Hi Alex: Stock Linux would be my first choice, but I do want a system that has a power budget of less than 10 Watts. (This is for home use). My end goal is to create a separate guest account for the wireless(with access blocked to the local lan). I know a number of Linksys (and I hear OpenWRT) configuration will support this. The Utilite (http://www.compulab.co.il/utilite-computer/web/utilite-overview) would be my best best in terms of power and has separate GMII ports. As for speed, I can't forsee data ever exceeding 30Mb/s (the anticipated limitation of DSL in my area). The QOS is a nice to have. I've been spoiled by the simple interface offered by Tomato. I don't know what it does with my QOS classes in the background. This might make a solution with the PI possible. Again, I need to see if the USB hub can handle a push of traffic without dropping packets. I mention Shorewall, as it's a firewall configuration script/tools I became familiar with some years ago to lbridge/firewall a modem to my home network. Alex: Thanks for replying!! Peter On Mon Jan 05 2015 at 12:01:11 Alex Pilon <alp [ at ] alexpilon [ dot ] ca> wrote: > On Sun, Jan 04, 2015 at 01:52:23PM -0500, Peter Meyer wrote: > > Opinions please. I am looking to build/buy something that replaces my > > existing router/gateway box. > > > > My thinking is taking me in two directions. One is to replace my > existing > > WRT54GL running Tomato with another embedded system running openWRT > > Why not just stock Linux? What are you doing that requires those > firmwares? Just stock linux, sysctl net.ipv4.ip_forward=1, a bit of > iptables or nftables, dnsmasq or ISC DHCPd and your favourite caching > and recursing nameserver, some static addressing and routes, and you're > done, not to mention have far more control than you could hope for. > > But first, what are your speed requirements? > > > or build a multi-port router > > How is being multi-port exclusive? > > > (raspberry pi???) > > The Raspberry Pi *isn't* multi-port. You'll have to use tagged VLANs and > a managed switch, like a Netgear GS-10[58]T to get around that. > > > with: > > […] > > 2. unique zones and policies that separate the wifi (wlan) from the > > local network (lan) and firewall both from the internet. > > iptables or nftables. Zones are an abstraction built by the *WRTs, that > produce very messy rulesets, no more. Did that with my router at home > for my two ISPs and two subnets, and it works. > > > 3. QOS controls - This has become less of an issue as my DSL pipe is > > 10/1, however I would like to add VOIP onto this network and > > prioritize its traffic above all other. > > If you want to *strictly prioritize*, and aren't worried about > starvation, you'd use the prio qdisc. The simplest would be two bands, > one for VoIP traffic, and the other for the remainder. > > Use tc (from iproute2) and a few iptables targets used to manage Linux > QoS. But before even looking at that, is your link even appropriate for > VoIP? What's the latency on it like? Low and predictable enough? Have > you tested it? > > Mind you, if you can find good tc filter documentation, you'll be in > luck. tc itself isn't very helpful when you enter incorrect rules. And > I'm sorely tempted to run Linux under a debugger just to figure out > where it's failing. > > > I've started prototyping this idea using a raspberry PI running > Shorewall, > > Why Shorewall? >