Hi,
Does anyone know of a low power server/pc that have 2 NIC's, so it can be used for a (OpenBSD) firewall?
Sandra
-
Really, you just need to pick out one of the lower-end servers offered by a major vender. Just determine if you need a desktop or rackmount form factor. For example, HP's ML/DL 100 series of tower/rackmount servers would be good. Just avoid the lowest of the low such as the ML 110/115. Lowest end servers usually have some important corners that have been cut like disk controllers, NICS and management features.
You could get a decent lower end server for under $1,000 easy.
Sandra : Rack mount would be great, but it is not that important. The biggest problem is the power consumption, as it should only be firewall for a 20Mbit connection. So I was thinking perhaps something in the 50Watt range? Does that exist?Wesley 'Nonapeptide' : 50watt? That's a bit of a stretch... You might have to go for a more specialized piece of machinery. Let us know what you find! =)From Wesley 'Nonapeptide' -
What sort of load do you need to handle and (if you plan on needing to NAT) how many states do you anticipate needing to track? If under 50Mbit and 20k states or so, I'd highly recommend using an ALIX embedded computer. I have many of these deployed as router/firewall/vpn devices, running PFSense. PFSense is based on FreeBSD, so it's likely getting OpenBSD running on it will be quite easy. All of the units like this I've deployed are using the ALIX 2d3 board, which has three network interfaces (can add as many VLAN interfaces as you want to any of these physical interfaces), a 500MHz processor, and 256 MB RAM. They're rock-solid stable, run very cool, and draw a max of 6 watts or so.
If you need something with a bit more horsepower, then follow Wesley's advice. HP rackmount servers are very good, as long as, like he said, you stay away from the very low-end servers which are really just desktop motherboards stuffed into a rackmount case.
Edit: Total cost for the ALIX 2d3 solution will be about $150 for the board, power supply, case, and CF card.
Sandra : Awesome stuff! It was just what I was looking for! =) I also found this http://www.soekris.com/net5501.htmErikA : Yah, Soekris has been around for a long time and I do know of people running PFSense on them. For whatever reason, though, it seems like most people prefer the ALIX boards. I'm not sure if that's due to stability, performance, or some other factor. Enjoy the board! In my experience, they've been nothing but a pleasure to work with.Sandra : Thanks. That really means a lot to me.Josh Brower : Check out my post to see my exp with Alix + PfSense==http://tothelasttribe.com/blog/2009/04/building-a-firewall-pfsense-on-an-alix-2d3/Joe Internet : Not to detract from pfSense; for those interested in DYI, there is also Vyatta Community Edition, which is built on top of Debian Linux instead of *BSD.UpTheCreek : This looks good. Will this hardware cope with VPN encryption work when using remote desktop though?From ErikA -
How about something based on a mini-itx motherboard?
- Barebones system - http://www.mini-itx.com/store/?c=40
- Motherboard only - http://linitx.com/viewproduct.php?prodid=11134
Sandra : Very useful to know. Thanks =)TomTom : +1 - that is about the best advice. Some nice micro system based on ATOM etc. will run your normal OS of any sort, draw little power and thre are boards with ton of ethernet interfaces. Plus a lot more horse power than 256mb etc. - dual core, 2gb ram are easily doable.From Jona -
I am suprised that nobody mentioned the fit-PC2i that always seems to come up in this application area.
Wesley 'Nonapeptide' : Fit-PC rawks!! =)From rschuler -
I 2nd the Alix + Pfsense.
I built one (http://tothelasttribe.com/blog/2009/04/building-a-firewall-pfsense-on-an-alix-2d3/), and have nothing but positive things to say about it.
-Josh
From Josh Brower -
Living outside of the US, the cost for one of those embedded systems no longer becomes an advantage once shipping is factored into.
For me, I run m0n0wall on an Atom 330 instead (http://perpetuallybored.com/2010/02/12/high-performance-and-affordable-router-with-m0n0wall-and-atom/). Not the most low powered solution, but it works.
Sandra : The problem with Monowall is, that you can't access your own external IP from the inside. From that I can read, they have no plans on fixing this =( Also the dhcpd doesn't allow "Option"'s to be passed along.The Journeyman geek : OT, but where did you get that from? i got the intel one from laser distributer some time back... SLS never seems to list the atom boxes on their fliers ;pmythokia : I bought mine from Video-Pro.From mythokia -
As you've explicitly asked for a low power machine I suggest that any old PC will suffice. At work I'm using a PC that was replaced because it was too low spec for use as a workstation, with a pair of extra NICs thrown in (one for the DMZ). At home I'm using an old Celeron that was going to be thrown out by someone I know, also with an extra pair of NICs installed.
TomTom : Reality check: old PC's draw more power than new ones, unless you go ANCIENT. Power consumption thank heaven went DOWN the last years.John Gardeniers : @TomTom, there is nothing in the question to indicate that the OP is looking for a low power consumption machine. I read it as meaning a low computing power machine. Only the OP can tell us which is correct but I'm getting really fed up with you downvoting my answers simply because you haven't read the question properly.From John Gardeniers -
"As you've explicitly asked for a low power machine I suggest that any old PC will suffice" Rubbish mate, Old PCs are not Low Power at all!
John Gardeniers : That's a comment, not an answer. If you don't have enough rep to post a comment just keep it to yourself.From hobo
0 comments:
Post a Comment