around, or are only planning on pulling over serial modems, this would be the way to go. Usually $20-$40, sans memory. Add another $10 for a decent DX4-120, and $10 for a 300M Seagate.

    If you need more power than that, there are a few micro-ATX style Celeron boards, but those will run you $200 with chip. Most I have seen come with an onboard 'Netelligent' type Ethernet adaptor, so you will still need two Ethernet cards.
  • Yeah, I would have to agree. I just bought a Linksys router... with the 4 port switch. For under 200 bucks you get a pretty sweet piece of hardware.

    It use VERY low power... doesn't even get warm. Also, it was a breeze to set up.

    I used to have a linux box doing the routing, but now it is doing what it _should_ be doing... RC5. :-)

    Later.
  • I use the Netopia R9100. I is great, but it suffers from the same flaw that most of these units do, NAT breaks anthing that relies on an inbound route, (ie h.323, FreedomNet, ...) all seem to have some code to deal with the FTP PORT command, but writing app specific code for each new thing gets hairy. Would a router with NAT and a SOCKS proxy do the trick?

  • OpenBSD (Score:1)

    by wozz ( 25963 )
    FWIW, There's been much discussion on this the past week or so on the OpenBSD mailing list, myself and several others already have stripped down firewalls running on OpenBSD and booting off CDROM's, the plan seems to be to merge all of our efforts in order to come up with a distribution. Can't beat OpenBSD for secure code, so it makes an ideal base for a firewall. Check out the mailing lists for more info.

  • Penguin Computing [penguincomputing.com] will sell you a 1U rackmount PC, ATX, with an all-in-one motherboard for $1600. Yeah, that's a big pile of change, but it's a pretty complete system. Add a NIC (or a dual or quad-port NIC) to the one supplied PCI slot, and you're off and running.

    If you want something that takes very little space, then you should check out Advantech [advantech.com]'s Biscuit PC boards. For instance, there's the "PCM-9570/S [advantech.com]" which is a "Socket 370 CeleronTM/Pentium® III Processor SBC with AGP, VGA/LCD, Ethernet and SCSI". That's probably pretty pricy, and it only has one ethernet interface, but it does have a PCI slot. On a somewhat cheaper note, there's the "PCM-5862E/L [advantech.com]" (Pentium® Processor with MMX Technology SBC with Audio, VGA/LCD and 100Base-T Ethernet) which also has a PCI slot. Get a one-slot PCI riser card, so you can angle the PCI card over the board, slap a 180MMX or something on it (They're cheap) and a couple 16mb EDO SIMMs, and you're in buisness.

    The downside to building a biscuit PC is that you need a cable connection kit (About $100), a box to put it in (It can be hard to find one that looks nice), and a power supply. The advantech boards are nice in that you can get away with supplying them only VCC and ground (+5 and 0 volts) and bang, you're done. Add a laptop IDE drive, and you're in the biz.

  • PicoBSD [freebsd.org] is a FreeBSD distribution trimmed down to the bare minimum so it can run on a floppy. You may want to check this out as the most current versions (see the mailing list or the source) are very configurable and run on various types of hardware (floppy, CD, SanDisk, etc).

    There are also several links to other information available from the PicoBSD (small@freebsd.org) [mailto] mailing list archives here (current) [freebsd.org] and also here (2000) [freebsd.org].

    PicoBSD will run everything FreeBSD will, provided you can get it onto the boot media, including stuff in the ports tree. Stock FreeBSD firewall include ipfw and ipfilter with NAT (IPMasq for you Linux types) and various other options.

    --
    Eric is chisled like a Greek Godess

  • As author of the firewall mentioned in the article, I tend to agree with you - one of my goals was: fire-and-forget firewall (since SOHO users will never look at log files anyway), and must run on left-over hardware, driving the cost down to zero as much as possible. Also, I made the install as simple and straightforward as possible. Take a look at www.dubbele.com, and let me know what you think.
  • $1600?! That's way, way to much to pay. I can get a Netgear RT311 [netgear.com] for a few hundred dollars that's the size of an obese Pop-Tart. I think building your own PC would be sort of overkill here.

    --

  • Yeah well, I did mention that it was expensive (See subject line.) The nice thing about using the 1U box is that it doesn't take up much space as far as a PC goes, and you can use it for other things (WWW, DNS, FTP, etc.)

  • duh. (Score:1)

    by Zurk ( 37028 )
    get a oracle network computer [thinknic.com] or a neo OEN [neolinux.org] ..

  • Flash Memory (Score:3)

    by Detritus ( 11846 ) on Friday July 07, 2000 @08:34PM (#952340) Homepage
    TAPR [tapr.org] has a PC board [tapr.org] that will let you use a CompactFlash memory card as a replacement for an IDE disk drive. You plug the memory card into the PC board and attach the IDE drive cable to the connector on the PC board. It looks ideal for Linux based controllers, routers and firewalls. Flash memory cards are getting cheaper. I've seen 16 MB flash cards selling for about $50.

  • I wouldn't go too far in promoting them. I have been regretting using Linux Router Project [c0wz.com] on an old 486 or Pentium ever since I bought my Kingston 7 port switch/router. The problem with the Kingston is that only one computer at a time can use programs like Counter-Strike [counter-strike.net] over the cable modem. The same thing goes for if I want to run a Counter-Strike server. This has become very annoying, and could be solved if I was using the Linux Router Project by simply configuring port fowarding.

    It also annoys me to no end that I can't traceroute from my Linux box in my room.

    [unrelated] How come all these great "Ask Slashdot" articles never get posted on the main screen?[/unrelated]

  • [sarcasm] Using a firewall to host other applications that are vulnerable to attack from the outside? Wow, what a brilliant idea! What is a firewall supposed to DO, anyway? [/sarcasm]

  • Woah... Looks like Oracle might actually be shipping. Has anyone actually gotten their hands on one?

    - Mike

  • If they are vulnerable from the outside, they'e vulnerable no matter where you put them -- That is to say, if there are remote exploits. Otherwise, they are not "vulnerable from the outside".

  • I guess I didn't make my point clear. What I meant was: it is harder to root several machines than it is to root just one machine. If something pretty exploitable like BIND or sendmail is running on the same machine as your firewall, then your firewall gets taken down at the same time that BIND or sendmail gets exploited, so instead of having a problem with one service, not only is your security gone, but so are two or three other services.

    Don't put all your eggs in one basket. Simple logic.

Slashdot Top Deals

An Ada exception is when a routine gets in trouble and says 'Beam me up, Scotty'.

Close