[nycbug-talk] BSD Embedded Solutions for Commodity Home Routers

Isaac Levy ike at lesmuug.org
Fri Aug 10 09:53:02 EDT 2007

Hi H.G., All,

Much of my answer is opinion, please take it with a grain of salt;

On Aug 9, 2007, at 9:20 PM, H. G. wrote:

> Greets folks.
> By now, most of us have heard about projects like OpenWRT, Sveasoft  
> and other Linux
> solutions for running embedded on commodity home routers, like the  
> infamous Linksys
> WRT54G.

Here's one thing about your question that I believe other posters  
missed- (for good reason).

Basically, all the "Linksys-hack" projects are aimed at hardware  
which has to be reverse-engineered.  The WRT54G is *not* an open  
hardware platform, and running anything other than the Linksys- 
supplied hardware is not supported.

So, for sanity's sake, it's fairly insane to run this kind of thing  
in any environment where it *needs to work*.  (e.g. a small office,  
home office even...).  These projects, although created by brilliant  
people, are hobbyist toys- and nothing I'd ever dream of  
intentionally leaving on a client's office T1.

So while all the hardware may be 'cheap' and plentiful, it's not  
really meant to last.  (I mean last in this way: people came up with  
all kinds of bar-code reader software for the old WiredMag 'Cue-Cat',  
and those things are long-gone too, right...)

Philosophical Rant:

These are paths I, (and it seems most *BSD people), don't care to  
take- reverse-engineering proprietary and/or crappy hardware usually  
leads to a dead end- unless it brings HUGE short-term gains or benefits.

Tearing into wonkie hardware (like a WRT54G) leads to trouble down  
the road, for example, all wireless cards are not alike... (e.g. so  
when a 2.4ghz phone conflict bites, will your card/software combo  
cope?  Or what about little tweaks that can mean a lot, like signal  
strength settings?  Or what about altq on your nics, when bittorrent  
gets out of hand?)  The risks in minutia becomes nauseating with the  
cheapo gear- you never know what you *really* have to work with.

Regarding the uses- "but this is just for my home network, and I like  
hacking stuff".
If you really like hacking network stuff, just load up a good UNIX  
(OpenBSD or something) on a soekris or a PC even, and get to  
hacking.  If you want a Web-Gui and you just want the network to  
*run*, so you can *do and hack other things*, drop MonoWall or  
PFSense into your network.

The Linksys hack stuff is simply a bad middle-space between the two  
frames of mind.  You can't do *really* powerful stuff with it, (like  
you could using a raw UNIX with good networking tools)- and you  
aren't going to be running a "tinker-free" network, (the kind you'd  
trust to deploy for a client).

> I haven't heard of any equivelent BSD offerings, and the most I've  
> found
> through Web searches has been "WifiBSD", which doesn't appear to  
> have seen activity
> since 2005.  Do there really exist no solutions in this space?  If  
> there are, anyone have
> practical experience w/ them?
> Purely curious.

However, to constructively respond to my own whining above, there's  
plenty of VERY inexpensive hardware which runs PfSense and MonoWALL-  
both of which I've successfully deployed at multiple client offices,  
and in my home office network- (both are extremely reliable, I might  
add).  MonoWall has a faster user interface by far on small  
hardwares, but PFSense is far more advanced and flexible (it provides  
shell access, for example)- I use them both.

On Aug 10, 2007, at 12:43 AM, Peter Wright wrote:
> http://m0n0.ch/wall/
> http://www.pfsense.org/

Great hardware is here:
(my favorite stuff, 4801's are like Yellow Cabs to me- standard,  
tough, simple.)



Only complaint/annoyance:
The wireless drivers are different for older MonoWall and PFSense-  
the best rule of thumb:
Stick to Atheros for the PFSense boxes and you'll be VERY happy with  
Newer MonoWALL runs the Atheros cards too, but I've not used that  
combo- Lucent and Prism cards rock the older MonoWall releases.

And one more thing, in case you don't want to drop a dime to get nice  
little hardwares...

Both MonoWall and PFSense can RUN FROM THE INSTALL CD, and  
optionally, the config can be written to a disk (floppy drive, old  
USB key in your desk drawer, etc...)

This is how I first started using them- I slapped some ethernet NICS  
into old 350mhz machines I found on the street, and started screwing  
around with it.  That was nearly 3 or 4 years ago, (yikes time  
flies), and now that I use it in client offices- this has REALLY come  
in handy since.  A lightning storm took out a bunch of equipment in  
an office, (even though it was all well protected), and their 2  
Soekris boards got fried.  I came in that night, and had them up and  
running for 8am, by piecing together old PC crap- (one of the routers  
was just a motherboard and a CDRom drive, with the NICS sticking up  
in the air off the board).

It held up great until we could replace the soekris boards, and the  
office ran without work-day downtime.  And aside from being called in  
late that night, I didn't loose my mind setting this up- it was all  
simple and intuitive- (I even used my backed-up config files, I mean  
this was almost brainless).

End point, I can't imagine there are any similar 'success stories'  
for people using the hacked Linksys gear.  If there are, I'd bet the  
sysadmins spent *way* more time tinkering with esoteric hardware  
workaround crud than they did configuring the network...

/end ike .02¢, sry. perhaps way too long for this topic...


More information about the talk mailing list