[nycbug-talk] soho firewall

Okan Demirmen okan
Thu Mar 9 00:56:39 EST 2006

On Wed 2006.03.08 at 20:17 -0500, michael wrote:
> I'm looking for a new firewall/network device.  While I like soekris, I
> want to look at other choices before I buy another one. Besides, I have
> read that for ipsec they may not have enough umph.
> While I could probably make one out of an empty cigarette carton or
> something, I'd like it be manufactured.  I don't have any old pc's
> around to convert either. 
> I've read this
> http://shopping.hacom.net/catalog/product_info.php?cPath=22_34&products_id=85
> http://routerboard.com/rb500.html
> http://caseoutlet.com/shopexd.asp?id=208
> http://store.orbitmicro.com/commerce/ccc1168-network-appliances.htm
> http://usa.asus.com/products4.aspx?l1=1&l2=3&l3=0&model=85&modelmenu=1
> I'm looking for desktop, compact, quiet, but not too pricey.  While I
> generally prefer via, I may have to look at P4 celeron mini-itx based.
> I'd prefer cf over hard drive. I have a dual nic so, I'll need a pci
> slot.. unless three nics come onboard.  One serial is required.
> Any suggestions?


I'm sure you'll take any advice from me with a grain of salt, rather a
pile of it ;) However, I'd like you to re-consider the Soekris solution.

You are looking for a home (or soho) network device to do this or that.
The other PC's may do the job just as well, and have better performance
when it comes to only certain things, but they are lacking a serial
console, imho crucial to being a "set it and forget it -type device".
(Note I use "device" vs "just another PC") Do you really want to lug
around a clunky monitor and keyboard just to see what that stupid little
BIOS is thinking about, or how you may have mucked up your firewall, or
to simply watch it boot? (I know you like those bsd.rd upgrades :)
(someone please tell me if Apple has gotten this clue...unfortunately,
Sun hasn't really with their i386/amd64 devices)

While this mail can easily turn into a rant, I'll leave you with a
better taste in your mouth.  What sort of "umph" are you looking for out
of IPSEC? I have 9 IPSEC endpoints on my home 4801 and the thing doesn't
really care. Note that I, my clients that I connect to, nor the
neighbors that I provide access to, have high bandwidth requirements, so
the difference is negligible.  Besides, I only have a 1.5mb/s DSL line
at home.

Good luck!


More information about the talk mailing list