14

Does anyone know of a low power server/pc that have 2 NIC's, so it can be used for a (OpenBSD) firewall?

Sandra

Josh Brower
  • 1,659
  • 3
  • 18
  • 29
Sandra
  • 9,973
  • 37
  • 104
  • 160

7 Answers7

13

What sort of load do you need to handle and (if you plan on needing to NAT) how many states do you anticipate needing to track? If under 50Mbit and 20k states or so, I'd highly recommend using an ALIX embedded computer. I have many of these deployed as router/firewall/vpn devices, running PFSense. PFSense is based on FreeBSD, so it's likely getting OpenBSD running on it will be quite easy. All of the units like this I've deployed are using the ALIX 2d3 board, which has three network interfaces (can add as many VLAN interfaces as you want to any of these physical interfaces), a 500MHz processor, and 256 MB RAM. They're rock-solid stable, run very cool, and draw a max of 6 watts or so.

If you need something with a bit more horsepower, then follow Wesley's advice. HP rackmount servers are very good, as long as, like he said, you stay away from the very low-end servers which are really just desktop motherboards stuffed into a rackmount case.

Edit: Total cost for the ALIX 2d3 solution will be about $150 for the board, power supply, case, and CF card.

EEAA
  • 108,414
  • 18
  • 172
  • 242
  • 1
    Awesome stuff! It was just what I was looking for! =) I also found this http://www.soekris.com/net5501.htm – Sandra Mar 07 '10 at 20:52
  • Yah, Soekris has been around for a long time and I do know of people running PFSense on them. For whatever reason, though, it seems like most people prefer the ALIX boards. I'm not sure if that's due to stability, performance, or some other factor. Enjoy the board! In my experience, they've been nothing but a pleasure to work with. – EEAA Mar 07 '10 at 20:53
  • Check out my post to see my exp with Alix + PfSense==http://tothelasttribe.com/blog/2009/04/building-a-firewall-pfsense-on-an-alix-2d3/ – Josh Brower Mar 07 '10 at 22:17
  • Not to detract from pfSense; for those interested in DYI, there is also Vyatta Community Edition, which is built on top of Debian Linux instead of *BSD. – Joe Internet Mar 08 '10 at 03:08
  • This looks good. Will this hardware cope with VPN encryption work when using remote desktop though? – UpTheCreek Aug 30 '10 at 07:52
4

Really, you just need to pick out one of the lower-end servers offered by a major vender. Just determine if you need a desktop or rackmount form factor. For example, HP's ML/DL 100 series of tower/rackmount servers would be good. Just avoid the lowest of the low such as the ML 110/115. Lowest end servers usually have some important corners that have been cut like disk controllers, NICS and management features.

You could get a decent lower end server for under $1,000 easy.

Wesley
  • 32,320
  • 9
  • 80
  • 116
  • 1
    Rack mount would be great, but it is not that important. The biggest problem is the power consumption, as it should only be firewall for a 20Mbit connection. So I was thinking perhaps something in the 50Watt range? Does that exist? – Sandra Mar 07 '10 at 19:40
  • 50watt? That's a bit of a stretch... You might have to go for a more specialized piece of machinery. Let us know what you find! =) – Wesley Mar 07 '10 at 20:50
2

How about something based on a mini-itx motherboard?

Jona
  • 746
  • 1
  • 9
  • 17
  • +1 - that is about the best advice. Some nice micro system based on ATOM etc. will run your normal OS of any sort, draw little power and thre are boards with ton of ethernet interfaces. Plus a lot more horse power than 256mb etc. - dual core, 2gb ram are easily doable. – TomTom Jun 13 '10 at 13:18
2

I am suprised that nobody mentioned the fit-PC2i that always seems to come up in this application area.

Rodney Schuler
  • 683
  • 2
  • 9
  • 17
2

I 2nd the Alix + Pfsense.

I built one (http://tothelasttribe.com/blog/2009/04/building-a-firewall-pfsense-on-an-alix-2d3/), and have nothing but positive things to say about it.

-Josh

Josh Brower
  • 1,659
  • 3
  • 18
  • 29
1

Living outside of the US, the cost for one of those embedded systems no longer becomes an advantage once shipping is factored into.

For me, I run m0n0wall on an Atom 330 instead (http://perpetuallybored.com/2010/02/12/high-performance-and-affordable-router-with-m0n0wall-and-atom/). Not the most low powered solution, but it works.

sheepbrew
  • 227
  • 2
  • 3
  • The problem with Monowall is, that you can't access your own external IP from the inside. From that I can read, they have no plans on fixing this =( Also the dhcpd doesn't allow "Option"'s to be passed along. – Sandra Mar 07 '10 at 23:05
  • OT, but where did you get that from? i got the intel one from laser distributer some time back... SLS never seems to list the atom boxes on their fliers ;p – Journeyman Geek Mar 08 '10 at 01:35
  • I bought mine from Video-Pro. – sheepbrew Mar 19 '10 at 13:52
0

As you've explicitly asked for a low power machine I suggest that any old PC will suffice. At work I'm using a PC that was replaced because it was too low spec for use as a workstation, with a pair of extra NICs thrown in (one for the DMZ). At home I'm using an old Celeron that was going to be thrown out by someone I know, also with an extra pair of NICs installed.

John Gardeniers
  • 27,262
  • 12
  • 53
  • 108
  • Reality check: old PC's draw more power than new ones, unless you go ANCIENT. Power consumption thank heaven went DOWN the last years. – TomTom Jun 13 '10 at 13:17
  • @TomTom, there is nothing in the question to indicate that the OP is looking for a low power consumption machine. I read it as meaning a low computing power machine. Only the OP can tell us which is correct but I'm getting really fed up with you downvoting my answers simply because you haven't read the question properly. – John Gardeniers Jun 13 '10 at 21:53