little PCs for internet gateways
By gateway, I mean router/firewall/whatever box that sits between your LAN and the internet. Reasonable choices: - ISP-provided / sanctioned device (combo wireless router and modem) - ISP modem + user provided wireless router + possibly running custom firmware like CeroWRT or OpenWRT - ISP modem + PC acting as router + lots of possible software (pfsense, debian, whatever) For a variety of reasons I've always used PCs. But which PCs are best for this? Here's an interesting pair of articles on using little PCs as gateways: <http://arstechnica.com/gadgets/2016/04/the-ars-guide-to-building-a-linux-router-from-scratch/> <http://arstechnica.com/gadgets/2016/09/the-router-rumble-ars-diy-build-faces-better-tests-tougher-competition/> My previous gateways were SFF business PCs from a previous millenium. Built like tanks. Reliable. Running full Red Hat Linux, so quite familiar, versatile, and powerful. But they eat more electricity than they should. And they are not silent. My next generation, years in the making, is here. I've chosen to use two different Zotac Zbox tiny PCs. - the CI321 is a fanless box with two ethernet ports (two is the minimum for a pleasant router). - the RI323 has a fan and two ethernet ports. It is more fully-featured and I got it cheap. It even has two 2.5" drive bays. Both these us low power Haswell processors: The Celeron 2961Y. This means no AES-NI instructions :-( Both use Realtek chips for the ethernet ports. I understand that they have a mediocre record. There are a lot of nice-looking candidate PCs that you can order from China. Some with 4 ethernet ports. Unfortunately, the affordable one all use Baytrail or newer Atom cores (eg. J1900). This is what the newer Ars article recommends. But I would not use that processor because Intel has left a bug in the power management / clocking code of the Linux kernel for a couple of years. Who wants an unreliable gateway? <https://bugzilla.kernel.org/show_bug.cgi?id=109051> I'm prompted to write this by a current sale and rebate on the Zboxes (rebate offer ends with this month). <http://www.ncix.com/detail/zotac-zbox-ri323-barebone-mini-38-130690.htm> <http://www.directcanada.com/products/?sku=26671130690&vpn=ZBOX-RI323-U&manufacture=Zotac> <http://www.ncix.com/products/?sku=DH8888119815> <http://www.mirhelp.com/wp-content/uploads/2016/09/Oct-Mail-In-Rebate-Form-F-MIR1016-NCIX.pdf> Summary: - about $170 - $20 rebate for the RI323 - about $185 - $15 rebate for the CI321 Each needs a disk and RAM added.
On Tue, 2016/10/25 05:47:02PM -0400, D. Hugh Redelmeier via talk <talk@gtalug.org> wrote: | By gateway, I mean router/firewall/whatever box that sits between your | LAN and the internet. | I've chosen to use two different Zotac Zbox tiny PCs. | - the CI321 is a fanless box with two ethernet ports (two is the | minimum for a pleasant router). | - the RI323 has a fan and two ethernet ports. It is more | fully-featured and I got it cheap. It even has two 2.5" drive bays. Thanks for the pointer - those are interesting. You might want to look at the pfsense/netgate boxes e.g. the "SG-1000 microFirewall Security Appliance" for $149USD http://store.netgate.com/SG-1000.aspx And of course I might recommend pfsense on the Zotec boxes. Hope that's helpful to someone - cheers! John
On 10/25/2016 05:47 PM, D. Hugh Redelmeier via talk wrote:
My previous gateways were SFF business PCs from a previous millenium. Built like tanks. Reliable. Running full Red Hat Linux, so quite familiar, versatile, and powerful. But they eat more electricity than they should. And they are not silent.
My current firewall/router is an HP small form factor PC, running pfSense. I had previously used openSUSE, but it wouldn't work with DHCPv6, which is needed to get IPv6 from Rogers. pfSense handles it well,
On 10/25/2016 05:47 PM, D. Hugh Redelmeier via talk wrote:
By gateway, I mean router/firewall/whatever box that sits between your LAN and the internet.
Reasonable choices:
- ISP-provided / sanctioned device (combo wireless router and modem)
- ISP modem + user provided wireless router
+ possibly running custom firmware like CeroWRT or OpenWRT
- ISP modem + PC acting as router
+ lots of possible software (pfsense, debian, whatever)
For a variety of reasons I've always used PCs. But which PCs are best for this?
I have used http://www.acrosser.com/ for a number of network projects. The nice thing about their products is that they have enough horsepower to run a full up linux install. They once upon a time had some nice fanless 6port computers which were great for router/firewall applications. They are not the cheapest but if you look around you will see lots of their products re-branded by others as complete solutions. -- Alvin Starr || voice: (905)513-7688 Netvel Inc. || Cell: (416)806-0133 alvin@netvel.net ||
| From: Alvin Starr via talk <talk@gtalug.org> | I have used http://www.acrosser.com/ for a number of network projects. | The nice thing about their products is that they have enough horsepower to run | a full up linux install. A quick look at acrosser gets me to pre-haswell intel boxes -- quite wasteful of power, I would think.
On Tue, Oct 25, 2016 at 05:47:02PM -0400, D. Hugh Redelmeier via talk wrote:
By gateway, I mean router/firewall/whatever box that sits between your LAN and the internet.
Reasonable choices:
- ISP-provided / sanctioned device (combo wireless router and modem)
- ISP modem + user provided wireless router
+ possibly running custom firmware like CeroWRT or OpenWRT
I currently use a WRT1900ACv2 running LEDE. Plenty powerful for the job.
- ISP modem + PC acting as router
+ lots of possible software (pfsense, debian, whatever)
For a variety of reasons I've always used PCs. But which PCs are best for this?
I stopped using a PC for routing at home years ago. Probably around the time I wanted wifi and it made sense to have that be the box doing it.
Here's an interesting pair of articles on using little PCs as gateways: <http://arstechnica.com/gadgets/2016/04/the-ars-guide-to-building-a-linux-router-from-scratch/> <http://arstechnica.com/gadgets/2016/09/the-router-rumble-ars-diy-build-faces-better-tests-tougher-competition/>
My previous gateways were SFF business PCs from a previous millenium. Built like tanks. Reliable. Running full Red Hat Linux, so quite familiar, versatile, and powerful. But they eat more electricity than they should. And they are not silent.
My next generation, years in the making, is here.
I've chosen to use two different Zotac Zbox tiny PCs.
- the CI321 is a fanless box with two ethernet ports (two is the minimum for a pleasant router).
I see it uses intel wifi. From what I have seen, running as as an AP only works in 2.4GHz mode, they don't allow AP operation in 5GHz bands. That's pretty inconvinient.
- the RI323 has a fan and two ethernet ports. It is more fully-featured and I got it cheap. It even has two 2.5" drive bays.
Both these us low power Haswell processors: The Celeron 2961Y. This means no AES-NI instructions :-(
Both use Realtek chips for the ethernet ports. I understand that they have a mediocre record.
Yeah they do.
There are a lot of nice-looking candidate PCs that you can order from China. Some with 4 ethernet ports. Unfortunately, the affordable one all use Baytrail or newer Atom cores (eg. J1900). This is what the newer Ars article recommends. But I would not use that processor because Intel has left a bug in the power management / clocking code of the Linux kernel for a couple of years. Who wants an unreliable gateway?
<https://bugzilla.kernel.org/show_bug.cgi?id=109051>
I'm prompted to write this by a current sale and rebate on the Zboxes (rebate offer ends with this month).
<http://www.ncix.com/detail/zotac-zbox-ri323-barebone-mini-38-130690.htm> <http://www.directcanada.com/products/?sku=26671130690&vpn=ZBOX-RI323-U&manufacture=Zotac>
<http://www.ncix.com/products/?sku=DH8888119815>
<http://www.mirhelp.com/wp-content/uploads/2016/09/Oct-Mail-In-Rebate-Form-F-MIR1016-NCIX.pdf>
Summary:
- about $170 - $20 rebate for the RI323
- about $185 - $15 rebate for the CI321
Each needs a disk and RAM added.
Hmm, for that price I think I will stick with my WRT (although it was only down in that price range because I got it on sale I suppose). -- Len Sorensen
participants (5)
-
Alvin Starr -
D. Hugh Redelmeier -
James Knott -
John Sellens -
lsorense@csclub.uwaterloo.ca