Project - Building your own router\firewall - Hardware considerations

SouperComputer

Now we've probably all made our own gateway/firewalls from old PC's But what id like to do use make one that is somewhat like an actual SOHO router in terms physical form.

So what do you think is good in terms of hardware and software to start? Of course, im thinking of flash-based. The unit needs to provide a firewall, DHCP, DNS, QOS, and ideally VPN too.

Any thoughts?

melekalikimaka

<pulls up seat and notepad>

SouperComputer

could be a cool project. From picking the hardware, flashing/getting it to **in work and then the whole can of worms that is security.

/dons flamesuit

Maybe BSD?

Heres some hardware:
http://www.vmunix.com/mark/blog/archives/2005/07/13/build-your-own-router/
http://siliconkit.dnsalias.com/cart/
http://www.pcengines.ch/wrap.htm

ob

I'd be interested in building one for use as with dsl, i.e. instead of building a firewall, connecting it to a dsl modem, having just the one little box.

Have ye seen anyything similar to the wrap boards, with this functionality?

bminish

ob wrote:

I'd be interested in building one for use as with dsl, i.e. instead of building a firewall, connecting it to a dsl modem, having just the one little box.

Have ye seen anyything similar to the wrap boards, with this functionality?

http://soekris.kd85.com/

and for software pfsense is very good
http://www.pfsense.org/

bushy...

Have used these , takes away all the effort though
http://www.nmedia.net/~chris/soekris/flashdist-alternatives.html
http://www.mindrot.org/projects/flashboot/

<edit> (Better idea) this would give you more ports to play with

http://routerboard.com/img/daughter.jpg

The top board is an add-on daughterboard and the bottom board comes with an OS on flash , but it has an empty CF card slot so

h**p://www.me2000.net/wiki/index.php/Linux_on_a_Routerboard_from_Scratch

liamo

I got sick of big, old, clunky, noisy, power guzzlers. My current setup is low-power, the size of a paperback book and just as quiet.

Hardware : Soekris 4801
Software : MonoWall

Flash based : yes (or disk based, if you want)
Firewall : yes
DHCP : yes
DNS : no - but you can just use your ISP or OpenDNS
QOS : yes
VPN : yes - IPSec and PPTP

That's most of your boxes ticked.

Hope this helps.

Liam

ntlbell

liamo wrote:

I got sick of big, old, clunky, noisy, power guzzlers. My current setup is low-power, the size of a paperback book and just as quiet.

Hardware : Soekris 4801
Software : MonoWall

Flash based : yes (or disk based, if you want)
Firewall : yes
DHCP : yes
DNS : no - but you can just use your ISP or OpenDNS
QOS : yes
VPN : yes - IPSec and PPTP

That's most of your boxes ticked.

Hope this helps.

Liam

Can you not just compile bind into monowall for DNS?

Capt'n Midnight

how little computing power does it need ?

if you got a really old 486 board with no fans and set it to compatible speed how much power would that use ?

not too sure if will run without -5 , -12 iirc they are only used for serial ports

I've some old switches that supply 5V and 12 internally and would take a mother board if you wedged it in , fitting NIC's might be an issue but some are fairly flat and besides you don't need better than 10/100

monkey tennis

Why would you want to run DNS on a firewall?
If you really need to, I'd go with djbdns over bind.

Red Alert

Caching DNS and even if you have a scratch hard disk you could run Squid are great for speeding up net access.

monkey tennis

Personally, I'd rather keep a firewall and a cache/proxy as two seperate entities.