Commercial Linux router/firewall

I wonder if there is a commercial Linux router/firewall product that
allows definition of rules as a shell script that runs respective
iptables commands, e.g.
....
$IPTABLES -A udpInPackets -p UDP -s 0/0 --dport 53 -j ACCEPT
....

I know I can build a separate Linux box with several NICs and use it as
router/firewall. It seems kind of wasteful though to have this huge ATX
box to be used as router/wirewall appliance.

Or alternatively, what is the "smallest" hardware that can be acquired
to be used as Linux firewall/router?

Thanks

cdf wrote:

> I know I can build a separate Linux box with several NICs and use it
> as router/firewall. It seems kind of wasteful though to have this huge
> ATX box to be used as router/wirewall appliance.
>
> Or alternatively, what is the "smallest" hardware that can be acquired
> to be used as Linux firewall/router?

Linksys WRT54G?

Greetings.

--
Reply-To ist funktionstüchtig

On 2005-04-26, cdf <(E-Mail Removed)> wrote:
> I wonder if there is a commercial Linux router/firewall product that
> allows definition of rules as a shell script that runs respective
> iptables commands, e.g.

There are many of them. Most are based on (more or less) standard
hardware. Some have dedicated hardware. See for example
www.xos.nl

Davide

--
Sysadmins don't go to hell; we're already doing our time in purgatory.
--Peter deFriesse

On Tue, 26 Apr 2005, cdf wrote:

<snip>
> Or alternatively, what is the "smallest" hardware that can be acquired
> to be used as Linux firewall/router?

Just pay a visit to http://www.mini-itx.com/

Motherbards and processors that fit into a shoebox and don't need huge
noisy power supplies.

The following motherboard is fitted with two ethernet ports, so it seem
perfect for a firewall project.

http://www.viaembedded.com/product/e...herboardId=241

Note that I did not try them myself. I tend to use old noisy ATX-based
system that cannot be used for anything else as space is not an issue for
me.

Hope this helps.

--
Jean-Francois "Jef" Stenuit

Jean-Francois Stenuit wrote:
> Just pay a visit to http://www.mini-itx.com/
>
> Motherbards and processors that fit into a shoebox and don't need huge
> noisy power supplies.
>
> The following motherboard is fitted with two ethernet ports, so it seem
> perfect for a firewall project.
>
> http://www.viaembedded.com/product/e...herboardId=241
>
> Note that I did not try them myself. I tend to use old noisy ATX-based
> system that cannot be used for anything else as space is not an issue for
> me.
>

Yes, that's something along the lines of what I was looking for. Almost
perfect. Not sure how Debian will will run on this board but it
certainly looks interesting. Thanks

Jean-Francois Stenuit wrote:

> On Tue, 26 Apr 2005, cdf wrote:
>
> <snip>
>> Or alternatively, what is the "smallest" hardware that can be acquired
>> to be used as Linux firewall/router?
>
> Just pay a visit to http://www.mini-itx.com/
>
> Motherbards and processors that fit into a shoebox and don't need huge
> noisy power supplies.
>
> The following motherboard is fitted with two ethernet ports, so it seem
> perfect for a firewall project.
>
> http://www.viaembedded.com/product/e...herboardId=241
>
> Note that I did not try them myself. I tend to use old noisy ATX-based
> system that cannot be used for anything else as space is not an issue for
> me.
>
> Hope this helps.

I can second the mini-itx as being a good router, I got the Eden style board
but it only had the one ethernet port, so in the one pci slot I put a cheap
ethernet card (SMC I think). One thing to be careful with, some mini-itx
cases come with really whimpy (50 watt) power supplies. That's fine for
after you're up and running but in my situation, the supply my case came
with wasn't able to power the high speed cdrom drive I was trying to use to
install ipcop to the mini-itx system. The symptom was that the install
would alway fail with a kernel crash or some kind of hardware
problem. The cdrom was a modern 52x speed and was asking more 12V
current than the supply could give.

My solution was sort of the overkill fix, I went to compusa and got a big
ass 300 Watt Antec supply (it was cheap anyway). It doesn't fit in the
case but I just leave it open.
The eden board is so cool it doesn't need the confines of the box to
guide the air in the proper way. Probably a more elegant way would be
to just borrow a larger supply, do the install and then go back to
the smaller supply and remove the cdrom. I left my cdrom in the case
for handy future use.

Mark

On Tue, 26 Apr 2005 15:36:55 -0400, cdf <(E-Mail Removed)> wrote:

> Not sure how Debian will will run on this board but it
>certainly looks interesting. Thanks

Debian should run fine. I have a Debian system as my firewall/router
running on a very much less powerful Pentium 166 MHz system.


Dan

Mr Gumby <(E-Mail Removed)> writes:

>I can second the mini-itx as being a good router, I got the Eden style board
>but it only had the one ethernet port, so in the one pci slot I put a cheap
>ethernet card (SMC I think). One thing to be careful with, some mini-itx
>cases come with really whimpy (50 watt) power supplies. That's fine for
>after you're up and running but in my situation, the supply my case came
>with wasn't able to power the high speed cdrom drive I was trying to use to
>install ipcop to the mini-itx system.

I guess NFS mounting a cdrom from another system - desktop, laptop -
wasn't an option?

--
<> Robert Geer & Donna Tomky | |||| We sure |||| <>
<> (E-Mail Removed) | == == find it == == <>
<> (E-Mail Removed) | == == enchanting == == <>
<> Albuquerque, NM USA | |||| here! |||| <>

Mr Gumby wrote:
> Jean-Francois Stenuit wrote:
>
>
>>On Tue, 26 Apr 2005, cdf wrote:
>>
>><snip>
>>
>>>Or alternatively, what is the "smallest" hardware that can be acquired
>>>to be used as Linux firewall/router?
>>
>>Just pay a visit to http://www.mini-itx.com/
>>
>>Motherbards and processors that fit into a shoebox and don't need huge
>>noisy power supplies.
>>
>>The following motherboard is fitted with two ethernet ports, so it seem
>>perfect for a firewall project.
>>
>>http://www.viaembedded.com/product/e...herboardId=241
>>
>>Note that I did not try them myself. I tend to use old noisy ATX-based
>>system that cannot be used for anything else as space is not an issue for
>>me.
>>
>>Hope this helps.
>
>
> I can second the mini-itx as being a good router, I got the Eden style board
> but it only had the one ethernet port, so in the one pci slot I put a cheap
> ethernet card (SMC I think). One thing to be careful with, some mini-itx
> cases come with really whimpy (50 watt) power supplies. That's fine for
> after you're up and running but in my situation, the supply my case came
> with wasn't able to power the high speed cdrom drive I was trying to use to
> install ipcop to the mini-itx system. The symptom was that the install
> would alway fail with a kernel crash or some kind of hardware
> problem. The cdrom was a modern 52x speed and was asking more 12V
> current than the supply could give.
>
> My solution was sort of the overkill fix, I went to compusa and got a big
> ass 300 Watt Antec supply (it was cheap anyway). It doesn't fit in the
> case but I just leave it open.
> The eden board is so cool it doesn't need the confines of the box to
> guide the air in the proper way. Probably a more elegant way would be
> to just borrow a larger supply, do the install and then go back to
> the smaller supply and remove the cdrom. I left my cdrom in the case
> for handy future use.
>

My vote to mini-itx, too.

The small power supply and small consumption is a big
plus for a system running 24/7 (current uptime 150 days).

I built the system without a CD, using the network
boot and another Linux PC as the initial boot-up
server.

--

Tauno Voipio
tauno voipio (at) iki fi

On Tue, 26 Apr 2005 07:24:24 -0400, cdf wrote:

>
> I wonder if there is a commercial Linux router/firewall product that
> allows definition of rules as a shell script that runs respective
> iptables commands, e.g.
> ...
> $IPTABLES -A udpInPackets -p UDP -s 0/0 --dport 53 -j ACCEPT
> ...
>
> I know I can build a separate Linux box with several NICs and use it as
> router/firewall. It seems kind of wasteful though to have this huge ATX
> box to be used as router/wirewall appliance.
>
> Or alternatively, what is the "smallest" hardware that can be acquired
> to be used as Linux firewall/router?
>

It's not exactly the smallest, or cheapest - try the WRAP boards. Runs on
AMD Geode processors. The OS could then be placed in a CF card, and you
need not do a transition from x86.

Of course you could use even more apt chips/boards that use the ARM CPU.

--


Paolo Alexis Falcone
(E-Mail Removed)