Building my first gateway firewall with wireless support

Geoffrey Mainland mainland at eecs.harvard.edu
Fri Mar 7 05:56:52 UTC 2008 

On Tue, Mar 04, 2008 at 11:29:24PM +1100, Ian Smith wrote:
> On Mon, 3 Mar 2008, Bob Keyes wrote:
>  > On Mon, 3 Mar 2008, Aaron Siegel wrote:
>  > > My almost ten year old pc that has been running 24/7 as a firewall gateway is
>  > > about to die.  (Of course it is running Freebsd) I would like to build a
>  > > embedded gateway, DNS server, with DDNS client, wireless access point,
>  > > IPSEC , and firewall.
> 
> [.. lots of useful stuff ..]
> 
>  > > I am looking at Soekris 48xx and if needed the vpn board.. As of now I
>  > > like to stick with x86 platform. Any other suggestions?
>  > 
>  > I believe that soekris stuff is coming to end-of-life. You may want to
>  > check out alternatives. PC Engines made something called WRAP, and there's
>  > a replacement board for it that's supposed to be pretty good. I used
>  > soekris boards quite a bit and have mixed feelings about them. Don't
>  > stress them too hard, and don't try to do PoE.
> 
> Only the net-48xx series are at end-of-life, due to CPU unavailability. 
> Soekris are giving no indication of not proceding with everything else.
> 
> Aaron, of course do check out all alternatives, but the net-5501 looks
> likely useful for what you want to run, and takes either vpn board.
> 
> I'm saving up .. anyone else concur with 'not streesing them too hard'?

I've severely stressed the 4826 platform using the POE supplies
available from Metrix. Given two nodes, each with a wired connected, a
Wistrom CM9 and a Ubiquiti SR9, I ran 3 TCP streams, one per interface,
full-bore from one node to the other using iperf for 5 minutes, then
switched directions. I left this flip-flopping iperf test running for
about 2.5 weeks and didn't have any issues. The problems people had here
at Harvard with Soekris seemed to be tied to Linux, particularly the
Atheros drivers. Once I swapped in FreeBSD those problems vanished.

You should definitely look at the ALIX boards that have replaced the old
WRAP boards. ALIX boards comparable to the 5501 also seem to be *much*
(factor of 2) cheaper, but be aware that the top-end 5501-70 has twice
as much RAM (512MB) and any available ALIX configuration. I assume the
vpn1411 will work just fine on an ALIX board.

Geoff

More information about the freebsd-embedded mailing list