Low Power Hardware for a Linux Based Router / Firewall

  • Thread starter Thread starter linuxlover992000
  • Start date Start date
L

linuxlover992000

After about 2 years of using NETGEAR FVS328 router / firewall with
extreme disappointment, I am ready to give up on it. Yeah, it cost me
almost $200 but it is so buggy and less functional than an older Linux
RH 6.2 based firewall that I built many years ago, it's not even
funny.

Dealing with NETGEAR's customer (dis)service was horrific, too. What's
more frustrating is that shortly after I purchased this router/
firewall brand new, NETGEAR decide to cease releasing bugfixes for its
firmware. And let me tell you, its firmware is embarassingly buggy. Up
until that experience I used to prefer NETGEAR products because of
their fanless design and the professional metal encasing, but now I
vowed to never purchase NETGEAR products again (not because of one ill
designed product, but because of their useless warranty and customer
support attitude).

So... after this introductory ranting, I am basically determined to
build my own router / firewall - based on Linux. This is something I
have done in the past very successfully and so I believe that this
will give me the ultimate solution.

For this project however, I am not interested in running Linux on any
PC hardware, but rather use very low power platform - preferrably less
than 20 watts (and preferrably fanless).

So far, I managed to find a very nice candidate: the Linksys WRT54G
(and its variants):

http://en.wikipedia.org/wiki/WRT54G

However, despite the wealth of information in the above Wikipedia
article, it is unclear to me whether this cute little box can provide
me enough flexibility and power to run iptables, provide adequate
logging, provide DNS caching and NTP service and support VPN. Also, it
would be great if my "hardware of choice" could have an RS-232 for
connecting to a modem as a backup connection.

Which probably means that I may need to forego the < 20W ideal ?

I know about the VIA mini-ITX option, but that seems to be an overkill
(price and power consumption) - especially when it has only one NIC,
no modem - and requires additional components to become useful. It
seems to be more suitable for a low-end multimedia machine.

Thus, my question to you is: Do you know about additional options or
alternatives that can allow me accomplish the goal of implementing my
own Linux based firewall? Any tips, pointers, URLs and other
information would be greatly appreciated.

Thanks!
Lynn

P.S. Anyone knows whether the WRT54G uses a fan to dissipate heat?
 
After about 2 years of using NETGEAR FVS328 router / firewall with
extreme disappointment, I am ready to give up on it. Yeah, it cost me
almost $200 but it is so buggy and less functional than an older Linux
RH 6.2 based firewall that I built many years ago, it's not even
funny.

Dealing with NETGEAR's customer (dis)service was horrific, too. What's
more frustrating is that shortly after I purchased this router/
firewall brand new, NETGEAR decide to cease releasing bugfixes for its
firmware. And let me tell you, its firmware is embarassingly buggy. Up
until that experience I used to prefer NETGEAR products because of
their fanless design and the professional metal encasing, but now I
vowed to never purchase NETGEAR products again (not because of one ill
designed product, but because of their useless warranty and customer
support attitude).

So... after this introductory ranting, I am basically determined to
build my own router / firewall - based on Linux. This is something I
have done in the past very successfully and so I believe that this
will give me the ultimate solution.

For this project however, I am not interested in running Linux on any
PC hardware, but rather use very low power platform - preferrably less
than 20 watts (and preferrably fanless).

So far, I managed to find a very nice candidate: the Linksys WRT54G
(and its variants):

http://en.wikipedia.org/wiki/WRT54G

However, despite the wealth of information in the above Wikipedia
article, it is unclear to me whether this cute little box can provide
me enough flexibility and power to run iptables, provide adequate
logging, provide DNS caching and NTP service and support VPN. Also, it
would be great if my "hardware of choice" could have an RS-232 for
connecting to a modem as a backup connection.

Which probably means that I may need to forego the < 20W ideal ?

I know about the VIA mini-ITX option, but that seems to be an overkill
(price and power consumption) - especially when it has only one NIC,
no modem - and requires additional components to become useful. It
seems to be more suitable for a low-end multimedia machine.

Thus, my question to you is: Do you know about additional options or
alternatives that can allow me accomplish the goal of implementing my
own Linux based firewall? Any tips, pointers, URLs and other
information would be greatly appreciated.

Thanks!
Lynn

P.S. Anyone knows whether the WRT54G uses a fan to dissipate heat?

This is the strangest offering I've seen lately. PCChips V21G.
Motherboard with 1.5GHz CPU soldered to the board (no socket).
Uses DDR2 RAM. Has two PCI slots. $70. Only one NIC onboard.
Has a serial port.

http://www.newegg.com/Product/ProductReview.aspx?Item=N82E16813185094

Info on the VIA C7 processor is here.

http://www.via.com.tw/en/products/processors/c7/

Maybe a cooler like Thermalright HR-05 would work, but I don't know
if you can find an actual theta_R thermal rating for it somewhere.
The Northbridge on some motherboards, draws more power than the C7.
The idea would be, to remove the heatsink/fan on the V21G CPU,
that PCChips put on there, and install the HR-05 in its place. It
all depends on whether the hole placement on the diagonal clamp,
has the same dimensions as the heatsink used by PCChips. One other
issue is the size of the C7 processor - I don't know if it is big
enough to properly support the HR-05. But this is just an idea,
if you wanted to attempt passive cooling. I don't know how well it would
work.

http://www.pcmoddingmy.com/e107_plugins/content/content.php?content.372.1

Paul
 
Wow! Paul, thanks for bringing this one to my attention - it seems
almost like a perfect match for me. Two PCI slots mean I can add a
second NIC and perhaps a PCI modem, not requiring an external one.

This seems a better option than the Linksys WRT54G since it can allow
me installing a Linux distro like Fedora Core which I am sure cannot
fit into the WRT54G.

As for removing the fan, perhaps I can run the board at a lower CPU
speed (500MHz to 800 MHz) and use a more moderate heatsink solution.

I think that for firewalling + routing + DNS caching + NTP serving +
DHCP 500 MHz is more than enough.

What I especially like about the board you brought to my attention is
the price (about 1/3 of a comparable VIA mini-ITX).

I now have to check whether it has any Linux compatibility issues.

Why did you say "strangest offering"? What's strange about it?

Thanks!
Lynn
 
Why did you say "strangest offering"? What's strange about it?

Thanks!
Lynn

Any time a manufacturer goes out on a limb, and experiments, it
is strange. Motherboard companies are very conservative, and
every product fits into a "slot". There is seldom any
innovation. But this one is different. We might not see two
of these, depending on how many are sold. Otherwise it'll be
a steady diet of "Mini-ITX" :-)

http://www.mini-itx.com/

Other unique things that didn't last, were motherboards with
mobile chipsets on them. Which would also have been fun to
play with, if the processor power was only low enough. They
were priced very expensive, which guaranteed their demise.

Maybe a year ago, there were some "bundles" from a couple
retailers, where they included a S462 motherboard and
an AMD Geode processor. That too would have been a good
candidate for this kind of thing, with some underclocking.
But those have disappeared as well.

I'm also hopeful, that some of the technology going into
OLPC can trickle down into other products. For that one,
we'll have to wait and see. Somebody has to use the OLPCs
first, before the trickling can begin.

There are always things that are out of reach. A couple
years ago, there was a product I was interested in
playing with, but the only way to get one, was to buy a
whole pallet full. Nobody would retail them one at a time.
Such is life.

Paul
 
Any time a manufacturer goes out on a limb, and experiments, it
is strange. Motherboard companies are very conservative, and
every product fits into a "slot". There is seldom any
innovation. But this one is different. We might not see two
of these, depending on how many are sold. Otherwise it'll be
a steady diet of "Mini-ITX" :-)

http://www.mini-itx.com/

Other unique things that didn't last, were motherboards with
mobile chipsets on them. Which would also have been fun to
play with, if the processor power was only low enough. They
were priced very expensive, which guaranteed their demise.

Maybe a year ago, there were some "bundles" from a couple
retailers, where they included a S462 motherboard and
an AMD Geode processor. That too would have been a good
candidate for this kind of thing, with some underclocking.
But those have disappeared as well.
You can get them here:
 

In second thought, perhaps a better choice for such a router/firewall
would be an old laptop? Something like the following: http://tinyurl.com/36g85z

The nice thing about such option is that everything is already
included - especially memory, HDD and LCD. CPU power is more than
adequate for a router/firewall.

Any reason why this is not such a good idea? How much more power would
such a laptop consume?

Thanks,
Lynn
 
In second thought, perhaps a better choice for such a router/firewall
would be an old laptop? Something like the following: http://tinyurl.com/36g85z

The nice thing about such option is that everything is already
included - especially memory, HDD and LCD. CPU power is more than
adequate for a router/firewall.

Any reason why this is not such a good idea? How much more power would
such a laptop consume?

Thanks,
Lynn

Well, for each prospective solution, you'd have to look at the numbers
to see which one is better. The idea of using an ordinary motherboard,
was the hope that plain PCI cards could be used to finish the job. The
laptop has its own way of doing things. Some of the router products with
mini-PCI slots, have their own issues (like can you get any nice functions
in a mini-PCI form factor - can you buy mini-PCI at retail?). So it is a
package deal, and has to be thoroughly analyzed. The C7 is rated at 12W
or so, and it will be pretty hard to beat that power number. The competition
might have more performance, but also a higher power dissipation.

For example, here is yet another solution, found using search terms
like "router mini-pci" in an image search. I search for images of things
first, because it tends to eliminate a lot of less relevant hits.

http://www.nokytech.net/forum/showthread.php?t=60950

You can do an image search here:

http://www.altavista.com/image/default
http://images.google.ca/

Paul
 
{snip}
So far, I managed to find a very nice candidate: the Linksys WRT54G
(and its variants):

http://en.wikipedia.org/wiki/WRT54G

However, despite the wealth of information in the above Wikipedia
article, it is unclear to me whether this cute little box can provide
me enough flexibility and power to run iptables, provide adequate
logging, provide DNS caching and NTP service and support VPN. Also, it
would be great if my "hardware of choice" could have an RS-232 for
connecting to a modem as a backup connection.

I love OpenWRT Linux on my Linksys wrt54G, whick I bought used for
about 30 dollars. There is no fan. it's silent and low power. I use it
like a bridge to do WDS and cron/WOL for waking up another box. I know
IPTables runs on it, but I do knot know about VPN. I think it's worth
playing with even if it is not your final solution.

links: OpenVPN on OpenWRT: http://martybugs.net/wireless/openwrt/openvpn.cgi
OpenWrt docs: http://wiki.openwrt.org/OpenWrtDocs

I just saw this, however on Linux Devices, for $70, might be another
capable device:

http://www.linuxdevices.com/news/NS2837651365.html

it has a serial port, two ethernet ports, but it's not clear what
packages are already running on it.
 
Back
Top