[aklug] Re: OpenWRT

From: <jonr@destar.net>
Date: Wed May 21 2008 - 11:43:48 AKDT

Quoting Royce Williams <royce@alaska.net>:

> barsalou wrote, on 5/21/2008 9:48 AM:
>> Has anyone in the group done anything with OpenWRT?
>
> I've been using Thibor's HyperWRT for a couple of years on my =20
> Linksys WRT54GS v3. It has worked well for me, though the project =20
> appears to have slowed down a bit. I tried OpenWRT for a while but =20
> at the time found it a little rough around the edges. It was a =20
> while ago, though.
>
> What specific features are you looking for?
>
> Tom Simes got me turned onto pfSense, and I'm *very* impressed. I'd =20
> already had most of the below drafted in discussions with other =20
> people recently, so it only took about five minutes of =20
> on-the-clock-time. :-)
>
> I'm currently in the process of migrating my firewall functionality =20
> to pfSense on an ALIX board, keeping the wireless segment managed by =20
> the WRT54GS. Tack on a miniPCI card (Atheros chipset recommended) =20
> and turn it into a full wireless/router unit. When I make the jump =20
> to N, I'll probably pick up a miniPCI and retire the WRT56GS.
>
> Here are some specs on the ALIX 2C3 board:
>
> http://www.netgate.com/product_info.php?cPath=3D60&products_id=3D450
>
> * 3 Ethernet channels, 1 mini PCI slots, 1 serial port (console), USB
> * CPU: 500 MHz AMD Geode LX800 CPU
> * DRAM: 256MB DDR DRAM
> * Storage: Operating system and application stored on CompactFlash =20
> card (not included)
> * Size: 6" x 6" (152.4 x 152.4 mm)
> o Fits in the indoor ALIX.2 case ( ALUX.2 enclosure silver, =20
> ALIX.2 enclosure red, ALIX.2 enclosure black)
> o Does NOT fit into the outdoor ALIX/WRAP BOX
> * Firmware: tinyBIOS
> * Operating Systems: User defined. FreeBSD, m0n0wall, Linux, and =20
> several commercial OS are possible.
> * Power:DC jack or passive Power over Ethernet (not 802.3af =20
> compliant). Acceptable voltage range +7V to +20V DC.
> * User interface: Three front panel LEDs, pushbutton
> * Expansion: 1 miniPCI slots, LPC bus
> * Connectivity: 3 Ethernet channels (Via VT6105M 10/100)
> * I/O: DB9 serial port, dual USB port
>
>
> In practice, my unit draws 6 watts.
>
> I got this kit from Netgate for $185 (plus ~$15-$20 shipping):
>
> http://www.netgate.com/product_info.php?cPath=3D60_84&products_id=3D492
>
> * ALIX.2C3 system board (3/1/256)
> * Black aluminum enclosure (with USB cutouts)
> * Blank 512MB Sandisk CF Card
> * Standard 12V 1.25A 15W power supply (US plug style)
> * Ships unassembled
>
>
> The pfSense feature set is staggering, yet the GUI is easy to use =20
> for most stuff. The traffic shaping has been a little hard for me =20
> to wrap my head around, though. A features list is here:
>
> http://www.pfsense.org/index.php?option=3Dcom_content&task=3Dview&id=3D40&=
Itemid=3D43
>
> Highlights:
>
> - Basics (DHCP server, PPPoE, Dynamic DNS, dnsmasq, MAC filtering, etc.)
> - VLANs and routing
> - Syslogging to remote
> - True traffic shaping (your ISP doesn't have to grok your QoS)
> - Inbound load balancing (set up SSH failover!)
> - Outbound load balancing (become multihomed!)
> - Firewall clusters! (using CARP for failover and pfsync to sync state)
> - RRD-based historical graphs
> - Real-time traffic graphs (if your browser supports SVG)
> - Terminate VPNs
> - Captive portal
> - Easy upgrade (web-GUI-based upload)
>
>
> You can download a pfSense ISO and try it on any Intel box with two =20
> NICs, a CDROM, 512M, and a USB flash or floppy to write the config =20
> to. I did that for a while until I was convinced that I'd like it.
>
> http://files.pfsense.org/mirror/downloads/
>
> I just dd'ed the embedded version onto the CF card on my =20
> workstation, popped it into the unit, configured serial console to =20
> it, and took off.
>
> You can also do a full install onto a hard drive from the CD, at =20
> which point various plugins are supported.
>
> Of course, pfSense is based on FreeBSD. ;-) Currently based on 6.2, =20
> but the next rev will be based on 7.0, with significant TCP stack =20
> improvements.
>
>
> Royce

Good run down Royce. I had been using monowall with a Soekris 4801 box =20
but I like the price point of ALIX setup you have. Also, one reason I =20
moved away from monowall and to pfsense was I wanted to be able to =20
redirect all port 80 traffic back to my squid box for content =20
filtering. Monowall could do this but you had to do it by changing the =20
a config file on the box. I didn't like the one off feature to be able =20
to do that.

Jon

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Wed May 21 11:44:34 2008

This archive was generated by hypermail 2.1.8 : Wed May 21 2008 - 11:44:34 AKDT