[aklug] Re: OpenWRT

barsalou wrote, on 5/21/2008 9:48 AM:
> Has anyone in the group done anything with OpenWRT?

I've been using Thibor's HyperWRT for a couple of years on my Linksys WRT54GS v3. It has worked well for me, though the project appears to have slowed down a bit. I tried OpenWRT for a while but at the time found it a little rough around the edges. It was a while ago, though.

What specific features are you looking for?

Tom Simes got me turned onto pfSense, and I'm *very* impressed. I'd already had most of the below drafted in discussions with other people recently, so it only took about five minutes of on-the-clock-time. :-)

I'm currently in the process of migrating my firewall functionality to pfSense on an ALIX board, keeping the wireless segment managed by the WRT54GS. Tack on a miniPCI card (Atheros chipset recommended) and turn it into a full wireless/router unit. When I make the jump to N, I'll probably pick up a miniPCI and retire the WRT56GS.

Here are some specs on the ALIX 2C3 board:

http://www.netgate.com/product_info.php?cPath=60&products_id=450

  * 3 Ethernet channels, 1 mini PCI slots, 1 serial port (console), USB
  * CPU: 500 MHz AMD Geode LX800 CPU
  * DRAM: 256MB DDR DRAM
  * Storage: Operating system and application stored on CompactFlash card (not included)
  * Size: 6" x 6" (152.4 x 152.4 mm)
        o Fits in the indoor ALIX.2 case ( ALUX.2 enclosure silver, ALIX.2 enclosure red, ALIX.2 enclosure black)
        o Does NOT fit into the outdoor ALIX/WRAP BOX
  * Firmware: tinyBIOS
  * Operating Systems: User defined. FreeBSD, m0n0wall, Linux, and several commercial OS are possible.
  * Power:DC jack or passive Power over Ethernet (not 802.3af compliant). Acceptable voltage range +7V to +20V DC.
  * User interface: Three front panel LEDs, pushbutton
  * Expansion: 1 miniPCI slots, LPC bus
  * Connectivity: 3 Ethernet channels (Via VT6105M 10/100)
  * I/O: DB9 serial port, dual USB port

In practice, my unit draws 6 watts.

I got this kit from Netgate for $185 (plus ~$15-$20 shipping):

http://www.netgate.com/product_info.php?cPath=60_84&products_id=492

    * ALIX.2C3 system board (3/1/256)
    * Black aluminum enclosure (with USB cutouts)
    * Blank 512MB Sandisk CF Card
    * Standard 12V 1.25A 15W power supply (US plug style)
    * Ships unassembled

The pfSense feature set is staggering, yet the GUI is easy to use for most stuff. The traffic shaping has been a little hard for me to wrap my head around, though. A features list is here:

http://www.pfsense.org/index.php?option=com_content&task=view&id=40&Itemid=43

Highlights:

- Basics (DHCP server, PPPoE, Dynamic DNS, dnsmasq, MAC filtering, etc.)
- VLANs and routing
- Syslogging to remote
- True traffic shaping (your ISP doesn't have to grok your QoS)
- Inbound load balancing (set up SSH failover!)
- Outbound load balancing (become multihomed!)
- Firewall clusters! (using CARP for failover and pfsync to sync state)
- RRD-based historical graphs
- Real-time traffic graphs (if your browser supports SVG)
- Terminate VPNs
- Captive portal
- Easy upgrade (web-GUI-based upload)

You can download a pfSense ISO and try it on any Intel box with two NICs, a CDROM, 512M, and a USB flash or floppy to write the config to. I did that for a while until I was convinced that I'd like it.

http://files.pfsense.org/mirror/downloads/

I just dd'ed the embedded version onto the CF card on my workstation, popped it into the unit, configured serial console to it, and took off.

You can also do a full install onto a hard drive from the CD, at which point various plugins are supported.

Of course, pfSense is based on FreeBSD. ;-) Currently based on 6.2, but the next rev will be based on 7.0, with significant TCP stack improvements.

Royce

-- 
Royce D. Williams                                   - http://royce.ws/
       Well, who hasn't made mistakes in his work? - Mr. Rogers
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.