[ previous ] [ next ] [ threads ]
 
 From:  Jim Thompson <jim at netgate dot com>
 To:  "Charlie Barker" <CharlieBarker at RedlineSoftware dot co dot uk>
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Cheap Hardware
 Date:  Thu, 1 Jun 2006 23:06:36 -1000
On Jun 1, 2006, at 10:40 PM, Charlie Barker wrote:

>
> Hi Ramunas,
>
> I guess I need to be a bit more specific :o)
>
> I would like to be able to go and buy four of these for friends and  
> familly
> over the next few weeks.
>
> Also space will be a bit of an issue something that is not a lot  
> bigger than
> a Soekris would be good.
>
> I would also prefer a CF solution as hard drives have reliability /  
> heat /
> noise / cost issues.
>
> Now I realise I am probably asking for too much, but if you don't  
> ask you
> don't get.
>
> I'm wondering if there is Linksys router based hack out there?

Over on freebsd-small there is an on-going thread about getting  
FreeBSD 6 running on the ixp42x CPUs.
(It actually already runs under NetBSD, sans Ethernet.)

I'm actually heading up a "group buy" of some development boards in  
this effort.   Having said that there
are two interesting, cheap platforms that should work without too  
much effort once the basics are in-place (via
the development boards:

1) Linksys WRV54G (note: >not< WRT54G).   The wrv54g is powered by an  
Intel Xscale IXP422 CPU @ 266MHz which has a built-in crypto  
accelerator, and provisions for 2 Ethernets, as well as 4 PCI  
devices, all "on-die".   The WRV54G
has 2 miniPCI sockets (one with an Intersil-based 802.11g card).  One  
of the on-die Ethernet ports is attached to a PHY and an RJ45, the  
other is attached to one 'port' of a 5-port switch (so you get to see  
4 ports).  32MB RAM, 8MB flash.

Amazon currently sells these for $129.

2) Linksys NSLU2.  This device has an IXP420, which has no crypto  
accelerator.  As shipped by Linksys they run at 133MHz, but its  
simple to hack them to run at 266MHz.  32MB ram, 8MB flash.  One  
Ethernet with the PHY and RJ45 port.  (The other MAC is not  
accessible.)  The only device on the PCI bus is a USB 2.0 controller,  
but you could, of course, use USB Ethernet dongles to enable a second  
and third 10/100 Ethernet.

The wrv54g is about the size of a book.   The NSLU2 is about the size  
of a deck of cards.

Both should be running FreeBSD 6 before the end of the year.   Given  
m0n0wall's current size, its possible that we may be able to 'fit' a  
future m0n0wall variant on these (and other) boards.

I'm especially interested in getting m0n0wall (or an extremely  
stripped-down pfSense) on running on something like a wrv54g, and  
'FreeNAS' running on the NSLU2.

That should give linux a run for its money, eh?

But >today<.... you don't have a lot of options.

Jim

> As before any suggestions / ideas much appreciated.
>
> Cheers,
>
> Charlie
>
> -----Original Message-----
> From: Ramunas [mailto:m0n0 at liongerimai dot lt]
> Sent: 02 June 2006 08:21
> To: m0n0wall at lists dot m0n0 dot ch
> Subject: RE: [m0n0wall] Cheap Hardware
>
>  I think any old PC (486) will do the trick.
>
> -----Original Message-----
> From: Charlie Barker [mailto:CharlieBarker at RedlineSoftware dot co dot uk]
> Sent: Friday, June 02, 2006 9:55 AM
> To: m0n0wall at lists dot m0n0 dot ch
> Subject: [m0n0wall] Cheap Hardware
>
> Hi all,
>
> I'm sure this will have been asked before but is there a cheaper  
> hardware
> option than a Net45xx?
>
> I'm only looking for two eth ports, it will be for home use so not  
> a lot of
> horse power required.
>
> Any advice much appreciated.
>
> Charlie
>
> -----Original Message-----
> From: dasz [mailto:daszylstra at comcast dot net]
> Sent: 02 June 2006 04:50
> To: Phil Greenway; m0n0wall at lists dot m0n0 dot ch
> Subject: Re: [m0n0wall] Blocking IP Addresses
>
> ---- Original Message -----
> Sent: Thursday, June 01, 2006 9:26 PM
> Subject: [m0n0wall] Blocking IP Addresses
>
>
> Hi,
>
> I've got the IP addresses of some audio streaming sites I'd like to  
> block,
> however, I've tried a number of different things with the m0n0wall  
> Rules,
> but I still can't block this traffic.
>
> The handbook says it's possible, just doesn't say how.
>
> Can someone please spell it out in plain english or screenshots ?
>
> Regards,
>
> Phil Greenway
>
> Systems Administrator
>
> ---------------------------------------------------------------------- 
> ------
> ---
> Phil,
>
> I'm not sure if this is it, but  the rules are processed from the  
> top of the
>
> list down (i.e. if the first rule allows an IP address outbound  
> access that
> will trump a block rule that is lower in the list):
> log in to management interface
> On left side click "Rules" (under Firewall) Click on the "LAN" tab  
> Add a
> rule by clicking on the + to the lower right of the rule list
>     Action = Block
>     Interface=LAN
>     Protocol=Any
>     Source=any
>     Source port range=any
>     Destination=IP address or subnet of what you want to block
>     Destination port range=any
>     Description=descriptive test to help you remember what this  
> rule is for
> After the rule is added click the check box to the left of it then  
> click the
>
> left arrow button next to the very top rule to move the new rule to  
> the top.
>
> Maybe experiment with a known website IP first to prove it is  
> working in
> case the audio streaming has multiple servers - once you prove you  
> can block
>
> a website it will be easy to do the rest . . . . . . then once you  
> prove
> those get blocked you can start drilling the rule down to specific  
> ports in
> case you still need access to those IPs for other traffic . . . . .
>
> -David Z
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>
>
> This message has been scanned by VSL AVS 'Enterprise'
>
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>
>
> This message has been scanned by VSL AVS 'Enterprise'
>
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch