I'm looking for some kind of appliance like box, maybe something like this:http://www.soekris.com/net5501.htm on which I could deploy iptables based firewall/openvpn/DNS and other local network services in a wide area network. I would probably install on a flash device. I would prefer something that was relatively easy to install on, or at least has been used with CentOS before, where I'm not needing to pull my hair out finding working drivers, building custom kernels etc. Though I might spend time down the road to come up with an extremely minimal install, for rapid deployment in the first round, I'd like to be able to do a pretty standard install and have a full featured CentOS system that I could logon to and use for local network administrative tasks. I could use something like a Mac mini, but my sense is there are are probably less expensive and more suitable devices. - Two ethernet interfaces - working drivers for CentOS - flash - enterprise quality (i.e. not some flakey little home router device) - fast enough to do openvpn encryption on WAN links ranging from 50mb to 100mb Though I do want enterprise quality, my sense is to make the device affordable enough that I could keep spares on site for backup purposes. I would appreciate anyones experience with deploying such a setup. Thanks, Nataraj -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20101228/bbb111e6/attachment-0001.html>
Hi Nataraj, Take a look at the Intel Atom platform. The D510MO & D945GCLF2D run beautifully under CentOS and I've used both as firewalls in the past. Another linux based firewall system I use has users reporting the two boards above supporting AV, Content Filtering (proxy), etc on 50Mbps FIOS connections down in the states. If you want multiple onboard nics, the Jetway boards are also supposedly decent. I've never used one but users from the same site have reported sucess with these boards, and the optional 3x1GB nic still fits within the ATX backplate. Only downside to these boards, both Intel & Jetway, is they seem to prefer Realtek chipsets onboard. Jetway I understand because of price points. Intel I don't as the Pro/1000 is a rock solid nic. That said, I've never had a problem with flaky drivers or hardware from Realtek. Maybe I'm just lucky. :-) -- Drew "Nothing in life is to be feared. It is only to be understood." --Marie Curie
On 12/28/10 1:55 PM, Nataraj wrote:> > - fast enough to do openvpn encryption on WAN links ranging from 50mb > to 100mbTHAT is a tough requirement. I was going to recommend the Alix boards. they run pfSense really nicely, and should be able to run a stripped down centos install OK. with pfSense, you can boot from a CF card, so no HD at all. The Alix cards use a 433-500Mhz AMD Geode ultra-low power processor, on a 6x6 card. they use 5 watts fully configured. but, 100Mbit/sec SSL encryption, ouch. don't know. you'd probably have to benchmark that.