I bought it all here: http://www.pcengines.ch/order1.php?c=4 The ordering process is a bit weird but after payment, they sent me a UPS confirmation shipment code within the hour. I will be using PfSense as the o/s + firewall (BSD based) with a nice shell access and web based front end. I love this distro as I have many persistant VPN tunnels going and the integration with snort, pfBlocker, squid, DNS, DHCP etc just just superb. I tried so many other firewalls out there... some of which I ran in my ehacking lab. This one really stands out. It's free with optional annual support for tech assistance) Software updates are free. The installation which installs the o/s and firewall packages that gets you to a point where you can connect a puter to config over a web browser takes all but 10 minutes from start to finish. One cool thing to point out that the PfSense folks do have ready made hardware packages pre-installed with their software. With the parts I mention below, it is smaller and more powerful, faster and higher capacity storage (SSD) vs their $800 "equivalent". I opted for the 16GB SSD as I run squid transparently to flush out all the ads and speed up content. My parts below added up to $232. I'm currently running this on a micro-ATX system with 2GB ram where my memory utilization of about 55% due to 800,000 table size for ip blocking via pbBlocker - which is why I chose the 4GB version below. My next fave firewall software / OS = http://www.zeroshell.org/ which is a little more primitive, (linux based i think) but extremely configurable. Jeff Green Email: mail [ at ] forjeff [ dot ] com Blog/Photography/Bio: http://forjeff.com Cell/Text: 613.552.2704 > -------- Original Message -------- > Subject: Linux Digest, Vol 121, Issue 9 > From: linux-request [ at ] lists [ dot ] oclug [ dot ] on [ dot ] ca > Date: Wed, January 07, 2015 12:47 pm > To: linux [ at ] lists [ dot ] oclug [ dot ] on [ dot ] ca > > > Send Linux mailing list submissions to > linux [ at ] lists [ dot ] oclug [ dot ] on [ dot ] ca > > To subscribe or unsubscribe via the World Wide Web, visit > http://oclug.on.ca/mailman/listinfo/linux > or, via email, send a message with subject or body 'help' to > linux-request [ at ] lists [ dot ] oclug [ dot ] on [ dot ] ca > > You can reach the person managing the list at > linux-owner [ at ] lists [ dot ] oclug [ dot ] on [ dot ] ca > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Linux digest..." > > > Today's Topics: > > 1. Re: Linux Digest, Vol 121, Issue 8 (Peter Meyer) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Wed, 07 Jan 2015 17:43:47 +0000 > From: Peter Meyer <petermeyer69 [ at ] gmail [ dot ] com> > To: linux [ at ] lists [ dot ] oclug [ dot ] on [ dot ] ca > Subject: Re: [OCLUG-Tech] Linux Digest, Vol 121, Issue 8 > Message-ID: > <CAPuTOo2_0o0NXYhRczanwN2pzGuATffqEBVxs1F8Qq=qS6=ZXw [ at ] mail [ dot ] gmail [ dot ] com> > Content-Type: text/plain; charset=UTF-8 > > Hi Jeff: > > Thanks for posting your configuration. Where did you buy the components, > what OS did you install and what software did you end up using to create > the firewall rules. > > I am glad to hear of a working use case for this system. > > Peter > > On Wed Jan 07 2015 at 11:56:40 <linux-request [ at ] lists [ dot ] oclug [ dot ] on [ dot ] ca> wrote: > > > Send Linux mailing list submissions to > > linux [ at ] lists [ dot ] oclug [ dot ] on [ dot ] ca > > > > To subscribe or unsubscribe via the World Wide Web, visit > > http://oclug.on.ca/mailman/listinfo/linux > > or, via email, send a message with subject or body 'help' to > > linux-request [ at ] lists [ dot ] oclug [ dot ] on [ dot ] ca > > > > You can reach the person managing the list at > > linux-owner [ at ] lists [ dot ] oclug [ dot ] on [ dot ] ca > > > > When replying, please edit your Subject line so it is more specific > > than "Re: Contents of Linux digest..." > > Today's Topics: > > > > 1. Fwd: Mentors this week (Aaron Wilcox) > > 2. Firewall - PCEngines (Jeff Green) > > > > > > > > ---------- Forwarded message ---------- > > From: Aaron Wilcox <aaron [ dot ] s [ dot ] wilcox [ at ] gmail [ dot ] com> > > To: OCLUG Mailing List <linux [ at ] lists [ dot ] oclug [ dot ] on [ dot ] ca> > > Cc: > > Date: Tue, 06 Jan 2015 21:47:17 -0500 > > Subject: [OCLUG-Tech] Fwd: Mentors this week > > On Sunday we had Mike Kenzie, Paul Hayes, Jason Butler and myself > > helping with setting up a robot simulation environment for the students > > (Eclipse and Gazebo, running on Ubuntu 14.04). Anyone who is interested > > in providing assistance for this short, intensive project (end of build > > is 11:59PM on February 17th) should get in touch with Adam Drenth. > > > > > > -------- Forwarded Message -------- > > Subject: Mentors this week > > Date: Mon, 5 Jan 2015 18:20:42 +0000 > > From: Adam Drenth <adam [ dot ] drenth [ at ] ashbury [ dot ] ca> > > CC: Katherine Woodward <kat [ dot ] woodward [ at ] ashbury [ dot ] ca> > > > > > > > > Hello Everyone, > > > > Thanks to those who were able to help us out this weekend with the quick > > build. We now have a functional robot base. This week we are going to > > be talking about game strategy and discussing potential designs and > > developing prototypes. Which means they will need A LOT of help > > organizing their thinking as well as developing their ideas. I am > > hoping that you will be able to help out. > > > > We will be meeting on Wednesday (4-8), Thursday(4-8) and Saturday(10-4) > > this week. Wednesday will focus on developing the best strategy to > > maximize our points. By Thursday, we will be looking at mechanisms to > > prototype. I am hoping to have them working in teams to build > > prototypes by Saturday. > > > > Please let me know if you are able to help out and on what days. Forward > > this email to anyone who you know would also like to mentor our team. > > * > > * > > *Additional Information* > > Please make sure you are familiar with the animation and game manual > > found at http://www.usfirst.org/roboticsprograms/frc/2015-game > > _ > > _ > > Thank you, > > > > Adam Drenth > > > > > > -- > > > > > > Aaron Wilcox > > > > GMail <mailto:aaron [ dot ] s [ dot ] wilcox [ at ] gmail [ dot ] com> > > Sympatico <mailto:aaron [ dot ] wilcox [ at ] sympatico [ dot ] ca> > > > > > > > > > > ---------- Forwarded message ---------- > > From: Jeff Green <mail [ at ] forjeff [ dot ] com> > > To: linux [ at ] lists [ dot ] oclug [ dot ] on [ dot ] ca > > Cc: > > Date: Wed, 07 Jan 2015 09:55:05 -0700 > > Subject: [OCLUG-Tech] Firewall - PCEngines > > Thanks to the person who suggested PCEngines. I wasn't the original > > person asking for advice but after checking them out, I am replacing my > > existing firewall with one of their solutions. I ended up with the > > following: > > > > APU.1D4 system board 4GB > > Enclosure 3 LAN, red, USB > > AC adapter 12V US plug for IT equipment > > SSD M-Sata 16GB MLC Phison > > Cable I-PEX -> reverse SMA > > Antenna reverse SMA dual band > > Compex WLE200NX miniPCI express card > > > > All in a fanless box smaller than my linksys router. So freaking > > amazing. > > > > > > > > > > Jeff Green > > Email: mail [ at ] forjeff [ dot ] com > > Blog/Photography/Bio: http://forjeff.com > > Cell/Text: 613.552.2704 > > > > > -------- Original Message -------- > > > Subject: Linux Digest, Vol 121, Issue 7 > > > From: linux-request [ at ] lists [ dot ] oclug [ dot ] on [ dot ] ca > > > Date: Tue, January 06, 2015 9:50 am > > > To: linux [ at ] lists [ dot ] oclug [ dot ] on [ dot ] ca > > > > > > > > > Send Linux mailing list submissions to > > > linux [ at ] lists [ dot ] oclug [ dot ] on [ dot ] ca > > > > > > To subscribe or unsubscribe via the World Wide Web, visit > > > http://oclug.on.ca/mailman/listinfo/linux > > > or, via email, send a message with subject or body 'help' to > > > linux-request [ at ] lists [ dot ] oclug [ dot ] on [ dot ] ca > > > > > > You can reach the person managing the list at > > > linux-owner [ at ] lists [ dot ] oclug [ dot ] on [ dot ] ca > > > > > > When replying, please edit your Subject line so it is more specific > > > than "Re: Contents of Linux digest..." > > > > > > > > > Today's Topics: > > > > > > 1. Re: Opinions requested: LF Good low powered multi-port > > > gateway/wireless router (Peter Meyer) > > > 2. Re: Opinions requested: LF Good low powered multi-port > > > gateway/wireless router (Murphy Scott) > > > 3. Low powered firewall (Jeff Green) > > > > > > > > > ---------------------------------------------------------------------- > > > > > > Message: 1 > > > Date: Tue, 06 Jan 2015 13:51:50 +0000 > > > From: Peter Meyer <petermeyer69 [ at ] gmail [ dot ] com> > > > To: Alex Pilon <alp [ at ] alexpilon [ dot ] ca> > > > Cc: linux [ at ] lists [ dot ] oclug [ dot ] on [ dot ] ca > > > Subject: Re: [OCLUG-Tech] Opinions requested: LF Good low powered > > > multi-port gateway/wireless router > > > Message-ID: > > > <CAPuTOo1XYMJdiuSOUCzenzk2uoNyWfy0u6HkHtPDzgD_kQXnsw@mail. > > gmail.com> > > > Content-Type: text/plain; charset=UTF-8 > > > > > > Hi Alex: > > > > > > I appreciate your opinions regarding both the hardware and software > > > requirements. I too wish I could get my hands on a 2-4port SBC. The > > > utilite tries to play into the set top/nettop market and be more of a > > > general purpose computer. Their version 2 system, has dropped the second > > > GigE port. I should perhaps look again at the various routers being > > > mentioned in these forums, I'd be interested in knowing if they have > > unique > > > hardware ports or use software to create virtual LANs. > > > > > > The WLAN-WLAN, WLAN-LAN traffic is something I need to reconsider. Most > > of > > > my need to create an isolated WLAN has to do with my create a "safe" > > gaming > > > zone for my kid and his friends and still keeping our LAN access tightly > > > controlled/filtered. I guess if I treat the WLAN as its own zone, then I > > > should think about hardware that would support good WLAN-WLAN traffic. > > > Good point. > > > > > > Thanks!! > > > > > > Peter > > > > > > > > > On Mon Jan 05 2015 at 22:00:57 Alex Pilon <alp [ at ] alexpilon [ dot ] ca> wrote: > > > > > > > > > On Sun, Jan 04, 2015 at 01:52:23PM -0500, Peter Meyer wrote: > > > > > > > Opinions please. I am looking to build/buy something that > > replaces my > > > > > > > existing router/gateway box. > > > > > > > > > > > On Mon Jan 05 2015 at 12:01:11 Alex Pilon <alp [ at ] alexpilon [ dot ] ca> wrote: > > > > > > Why not just stock Linux? > > > > > > > > On Mon, Jan 05, 2015 at 06:33:35PM +0000, Peter Meyer wrote: > > > > > Stock Linux would be my first choice, but I do want a system that > > has a > > > > > power budget of less than 10 Watts. (This is for home use). > > > > > > > > Pardon me, I meant software; not disputing the choice of hardware. > > > > > > > > > The Utilite (http://www.compulab.co.il/utilite-computer/web/utilite- > > > > overview) > > > > > would be my best best in terms of power and has separate GMII ports. > > > > > > > > I've been looking for a solid-cased 2-4 port SBC, *without video*, or > > > > any extraneous components. Too bad the Utilite is just one more such > > > > board. > > > > > > > > > I can't forsee data ever exceeding 30Mb/s (the anticipated limitation > > > > > of DSL in my area). > > > > > > > > No intra-WLAN, or WLAN-LAN traffic? There was another post that > > > > complained about that too. Sure, 802.11 is half-duplex, so you're not > > > > losing any more throughput, but LAN-WLAN traffic will take more of a > > hit > > > > than it ought, being both over the same USB bus. > > > > > > > > > > Use tc (from iproute2) and a few iptables targets used to manage > > Linux > > > > > > QoS. > > > > > > > > > > The QOS is a nice to have. I've been spoiled by the simple interface > > > > > offered by Tomato. I don't know what it does with my QOS classes in > > the > > > > > background. > > > > > > > > LARTC was written a while back, and isn't too bad of an *introduction* > > > > still, as outdated and occasionally faulty as it is. There's also this: > > > > > > > > http://wiki.linuxwall.info/doku.php/en:ressources: > > > > dossiers:networking:traffic_control > > > > > > > > > > > > > ------------------------------ > > > > > > Message: 2 > > > Date: Tue, 6 Jan 2015 09:03:35 -0500 > > > From: Murphy Scott <scott [ dot ] murphy [ at ] arrow-eye [ dot ] com> > > > To: Peter Meyer <petermeyer69 [ at ] gmail [ dot ] com> > > > Cc: Users Group Ottawa Linux <linux [ at ] lists [ dot ] oclug [ dot ] on [ dot ] ca> > > > Subject: Re: [OCLUG-Tech] Opinions requested: LF Good low powered > > > multi-port gateway/wireless router > > > Message-ID: <2530A4C7-0871-452C-AEE7-AC81C66B9E5B [ at ] arrow-eye [ dot ] com> > > > Content-Type: text/plain; charset="utf-8" > > > > > > I don?t know how robust a machine you are looking for, but the PC > > Engines APU board might be of use. You can run whatever OS you want (x86 > > compatible), it has a serial console, no video and a few options for > > storage and three 1GB ethernet ports (Realtek RTL8111E). This is the > > successor to the ALIX series. There are options to add wireless, even 3G > > with a 3G modem and a SIM if you need a backup data channel for something. > > 2GB or 4GB RAM models are available. This can be turned into a router with > > relative ease, either with custom images or roll your own. > > > > > > http://www.pcengines.ch/apu.htm > > > > > > Scott > > > > > > > On Jan 6, 2015, at 08:51, Peter Meyer <petermeyer69 [ at ] gmail [ dot ] com> wrote: > > > > > > > > Hi Alex: > > > > > > > > I appreciate your opinions regarding both the hardware and software > > > > requirements. I too wish I could get my hands on a 2-4port SBC. The > > > > utilite tries to play into the set top/nettop market and be more of a > > > > general purpose computer. Their version 2 system, has dropped the > > second > > > > GigE port. I should perhaps look again at the various routers being > > > > mentioned in these forums, I'd be interested in knowing if they have > > unique > > > > hardware ports or use software to create virtual LANs. > > > > > > > > The WLAN-WLAN, WLAN-LAN traffic is something I need to reconsider. > > Most of > > > > my need to create an isolated WLAN has to do with my create a "safe" > > gaming > > > > zone for my kid and his friends and still keeping our LAN access > > tightly > > > > controlled/filtered. I guess if I treat the WLAN as its own zone, > > then I > > > > should think about hardware that would support good WLAN-WLAN traffic. > > > > Good point. > > > > > > > > Thanks!! > > > > > > > > Peter > > > > > > > > > > > > On Mon Jan 05 2015 at 22:00:57 Alex Pilon <alp [ at ] alexpilon [ dot ] ca> wrote: > > > > > > > >>>> On Sun, Jan 04, 2015 at 01:52:23PM -0500, Peter Meyer wrote: > > > >>>>> Opinions please. I am looking to build/buy something that replaces > > my > > > >>>>> existing router/gateway box. > > > >>>> > > > >>> On Mon Jan 05 2015 at 12:01:11 Alex Pilon <alp [ at ] alexpilon [ dot ] ca> wrote: > > > >>>> Why not just stock Linux? > > > >> > > > >> On Mon, Jan 05, 2015 at 06:33:35PM +0000, Peter Meyer wrote: > > > >>> Stock Linux would be my first choice, but I do want a system that > > has a > > > >>> power budget of less than 10 Watts. (This is for home use). > > > >> > > > >> Pardon me, I meant software; not disputing the choice of hardware. > > > >> > > > >>> The Utilite (http://www.compulab.co.il/utilite-computer/web/utilite- > > > >> overview) > > > >>> would be my best best in terms of power and has separate GMII ports. > > > >> > > > >> I've been looking for a solid-cased 2-4 port SBC, *without video*, or > > > >> any extraneous components. Too bad the Utilite is just one more such > > > >> board. > > > >> > > > >>> I can't forsee data ever exceeding 30Mb/s (the anticipated limitation > > > >>> of DSL in my area). > > > >> > > > >> No intra-WLAN, or WLAN-LAN traffic? There was another post that > > > >> complained about that too. Sure, 802.11 is half-duplex, so you're not > > > >> losing any more throughput, but LAN-WLAN traffic will take more of a > > hit > > > >> than it ought, being both over the same USB bus. > > > >> > > > >>>> Use tc (from iproute2) and a few iptables targets used to manage > > Linux > > > >>>> QoS. > > > >>> > > > >>> The QOS is a nice to have. I've been spoiled by the simple interface > > > >>> offered by Tomato. I don't know what it does with my QOS classes in > > the > > > >>> background. > > > >> > > > >> LARTC was written a while back, and isn't too bad of an *introduction* > > > >> still, as outdated and occasionally faulty as it is. There's also > > this: > > > >> > > > >> http://wiki.linuxwall.info/doku.php/en:ressources: > > > >> dossiers:networking:traffic_control > > > >> > > > > _______________________________________________ > > > > Linux mailing list > > > > Linux [ at ] lists [ dot ] oclug [ dot ] on [ dot ] ca > > > > http://oclug.on.ca/mailman/listinfo/linux > > > > > > -------------- next part -------------- > > > A non-text attachment was scrubbed... > > > Name: signature.asc > > > Type: application/pgp-signature > > > Size: 841 bytes > > > Desc: Message signed with OpenPGP using GPGMail > > > URL: <http://oclug.on.ca/pipermail/linux/attachments/20150106/ > > 362e187a/attachment-0001.sig> > > > > > > ------------------------------ > > > > > > Message: 3 > > > Date: Tue, 06 Jan 2015 07:50:04 -0700 > > > From: "Jeff Green" <mail [ at ] forjeff [ dot ] com> > > > To: linux [ at ] lists [ dot ] oclug [ dot ] on [ dot ] ca > > > Subject: [OCLUG-Tech] Low powered firewall > > > Message-ID: > > > <20150106075004.bf2234145421e37871028a86a61019 > > 17 [ dot ] 1f1a26c55b [ dot ] wbe [ at ] email18 [ dot ] secureserver [ dot ] net> > > > > > > Content-Type: text/plain; charset="utf-8" > > > > > > I'm extremely interested in building a low powered firewall as well. I > > > eventually settled on micro ATX format, intel Atom chip with 2GB ram > > > (fanless) It's about twice the size of a linksys router and I was able > > > to get a multi ethernet board (5 ports). I have multiple networks at > > > home. I settled for pfSense for the firewall application. I haven't > > > done extensive research from as far as I can tell, you can't add more > > > then 2 RJ45 ports on Raspberry PI (would love to use that format) > > > The best low powered solution I could find that still had enough meat > > > and potatoes under the hood is from these guys > > > http://soekris.com/products/net5501.html but they are a bit pricey. > > > > > > > > > > > > > > > Jeff Green > > > Email: mail [ at ] forjeff [ dot ] com > > > Blog/Photography/Bio: http://forjeff.com > > > Cell/Text: 613.552.2704 > > > > > > > -------- Original Message -------- > > > > Subject: Linux Digest, Vol 121, Issue 6 > > > > From: linux-request [ at ] lists [ dot ] oclug [ dot ] on [ dot ] ca > > > > Date: Mon, January 05, 2015 10:00 pm > > > > To: linux [ at ] lists [ dot ] oclug [ dot ] on [ dot ] ca > > > > > > > > > > > > Send Linux mailing list submissions to > > > > linux [ at ] lists [ dot ] oclug [ dot ] on [ dot ] ca > > > > > > > > To subscribe or unsubscribe via the World Wide Web, visit > > > > http://oclug.on.ca/mailman/listinfo/linux > > > > or, via email, send a message with subject or body 'help' to > > > > linux-request [ at ] lists [ dot ] oclug [ dot ] on [ dot ] ca > > > > > > > > You can reach the person managing the list at > > > > linux-owner [ at ] lists [ dot ] oclug [ dot ] on [ dot ] ca > > > > > > > > When replying, please edit your Subject line so it is more specific > > > > than "Re: Contents of Linux digest..." > > > > > > > > > > > > Today's Topics: > > > > > > > > 1. Re: Opinions requested: LF Good low powered multi-port > > > > gateway/wireless router (Alex Pilon) > > > > 2. Re: Opinions requested: LF Good low powered multi-port > > > > gateway/wireless router (Paul Belanger) > > > > 3. Re: Opinions requested: LF Good low powered multi-port > > > > gateway/wireless router (Peter Meyer) > > > > 4. Re: Opinions requested: LF Good low powered multi-port > > > > gateway/wireless router (Singer Wang) > > > > 5. Re: Opinions requested: LF Good low powered multi-port > > > > gateway/wireless router (Alex Pilon) > > > > > > > > > > > > ---------------------------------------------------------------------- > > > > > > > > Message: 1 > > > > Date: Mon, 5 Jan 2015 12:00:52 -0500 > > > > From: Alex Pilon <alp [ at ] alexpilon [ dot ] ca> > > > > To: Peter Meyer <petermeyer69 [ at ] gmail [ dot ] com> > > > > Cc: linux [ at ] lists [ dot ] oclug [ dot ] on [ dot ] ca > > > > Subject: Re: [OCLUG-Tech] Opinions requested: LF Good low powered > > > > multi-port gateway/wireless router > > > > Message-ID: <20150105170052 [ dot ] GA800 [ at ] alexpilon [ dot ] ca> > > > > Content-Type: text/plain; charset="utf-8" > > > > > > > > On Sun, Jan 04, 2015 at 01:52:23PM -0500, Peter Meyer wrote: > > > > > Opinions please. I am looking to build/buy something that replaces > > my > > > > > existing router/gateway box. > > > > > > > > > > My thinking is taking me in two directions. One is to replace my > > existing > > > > > WRT54GL running Tomato with another embedded system running openWRT > > > > > > > > Why not just stock Linux? What are you doing that requires those > > > > firmwares? Just stock linux, sysctl net.ipv4.ip_forward=1, a bit of > > > > iptables or nftables, dnsmasq or ISC DHCPd and your favourite caching > > > > and recursing nameserver, some static addressing and routes, and you're > > > > done, not to mention have far more control than you could hope for. > > > > > > > > But first, what are your speed requirements? > > > > > > > > > or build a multi-port router > > > > > > > > How is being multi-port exclusive? > > > > > > > > > (raspberry pi???) > > > > > > > > The Raspberry Pi *isn't* multi-port. You'll have to use tagged VLANs > > and > > > > a managed switch, like a Netgear GS-10[58]T to get around that. > > > > > > > > > with: > > > > > [?] > > > > > 2. unique zones and policies that separate the wifi (wlan) from the > > > > > local network (lan) and firewall both from the internet. > > > > > > > > iptables or nftables. Zones are an abstraction built by the *WRTs, that > > > > produce very messy rulesets, no more. Did that with my router at home > > > > for my two ISPs and two subnets, and it works. > > > > > > > > > 3. QOS controls - This has become less of an issue as my DSL pipe is > > > > > 10/1, however I would like to add VOIP onto this network and > > > > > prioritize its traffic above all other. > > > > > > > > If you want to *strictly prioritize*, and aren't worried about > > > > starvation, you'd use the prio qdisc. The simplest would be two bands, > > > > one for VoIP traffic, and the other for the remainder. > > > > > > > > Use tc (from iproute2) and a few iptables targets used to manage Linux > > > > QoS. But before even looking at that, is your link even appropriate for > > > > VoIP? What's the latency on it like? Low and predictable enough? Have > > > > you tested it? > > > > > > > > Mind you, if you can find good tc filter documentation, you'll be in > > > > luck. tc itself isn't very helpful when you enter incorrect rules. And > > > > I'm sorely tempted to run Linux under a debugger just to figure out > > > > where it's failing. > > > > > > > > > I've started prototyping this idea using a raspberry PI running > > Shorewall, > > > > > > > > Why Shorewall? > > > > -------------- next part -------------- > > > > A non-text attachment was scrubbed... > > > > Name: not available > > > > Type: application/pgp-signature > > > > Size: 819 bytes > > > > Desc: not available > > > > URL: <http://oclug.on.ca/pipermail/linux/attachments/20150105/ > > 55f024d3/attachment-0001.sig> > > > > > > > > ------------------------------ > > > > > > > > Message: 2 > > > > Date: Mon, 5 Jan 2015 12:16:47 -0500 > > > > From: Paul Belanger <paul [ dot ] belanger [ at ] polybeacon [ dot ] com> > > > > To: Alex Pilon <alp [ at ] alexpilon [ dot ] ca> > > > > Cc: Peter Meyer <petermeyer69 [ at ] gmail [ dot ] com>, linux > > > > <linux [ at ] lists [ dot ] oclug [ dot ] on [ dot ] ca> > > > > Subject: Re: [OCLUG-Tech] Opinions requested: LF Good low powered > > > > multi-port gateway/wireless router > > > > Message-ID: > > > > <CALLKq0QFF9ZFFfSyoQMHurZk8yUU+EOwuanWzv0qBwcVT=TuWw@mail. > > gmail.com> > > > > Content-Type: text/plain; charset=UTF-8 > > > > > > > > On Mon, Jan 5, 2015 at 12:00 PM, Alex Pilon <alp [ at ] alexpilon [ dot ] ca> wrote: > > > > > On Sun, Jan 04, 2015 at 01:52:23PM -0500, Peter Meyer wrote: > > > > >> Opinions please. I am looking to build/buy something that replaces > > my > > > > >> existing router/gateway box. > > > > >> > > > > >> My thinking is taking me in two directions. One is to replace my > > existing > > > > >> WRT54GL running Tomato with another embedded system running openWRT > > > > > > > > > > Why not just stock Linux? What are you doing that requires those > > > > > firmwares? Just stock linux, sysctl net.ipv4.ip_forward=1, a bit of > > > > > iptables or nftables, dnsmasq or ISC DHCPd and your favourite caching > > > > > and recursing nameserver, some static addressing and routes, and > > you're > > > > > done, not to mention have far more control than you could hope for. > > > > > > > > > > But first, what are your speed requirements? > > > > > > > > > >> or build a multi-port router > > > > > > > > > > How is being multi-port exclusive? > > > > > > > > > >> (raspberry pi???) > > > > > > > > > > The Raspberry Pi *isn't* multi-port. You'll have to use tagged VLANs > > and > > > > > a managed switch, like a Netgear GS-10[58]T to get around that. > > > > > > > > > >> with: > > > > >> [?] > > > > >> 2. unique zones and policies that separate the wifi (wlan) from the > > > > >> local network (lan) and firewall both from the internet. > > > > > > > > > > iptables or nftables. Zones are an abstraction built by the *WRTs, > > that > > > > > produce very messy rulesets, no more. Did that with my router at home > > > > > for my two ISPs and two subnets, and it works. > > > > > > > > > >> 3. QOS controls - This has become less of an issue as my DSL pipe is > > > > >> 10/1, however I would like to add VOIP onto this network and > > > > >> prioritize its traffic above all other. > > > > > > > > > > If you want to *strictly prioritize*, and aren't worried about > > > > > starvation, you'd use the prio qdisc. The simplest would be two > > bands, > > > > > one for VoIP traffic, and the other for the remainder. > > > > > > > > > > Use tc (from iproute2) and a few iptables targets used to manage > > Linux > > > > > QoS. But before even looking at that, is your link even appropriate > > for > > > > > VoIP? What's the latency on it like? Low and predictable enough? > > Have > > > > > you tested it? > > > > > > > > > > Mind you, if you can find good tc filter documentation, you'll be in > > > > > luck. tc itself isn't very helpful when you enter incorrect rules. > > And > > > > > I'm sorely tempted to run Linux under a debugger just to figure out > > > > > where it's failing. > > > > > > > > > >> I've started prototyping this idea using a raspberry PI running > > Shorewall, > > > > > > > > > > Why Shorewall? > > > > > > > > > Some feedback on another product. > > > > > > > > I'm in the process of pulling the trigger on getting a RouterBoard > > > > RB2011iL-IN[1]. However, this version does not have wireless support > > > > so you'd have to drop a wireless AP or move to the RB2011UiAS-2HnD-IN > > > > [2]. It should offer everything listed in your original email. > > > > > > > > [1] http://routerboard.com/RB2011iL-IN > > > > [2] http://routerboard.com/RB2011UiAS-2HnD-IN > > > > > > > > -- > > > > Paul Belanger | PolyBeacon, Inc. > > > > Jabber: paul [ dot ] belanger [ at ] polybeacon [ dot ] com | IRC: pabelanger (Freenode) > > > > Github: https://github.com/pabelanger | Twitter: > > https://twitter.com/pabelanger > > > > > > > > > > > > ------------------------------ > > > > > > > > Message: 3 > > > > Date: Mon, 05 Jan 2015 18:33:35 +0000 > > > > From: Peter Meyer <petermeyer69 [ at ] gmail [ dot ] com> > > > > To: Alex Pilon <alp [ at ] alexpilon [ dot ] ca> > > > > Cc: linux [ at ] lists [ dot ] oclug [ dot ] on [ dot ] ca > > > > Subject: Re: [OCLUG-Tech] Opinions requested: LF Good low powered > > > > multi-port gateway/wireless router > > > > Message-ID: > > > > <CAPuTOo1WRO5XaswoSpC5kwTw+VXeXTLO5DWOpLM1QzFP+Xgnfw@ > > mail.gmail.com> > > > > Content-Type: text/plain; charset=UTF-8 > > > > > > > > Hi Alex: > > > > > > > > Stock Linux would be my first choice, but I do want a system that has a > > > > power budget of less than 10 Watts. (This is for home use). > > > > > > > > My end goal is to create a separate guest account for the wireless(with > > > > access blocked to the local lan). I know a number of Linksys (and I > > hear > > > > OpenWRT) configuration will support this. > > > > > > > > The Utilite (http://www.compulab.co.il/utilite-computer/web/utilite- > > overview) > > > > would be my best best in terms of power and has separate GMII ports. > > > > > > > > As for speed, I can't forsee data ever exceeding 30Mb/s (the > > anticipated > > > > limitation of DSL in my area). > > > > > > > > The QOS is a nice to have. I've been spoiled by the simple interface > > > > offered by Tomato. I don't know what it does with my QOS classes in > > the > > > > background. > > > > > > > > This might make a solution with the PI possible. Again, I need to see > > if > > > > the USB hub can handle a push of traffic without dropping packets. > > > > > > > > I mention Shorewall, as it's a firewall configuration script/tools I > > became > > > > familiar with some years ago to lbridge/firewall a modem to my home > > network. > > > > > > > > Alex: Thanks for replying!! > > > > > > > > Peter > > > > > > > > > > > > On Mon Jan 05 2015 at 12:01:11 Alex Pilon <alp [ at ] alexpilon [ dot ] ca> wrote: > > > > > > > > > On Sun, Jan 04, 2015 at 01:52:23PM -0500, Peter Meyer wrote: > > > > > > Opinions please. I am looking to build/buy something that > > replaces my > > > > > > existing router/gateway box. > > > > > > > > > > > > My thinking is taking me in two directions. One is to replace my > > > > > existing > > > > > > WRT54GL running Tomato with another embedded system running openWRT > > > > > > > > > > Why not just stock Linux? What are you doing that requires those > > > > > firmwares? Just stock linux, sysctl net.ipv4.ip_forward=1, a bit of > > > > > iptables or nftables, dnsmasq or ISC DHCPd and your favourite caching > > > > > and recursing nameserver, some static addressing and routes, and > > you're > > > > > done, not to mention have far more control than you could hope for. > > > > > > > > > > But first, what are your speed requirements? > > > > > > > > > > > or build a multi-port router > > > > > > > > > > How is being multi-port exclusive? > > > > > > > > > > > (raspberry pi???) > > > > > > > > > > The Raspberry Pi *isn't* multi-port. You'll have to use tagged VLANs > > and > > > > > a managed switch, like a Netgear GS-10[58]T to get around that. > > > > > > > > > > > with: > > > > > > [?] > > > > > > 2. unique zones and policies that separate the wifi (wlan) from the > > > > > > local network (lan) and firewall both from the internet. > > > > > > > > > > iptables or nftables. Zones are an abstraction built by the *WRTs, > > that > > > > > produce very messy rulesets, no more. Did that with my router at home > > > > > for my two ISPs and two subnets, and it works. > > > > > > > > > > > 3. QOS controls - This has become less of an issue as my DSL pipe > > is > > > > > > 10/1, however I would like to add VOIP onto this network and > > > > > > prioritize its traffic above all other. > > > > > > > > > > If you want to *strictly prioritize*, and aren't worried about > > > > > starvation, you'd use the prio qdisc. The simplest would be two > > bands, > > > > > one for VoIP traffic, and the other for the remainder. > > > > > > > > > > Use tc (from iproute2) and a few iptables targets used to manage > > Linux > > > > > QoS. But before even looking at that, is your link even appropriate > > for > > > > > VoIP? What's the latency on it like? Low and predictable enough? > > Have > > > > > you tested it? > > > > > > > > > > Mind you, if you can find good tc filter documentation, you'll be in > > > > > luck. tc itself isn't very helpful when you enter incorrect rules. > > And > > > > > I'm sorely tempted to run Linux under a debugger just to figure out > > > > > where it's failing. > > > > > > > > > > > I've started prototyping this idea using a raspberry PI running > > > > > Shorewall, > > > > > > > > > > Why Shorewall? > > > > > > > > > > > > > > > > > ------------------------------ > > > > > > > > Message: 4 > > > > Date: Mon, 5 Jan 2015 14:12:52 -0500 > > > > From: Singer Wang <wang [ at ] singerwang [ dot ] com> > > > > To: petermeyer69 [ at ] gmail [ dot ] com > > > > Cc: linux [ at ] lists [ dot ] oclug [ dot ] on [ dot ] ca > > > > Subject: Re: [OCLUG-Tech] Opinions requested: LF Good low powered > > > > multi-port gateway/wireless router > > > > Message-ID: > > > > <CAGaPp0ygCyWnTBhjAiWRaD146-_TymRgDDbEe8z-LkJZ-exKRA@mail. > > gmail.com> > > > > Content-Type: text/plain; charset=UTF-8 > > > > > > > > I tried the ThinkPengiun solution and I found it rather lacking. We do > > a > > > > fair bit of transfers on the local LAN between computers plugged in and > > > > those on Wifi. The two main limitations for us were: > > > > 1) only 100Mb ethernet ports > > > > 2) the wireless-N is only on the 2.4GHz band, not 5GHz and is really > > slow.. > > > > I have never been able to hit more then 80Mb/s from it even right next > > to > > > > it.. > > > > > > > > S > > > > > > > > On Sun, Jan 4, 2015 at 1:52 PM, Peter Meyer <petermeyer69 [ at ] gmail [ dot ] com> > > wrote: > > > > > > > > > Forum: > > > > > > > > > > Opinions please. I am looking to build/buy something that replaces > > my > > > > > existing router/gateway box. > > > > > > > > > > My thinking is taking me in two directions. One is to replace my > > existing > > > > > WRT54GL running Tomato with another embedded system running openWRT > > or > > > > > build a multi-port router (raspberry pi???) with: > > > > > > > > > > 1. wireless N > > > > > 2. unique zones and policies that separate the wifi (wlan) from the > > > > > local network (lan) and firewall both from the internet. > > > > > 3. QOS controls - This has become less of an issue as my DSL pipe is > > > > > 10/1, however I would like to add VOIP onto this network and > > > > > prioritize its traffic above all other. > > > > > > > > > > > > > > > I've started prototyping this idea using a raspberry PI running > > Shorewall, > > > > > but read discussion groups that mention that the USB hub can't > > handle the > > > > > multiple USB<->Ethernet ports and will start dropping packets. I'll > > know > > > > > more once I've go this set up and start pushing serious traffic > > through it. > > > > > > > > > > The one box that might serve this firewall function well is a > > utilite < > > > > > http://www.compulab.co.il/utilite-computer/web/utilite-overview> > > box that > > > > > has two GIGE ports connected right to the ARM processor. > > > > > > > > > > Can you make any further comments on the thinkpenguin solution < > > > > > https://www.thinkpenguin.com/gnu-linux/free-software- > > > > > wireless-n-broadband-router-gnu-linux-tpe-nwifirouter2> mentioned or > > > > > other router boxes that with OpenWRT would meet the above mentioned > > > > > requirements. > > > > > > > > > > Thanks!! > > > > > > > > > > Peter > > > > > _______________________________________________ > > > > > Linux mailing list > > > > > Linux [ at ] lists [ dot ] oclug [ dot ] on [ dot ] ca > > > > > http://oclug.on.ca/mailman/listinfo/linux > > > > > > > > > > > > > > > > > ------------------------------ > > > > > > > > Message: 5 > > > > Date: Mon, 5 Jan 2015 22:00:38 -0500 > > > > From: Alex Pilon <alp [ at ] alexpilon [ dot ] ca> > > > > To: Peter Meyer <petermeyer69 [ at ] gmail [ dot ] com> > > > > Cc: linux [ at ] lists [ dot ] oclug [ dot ] on [ dot ] ca > > > > Subject: Re: [OCLUG-Tech] Opinions requested: LF Good low powered > > > > multi-port gateway/wireless router > > > > Message-ID: <20150106030038 [ dot ] GB4444 [ at ] alexpilon [ dot ] ca> > > > > Content-Type: text/plain; charset="us-ascii" > > > > > > > > > > On Sun, Jan 04, 2015 at 01:52:23PM -0500, Peter Meyer wrote: > > > > > > > Opinions please. I am looking to build/buy something that > > replaces my > > > > > > > existing router/gateway box. > > > > > > > > > > > On Mon Jan 05 2015 at 12:01:11 Alex Pilon <alp [ at ] alexpilon [ dot ] ca> wrote: > > > > > > Why not just stock Linux? > > > > > > > > On Mon, Jan 05, 2015 at 06:33:35PM +0000, Peter Meyer wrote: > > > > > Stock Linux would be my first choice, but I do want a system that > > has a > > > > > power budget of less than 10 Watts. (This is for home use). > > > > > > > > Pardon me, I meant software; not disputing the choice of hardware. > > > > > > > > > The Utilite (http://www.compulab.co.il/utilite-computer/web/utilite- > > overview) > > > > > would be my best best in terms of power and has separate GMII ports. > > > > > > > > I've been looking for a solid-cased 2-4 port SBC, *without video*, or > > > > any extraneous components. Too bad the Utilite is just one more such > > > > board. > > > > > > > > > I can't forsee data ever exceeding 30Mb/s (the anticipated limitation > > > > > of DSL in my area). > > > > > > > > No intra-WLAN, or WLAN-LAN traffic? There was another post that > > > > complained about that too. Sure, 802.11 is half-duplex, so you're not > > > > losing any more throughput, but LAN-WLAN traffic will take more of a > > hit > > > > than it ought, being both over the same USB bus. > > > > > > > > > > Use tc (from iproute2) and a few iptables targets used to manage > > Linux > > > > > > QoS. > > > > > > > > > > The QOS is a nice to have. I've been spoiled by the simple interface > > > > > offered by Tomato. I don't know what it does with my QOS classes in > > the > > > > > background. > > > > > > > > LARTC was written a while back, and isn't too bad of an *introduction* > > > > still, as outdated and occasionally faulty as it is. There's also this: > > > > > > > > http://wiki.linuxwall.info/doku.php/en:ressources: > > dossiers:networking:traffic_control > > > > -------------- next part -------------- > > > > A non-text attachment was scrubbed... > > > > Name: not available > > > > Type: application/pgp-signature > > > > Size: 819 bytes > > > > Desc: not available > > > > URL: <http://oclug.on.ca/pipermail/linux/attachments/20150105/ > > 512a2d45/attachment.sig> > > > > > > > > ------------------------------ > > > > > > > > Subject: Digest Footer > > > > > > > > _______________________________________________ > > > > Linux mailing list > > > > Linux [ at ] lists [ dot ] oclug [ dot ] on [ dot ] ca > > > > http://oclug.on.ca/mailman/listinfo/linux > > > > > > > > > > > > ------------------------------ > > > > > > > > End of Linux Digest, Vol 121, Issue 6 > > > > ************************************* > > > > > > > > > ------------------------------ > > > > > > Subject: Digest Footer > > > > > > _______________________________________________ > > > Linux mailing list > > > Linux [ at ] lists [ dot ] oclug [ dot ] on [ dot ] ca > > > http://oclug.on.ca/mailman/listinfo/linux > > > > > > > > > ------------------------------ > > > > > > End of Linux Digest, Vol 121, Issue 7 > > > ************************************* > > > > _______________________________________________ > > Linux mailing list > > Linux [ at ] lists [ dot ] oclug [ dot ] on [ dot ] ca > > http://oclug.on.ca/mailman/listinfo/linux > > > > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > Linux mailing list > Linux [ at ] lists [ dot ] oclug [ dot ] on [ dot ] ca > http://oclug.on.ca/mailman/listinfo/linux > > > ------------------------------ > > End of Linux Digest, Vol 121, Issue 9 > *************************************