Low power/small hardware for firewall/IDS?

Message

Post by **pjp** » Fri Jun 17, 2005 7:29 pm

Just wondering if anyone has used an SBC, et. al., to run their firewall(s) and/or IDS system for a home network. I'd like to stop using a large PC, since it probably wastes more power than is necessary to do the job. (Plus, its not as fun).

In addition to the function of firewall/IDS, my second primary goal is for learning purposes:

Packet sniffing, logging, reporting
Learning iptables
Eventual development of a "home" IDS system.
Others I'll probably think of later.

Important factors:

I'm not developer, but want to get started with something embedded. So, it should be fairly "easy" (aka, supported). As an example, I don't think Gentoo is well supported on ARM.
Development will be done on an AMD64, so if that restricts me to x86, I guess it'll have to do. Is it possible to do say, Mips (or other) cross-compiling? Not sure how that works.
Low power consumption, but sufficent CPU power to do the job(s).
Wireless option (or should I use something else for that?) My intent here is to have the "internet" come in on one port, wireless on another, and a third port to the LAN (or DMZ).
As inexpensive as possible would be good (since I'll eventually want 2).

Some places I've bookmarked over time that may or may not have suitable devices. In no particular order:

EDIT (Some others):

PC Engines GmbH (from echo6's post)
ADI Engineering (from another thread)

think4urs11 · Post by **think4urs11** » Fri Jun 17, 2005 7:43 pm

Hi,

did you already take VIA Mini-ITX into consideration?

Compared to some of your links the price seams reasonable and the boards do have more power - and don't use to much power/electricity for that.
Plus - i know them to work with Gentoo, i've an CL6000 doing its job as multi-purpose-server/FW/AP since ~1 year 24/7

Add a PCI wireless card and your AP is ready too.

HTH
T.

Insanity5902 · Post by **Insanity5902** » Fri Jun 17, 2005 9:25 pm

Have looked into doing this also, but can't decide what i want to do.

I have looked into the solekris boards, and have talked myself into doing something like that, but I have also looking into teh mini-itx boards b/c it will allow greater flexibility.

Case wise, I like the mini-itx better, especially these two
http://mini-itx.com/store/?c=3#c137
http://mini-itx.com/store/?c=3#c146

The rackmount is nice for me so i can put it in my rack and use it for all my firewall and bandwidth management needs, and the itx boards should provide enough power to do so. Both of them hold 2 pci cards, so you can through a 2 or 4 jack nic in one and a wireless pci in the other. The only thing, is this can start getting expensive if you are not careful, but I supose an embedded system could also.

The boser and routerboard have some interesting setups that could be pretty powerfull also.

Keep us updated with what you find/do, I am sure there are other who are interested in doing this also.

zen_guerrilla · Post by **zen_guerrilla** » Fri Jun 17, 2005 10:11 pm

soekris net4801, 3 nics, 1 usb, serial console, mini pci & pci 3.3 (for wireless or encryption cards).
I don't think gentoo (or any compiling environment) is suitable for these platforms (i486-based / 64mb ram) but they're great for firewall/IDS/router or even small servers.
Check up also http://m0n0.ch/wall/.

nife · Post by **nife** » Fri Jun 17, 2005 10:50 pm

My suggestion would be go with a wrt45g by linksys. They are an imbeded linux. Though not supported by gentoo there is a pretty good community around them. All opensource and actively devoloped.

The only limitation would be an ids. this is a little too much work for this little box. Though it looks like a toned down version of snort can be run. Maybe dump the results onto a server with mysql and run a web php app to display it(acid is what I think its called)

There is openwrt which is a full distro just for the wrt45g/wrt45gs http://openwrt.org/

orther links:

http://www.linksysinfo.org/modules.php? ... oad&cid=15

Post by **pjp** » Fri Jun 17, 2005 11:15 pm

Think4UrS11 wrote:Hi,

did you already take VIA Mini-ITX into consideration?

At one time I did, but it is a bit larger than I want... size and features (sound, & other desktop features). I'll look at a VIA mini-itx when I do my audio box. Thanks though... I did forget about them, and will keep it in mind if I decide nothing else will work for me.

Insanity5902 wrote:I have also looking into teh mini-itx boards b/c it will allow greater flexibility.

That is appealing, I'm just not sure I want it for this project.

Insanity5902 wrote:http://mini-itx.com/store/?c=3#c137

This case is 12.7" x 2.7" x 10" compared with 5.1" x 5.1" for the RouterBoard, albeit w/o a case.
I definitely want the firewall, so I don't need a lot of flexibility to do other stuff. Worst case scenario would be to have a 3rd ethernet port for hooking up an IDS (or 4th port in the case of the wirless option).

Insanity5902 wrote:Keep us updated with what you find/do, I am sure there are other who are interested in doing this also.

Definitely. I'll be writing a guide on what I had to do so I can repeat it more easily for the 2nd box.

zen_guerrilla wrote:soekris net4801, 3 nics, 1 usb, serial console, mini pci & pci 3.3 (for wireless or encryption cards).

Yeah, the 4801 is nice, but it seems a bit pricey. Plus, it might be a bit more than I can chew for an intro to embedded project.

zen_guerrilla wrote:I don't think gentoo (or any compiling environment) is suitable for these platforms (i486-based / 64mb ram)

Well, the compiling isn't done on these devices. When I narrow down my selection of devices, I'll ask the embedded folks how that is handled.

zen_guerrilla wrote:but they're great for firewall/IDS/router or even small servers.
Check up also http://m0n0.ch/wall/.

Have you used the 4801 before? I've added the m0n0 link to my bookmarks, but initially, I won't be using it.

nife wrote:My suggestion would be go with a wrt45g by linksys. They are an imbeded linux. Though not supported by gentoo there is a pretty good community around them.

Not being able to run Gentoo is why I quickly eliminated the wrt45g from the list of possible devices.

Thanks for the comments.

elboricua · Post by **elboricua** » Sat Jun 18, 2005 6:27 pm

Hi PJP,

I have a soekris net4801 box myself. Currently I am running OpenBSD 3.7 on it using a 512MB flash. The hardest part of the setup was getting the PXE boot parameters correct. Once I had that setup, it was just a simple matter of configuring tftp. I have been serious thinking about switching to Gentoo Network APpliance for ease of updating, and the squashfs optimizations. There will not so much wear and tear on the cf card, and I can have an image that I can update and then deploy when there are secuity updates.

Post by **pjp** » Sun Jun 19, 2005 3:59 am

The Soekris boards are appealing, and use to be my preferred device for the job until I started thinking about what was involved. My only concern is how compatible their x86 instruction set is. For example, IIRC, VIA's isn't 100% compatible. $249 is a bit pricey too, which is why I'm continuing to look for options.

zen_guerrilla · Post by **zen_guerrilla** » Sun Jun 19, 2005 11:24 am

pjp wrote:VIA's isn't 100% compatible.

I think you make a mistake here, both epia's & soekris are x86-compatible, anything you compile on a x86 box with no arch or i486 will run on both of them. Of course they lack extensions like 3dnow & sse, but you don't need such stuff on embedded systems unless you're making an embedded mediaplayer device.

Momo_CCCP · Post by **Momo_CCCP** » Sun Jun 19, 2005 4:25 pm

Or you can always recycle an old pentium laying somewhere. You just have to fill it with a couple NICs, and it's fully compatible with gentoo or any other specialized router/firewall distro.

elboricua · Post by **elboricua** » Sun Jun 19, 2005 4:43 pm

Momo_CCCP wrote:Or you can always recycle an old pentium laying somewhere. You just have to fill it with a couple NICs, and it's fully compatible with gentoo or any other specialized router/firewall distro.

The problem with that is power consumption. I used to have an old Pentiun 2 400 as my firewall and one as my mail server. My electricity bell was pretty high monthly. I replaced both with a Soekris embedded box and my electricity bill has gone down significantly. And the best part is that only one has moving parts. The mail server, has a 2.5' hard drive instead of a cf card. I used to average 150.00 USD a month in electricity bills. That has gone down to 100.00USD. While yes the Soekris is pricey, they are paying for themselves with my saved electricity costs.

Momo_CCCP · Post by **Momo_CCCP** » Sun Jun 19, 2005 4:49 pm

Yes true... Maybe you could downclock the thing to make it more economical I don't know. Anyway, electricity is pretty cheap here, and especially much cheaper than a new box, but in your case I guess you have the right solution.

Post by **pjp** » Sun Jun 19, 2005 11:13 pm

zen_guerrilla wrote:
pjp wrote:VIA's isn't 100% compatible.
I think you make a mistake here, both epia's & soekris are x86-compatible,

Could be. I'm just going off of threads and articles I've read. Regarding Soekris, I was just saying I didn't know if they were 100% compatible.

Momo_CCCP wrote:Or you can always recycle an old pentium laying somewhere.

My current firewall is on a P90....

pjp wrote:I'd like to stop using a large PC, since it probably wastes more power than is necessary to do the job.

And power usage aside, I'd rather something suitably smaller in size.

Insanity5902 · Post by **Insanity5902** » Tue Jun 21, 2005 6:37 pm

Digging though the acrosser website I found this, the first is a board using the eden processors. Seems to be decent, provides an ata channel, cf, and mini-pci, and has 4 lan built in, if you get the bigger one, it includes a faster proc and a pci slot.

the second is there faster proc in a linksys type box.

http://www.acrosser.com/products/ar-b1662.htm

http://www.acrosser.com/products/ar-m9923.htm

I keep going towards the eden processors b/c they are more std of a proc for linux to run on. Reading through the routerbox forums, there is a guy working on putting gentoo onto the routerboard 532 but is having problems, that and it is stuck on the 2.4 kernel b/c of the custom patches, not that that is a bad thing, I am just stating it.

I sent an e-mail to acrosser getting some information and such, especially b/c there website is listing the two boards aas being 600 mhz and 400 mhz, while the datasheet is listing them as 600 mhz and 1ghz. Hopefully they will respond soon

I am really leaning towards this board as I think it will suit my needs better, while providing less dificulty in the setup.

echo6 · Post by **echo6** » Tue Jul 26, 2005 6:27 am

I've just purchased the Soekris, I was more interested in a project called the WRAP Box http://www.wardriving.ch/hpneu/wdbox/index.htm but I'm also looking forward to the challenge of getting the embedded OS running on it. I also opted for the lan1621 board.

I ordered mine from Cortex Systems, http://www.cortexsystems.net

Post by **pjp** » Tue Jul 26, 2005 7:47 am

Looks interesting. I'd be curious to see a "how to" guide of your experiences. I'm sure others would be too.

I've also added a reference to PC Engines in the 1st post.

Antimatter · Post by **Antimatter** » Tue Jul 26, 2005 9:27 pm

I'm also interested in this sort of stuff myself, Wrap looks nice to me, 3 LAN port.

[edit]: never mind i am a dumbass, it needs an mini-pci card for the wireless.

[edit2]: Ultimatly I like the Wrap or the Soekris's myself.

echo6 · Post by **echo6** » Tue Jul 26, 2005 11:12 pm

pjp wrote:I'd be curious to see a "how to" guide of your experiences.

It won't be for sometime, I have a few other projects on the go atm. If I can get a chance I will post some photos and get something going

Post by **pjp** » Wed Jul 27, 2005 4:19 am

echo6 wrote:
pjp wrote:I'd be curious to see a "how to" guide of your experiences.
It won't be for sometime, I have a few other projects on the go atm. If I can get a chance I will post some photos and get something going

No hurry (is it done yet?

). Whenever you get around to it. I'll be around for the forseeable future.

Nope · Post by **Nope** » Wed Jul 27, 2005 11:40 am

Hi,

I own a LEX Computech CV860A as a firewall/router. It has 3 ethernet ports and a CF-card slot. I used to run it with a 1GB CF-Microdrive but it looks that those drives don't like 24/7 usage

So I replaced it with a 2,5 inch HDD.

I have a version with a 533MHz Samuel 2 CPU from VIA, which is enough for a firewall and has no fan.

Oh, and it runs with an external PSU! The only thing you can hear from that thing is the HDD!
http://linitx.com/product_info.php?cPat ... cts_id=127

Nope

Insanity5902 · Post by **Insanity5902** » Wed Jul 27, 2005 3:56 pm

I was looking at getting one of those exact ones except it doesn't have a pcmcia or mini-pci, the only way you can get wireless off of it is using a USB, and I am not too crazy about that.

Nope · Post by **Nope** » Wed Jul 27, 2005 5:23 pm

Insanity5902 wrote:I was looking at getting one of those exact ones except it doesn't have a pcmcia or mini-pci, the only way you can get wireless off of it is using a USB, and I am not too crazy about that.

There are versions with build-in PCMCIA (CV863A). Even then you can have them with up to 4 ethernet ports. You can even get these units with build-in ISDN, DSL and video hardware. Have a look on the vendors site to see about all possible combinations.

http://www.lex.com.tw:8080/index1.htm

Nope

Insanity5902 · Post by **Insanity5902** » Wed Jul 27, 2005 6:10 pm

yeah but the 860a is like $150 bucks cheaper. (only 260, for the 800mhz, as compared to some of the others that are pushing 500 bucks.)

LucaSpiller · Post by **LucaSpiller** » Sat Sep 24, 2005 10:25 pm

Did you ever progress with this? If so what did you end up choosing?

Post by **pjp** » Sun Sep 25, 2005 12:38 am

Unfortunately not, and won't be until I find a job. I'm hoping that isn't going to take too much longer. I've always anticpated it being a 2006 project, and was just trying to consolidate info. I also thought more people might be interested.