Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Router and Server hardware questions.
View unanswered posts
View posts from last 24 hours

Reply to topic    Gentoo Forums Forum Index Gentoo Chat
View previous topic :: View next topic  
Author Message

Joined: 11 Aug 2003
Posts: 463

PostPosted: Sun Jul 31, 2005 10:22 pm    Post subject: Router and Server hardware questions. Reply with quote

I'm currently researching into some low cost and low power embedded systems for my router, and I'm currently settled on one one of these two: Wrap or Net 4801, and also an mini-Pci card.

I'm going to be taking one of those two board and adding that mini-Pci card, then probably an Compact flash card, then set it up with some form of Linux, not sure on which but ultimately probably will end up with a stripped down/binary based gentoo Linux or something similar to that.
But anyway my biggest question is are those boards and wireless card powerful enough for what i want to do with it?

Here's an list of things I want to do with it:

Firewall - can't access it until someone port knocks it, then it'll open an VPN port then an external connection can connect to it for secure access to my network.
VPN - 100Mbit network so it will have to be able to handle that sort of traffic/load with hopefully an decent if not the highest encryption possible.
Routing - Disallows any outside connection, only allows it via VPN, then once the VPN is connected it can access a internal server on a few ports such as html, etc...
Access point - access point for the wireless card, once again the access point will be treated similar to the an external interface, so only way to contact is to connect with a WPA2-PSK and then port knock the firewall, then finally use an VPN to connect into the router.
DCHPD - maybe have a dhcpd server but i prefer static ip so probably uneedcassary
DNS - I would like to add in an dns server to catche the last say 20 dns to make it faster to access stuff on the internet, just check the catche if not, then contact a DNS server.

Layout of the system:

Eth0: Internet port - 100Mbit campus network - can only access via VPN, disallows any other connections.
Eth1: Gentoo Workstation: - 100Mbit connection, this has almost unrestricted access because its on secure network. Anything can connect.
Eth2: Server: - 100Mbit connection, this connects to an server that provides e-mail services, limited web server (aka web mail and few other applications)
Wireless: Laptop and others: - Its considered hostile because anyone can monitor the wireless signal thus treat it similar to eth0, in that it will only accept WPA2-PSK connection of high grade encryption, then port knock to open an VPN port, then VPN.

What i want to do with the router: I know the router eth0 is an wired connect thus more secure than wireless, so i would like to be able to connect to it from anywhere on campus and open an VPN connection so i can have *relatively* secure Internet access. It'll be much more secure than an unencrypted and open access point, the campus has open access point all over, so i want to take advantage of them yet remain secure enough to be able to do sensitive work.

Same deal with the wireless, whenever I'm in the area around the router I would also like to be able to connect to it via a VPN also so i can have an secure access to the network also.

The ideology behind it is, that an wired network is more secure than the wireless segment of the network on campus, although the security of the wired network may not be guaranteed it will be allots more secure than the wireless part.

So my biggest question is can these embedded system handle the load of maybe 1-2 VPN connection?

And second question is which is more secure VPN with everything being forwarded though it or, an ssh tunnel with everything forwarded though it?
I consider the wireless part of the campus very hostile because its an high technology school with allots of kids majoring in computer science and other computer related fields, so they probably knows a bit about wireless network.

Thanks you :)

Now for my second hardware question, its about the server.

What is the lowest spec that i can reasonable go?

CPU: 500 mhz?
Memory: 300 mb?

I'm just looking for a ballpark estimation of some reasonable values for a server that does the following:

E-mail server - downloads e-mail from several pop and imap server and merge them into one imap mailbox that the laptop and other computer can access anywhere, (Aka the e-mail is saved on the server), I would say approx 3-4 accounts to download e-mails from, and approx 40-100 e-mails a day on average.

Web server - Provides icalender services (In other word i can upload my sunbird calender to the server), and ability to add/alter appts/todo on the calender though the web pages, and also provides an web mail for when I'm not using one of my own computer.

Limited Bit torrent bot - i can dump a torrent in a folder and it will start to download it, it probably won't see excessive use, more like maybe 5-10 torrents on a busy day on average.

Jabber & other IM services - I'm thinking of maybe also running jabber so i can take my multiple IM accounts and merge it into "one" then i can connect to the server using jabber and be able to change away message and do other stuff then disconnect and it will stay on, in other word i want to setup something similar to screen but for IM, in that i can connect. Then do some stuff with it, then disconnect, but to everyone it appears like i am always online.

Perhaps bitlbee - this could possiably function as a replacement for Jabber possiably.

Other services - and probably some other services for in the future, i would like to have a bit of margin for a bit of future expansion for a few other needed services. like an newsgroup service that download my selected newsgroups.

Anyway with that above in mind what would be a good minimum to reasonable spec to be able to do this stuff above effectively and 24/7/365?

I was thinking of perhaps snapping up an VIA mini-ITX motherboard, something along these spec:

mini-ITX - approx 600 - 1000 mhz via c3 - i know they're slower so say equivalent to 300 - 500ish (Pentium/AMD)
Memory: 256 - 512 meg.
Hard drive: around 60 - 120 gig.

Last edited by Antimatter on Mon Aug 01, 2005 7:08 am; edited 1 time in total
Back to top
View user's profile Send private message

Joined: 30 Jan 2003
Posts: 1693
Location: out of it

PostPosted: Sun Jul 31, 2005 11:54 pm    Post subject: Reply with quote

I'm no expert on it. But from what I've read if you actually want to get 100Mbit VPN throughput then you'll need to tunnel through the router to a faster box or use a hardware encryption accelerator in the router. For all the other purposes either of those would be plenty fast enough. For that matter a Linksys wrt54g(s) would also do fine and be a lot cheaper. Of course you wouldn't be able to run gentoo on it. IMO gentoo is overkill for a simple router anyway though. OpenWRT looks pretty nice but I haven't gotten around to trying it.

I don't have a MiniITX but I do have a 700MHz C3 in my server and here's my impression of it. Overall I think it's comparable to a 400Mhz k6-2 but is some areas it's slower. Does fine for IMAP and static webserving. Squirellmail is dog slow on it when my mailfolders get large(>500 messages). It's pretty slow as an rsync server too. I'm sure bitorrent downloads wouldn't be a problem for it. I don't know what kind of resources a jabber server takes.
Back to top
View user's profile Send private message

Joined: 11 Aug 2003
Posts: 463

PostPosted: Mon Aug 01, 2005 1:33 am    Post subject: Reply with quote

The primary reason why I'm building a custom built router so I can have more tighter control over the hardware and also as a learning project for myself also.

And your information about the c3 server is useful :).
Back to top
View user's profile Send private message

Joined: 11 Aug 2003
Posts: 463

PostPosted: Mon Aug 01, 2005 3:18 am    Post subject: Reply with quote

PowerFactor wrote:
use a hardware encryption accelerator in the router.

Hardware Encryption

It says the throughput up to 250 Mbit which is more than enough because there should only be around 1-2 VPN/SSH connection to the router. My desktop will have non-encrypted connection, because its a trusted device connected via wired connection to the router, also my server is also trusted and is also wired connection.

So basically the only one that is untrusted is the wireless access and the exterial access, but the wireless should first deny all attempt to connect to it unleast it say does port knocking or something correctly, then a port will open then, the router will use this hardware encryption to handle it. So for most part it should be maxminium of 1-2 devices. If I ever find that its not sufficent I can always later when they relase this Hardware Encryption - Protype which supports up to 500Mbips which would uper my captabalicity up to 5 devices aprox.

OpenBSD and FreeBSD already has support, linux is in progress, so if all else fails i can always settle for OpenBSD or something.

[edit]: Doh - the Soekris board that i'm interested in also takes an 3.3 volt PCI card so that's a possability, of freeing the mini-pci slot for a wireless card or an encryption card, so this'll work :)
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Gentoo Chat All times are GMT
Page 1 of 1

Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum