[nycbug-talk] building home firewalls out of soekris boxen
nikolai at fetissov.org
Mon Feb 4 17:07:57 EST 2008
> Anyone local here spend much time *still* with Soekris boxes? I'm
thinking of building a new firewall or two for the home, I'd like to try
something OTHER than OpenWRT (since I already have a nice wireless
gateway, thankyouverymuch...) and the little boxes just ... appeal to me.
> Comments? Praises? Brickbats?
> Either post here, or send to me & I'll summarize back.
My net4801 access point is running aging OpenBSD-4.2 GENERIC snap.
Instead of playing with flashboot/flashdist, I mess with
mount points at install vs runtime, then build devices
in a separate prototype dir. After that the flash card is
read-only, everything else is on mfs. And, of course, I had
the card partitioned at some point.
/dev/wd0a / ffs ro 1 1
/dev/wd0b none swap sw 0 0
/dev/wd0g /home ffs ro,nodev,nosuid 1 2
/dev/wd0d /usr ffs ro,nodev 1 2
swap /tmp mfs rw,nodev,nosuid,-s=16386 0 0
swap /var mfs rw,nodev,nosuid,-P=/dev/wd0e 0 0
swap /dev mfs rw,noexec,nosuid,-P=/proto/dev 0 0
The box runs everything default + dhcpd on wireless
interface + simple forwarding bind. No problems.
More information about the talk