[TriLUG] Best appliance for Linux firewall?

Ken Mink ken.mink at gmail.com
Fri Aug 9 13:53:48 EDT 2013 

On 8/9/13 6:38 AM, Steve Litt wrote:
> On Thu, 08 Aug 2013 15:12:23 -0400
> Ken Mink <ken.mink at gmail.com> wrote:
>
>> On 08/08/2013 09:57 AM, Brian Henning wrote:
>>> Hi Gang!
>>>
>>> At home, pretty much all my services and stuff run on a single box,
>>> and that box is starting to collapse under the weight.  I'm ready
>>> to start divvying up functions across discrete devices.  First to
>>> go is the firewall; not a heavy-hitter, but easy to carve off.  So,
>>> what do people suggest as the best appliance-form-factor Linux
>>> computer?  Obviously 2+ NICs is the biggest priority.  Here's what
>>> I've considered so far:
>>>
>>> 1) WRT54GL + OpenWRT
>>>     Pros: Inexpensive, solid
>>>     Cons: Don't need another WAP
>>>
>>> 2) Globalscale Mirabox
>>>     Pros: Fast ARM CPU, could host additional services w/ outboard
>>> USB HDD Cons: Globalscale's iffy reputation, relatively unproven
>>> product, more expensive, possible to perma-brick
>>>
>>> 3) ???
>> I use a SheevaPlug with a cheap USB NIC for the second port. It runs
>> DHCP and Bind as well as a home-grown firewall script. It uses an SD
>> card as main storage, so you buy what you think you'll need. It's
>> also has a built-in JTAG port, so it's difficult to brick.
>>
>> Ken
> Ken, Do you use the USB NIC on the Internet side of the firewall? Does
> it have enough speed not to be a bottleneck to your broadband
> connection? How much bandwidth are you getting through it?
>
> I hear endless debates about whether or not a USB NIC can carry the
> load, so I'm really glad to meet someone actually doing it.
>
> Thanks,
>
> SteveT
Steve,
   Since you brought it up, I decided to see what kind of throughput I'm 
getting. I downloaded the torrent file for CentOS 6.4. I wanted 
something that would be really well seeded. I client was running behind 
the Sheeva. It reported a download speed of 1.7M BYTES/sec. My TWC 
connection is supposed to be 15M BITS/sec. Allowing for the different 
units, I'd say the USB NIC is keeping up just fine.

Of course, YMMV.

Ken

More information about the TriLUG mailing list