Keith Lofstrom wrote:
> I have been using an old laptop as my firewall - running SL5
> like all my other computers.
>
> I recently purchased an ALIX 2D3 single board computer ( designed
> by PC Engines of Switzerland, http://www.pcengines.ch/alix2d3.htm
> and sold by netgate.com for $180 with case and power supply).
> The board has 3 ethernet ports ( WAN, LAN, DMZ ), 256MB of RAM,
> and uses a 500MHz AMD Geode X86-compatible processor with
> built-in AES crypto engine (for speeding up VPN links). It uses
> a Compact Flash card for "disk" though it also has a header that
> can connect to a PATA hard drive. No video display, though there
> are USB connectors and a mini-PCI slot on the board where a
> display card can be added.
>
> The board draws less than 4 watts operating. So it is about 3X
> faster than the old laptop, and 10x less power. Some people are
> setting these up with the OpenWRT distro, but that is optimized
> for small flash footprint, and has too many bugs IMHO. I tried
> that for a few frustrating days, and gave up.
>
> I attached the CF card to a USB adapter, attached that to a
> diskless desktop computer, and installed from the SL5 DVD. After
> tweaking /etc/fstab , /boot/grub/menu.lst , and /etc/inittab for
> a serial console and different drive names, the card booted fine
> on the ALIX. I made some flash-friendly changes (noatime, remote
> logging, ramdisk /tmp, etc). I also added a rc file to copy the
> MAC address of my old WAN connection. I am moving the config
> files from the old firewall laptop now, and will deploy soon.
Just a caution.
I don't use IPcop, but I did have a quick look at it, and a friend of
mine likes it.
It's been running from CF for years, there are CF->IDE adaptors around.
Apparently the IPCop folk have some CF-friendly kernel patches it might
be worth checking out for.
--
Cheers
John
-- spambait
[log in to unmask] [log in to unmask]
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375
You cannot reply off-list:-)
|