On Thu, Nov 15, 2012 at 3:47 PM, Chris McGee <cmcge...@gmail.com> wrote:
> Hi guys- > > I am hunting for a low-power firewall for my home network. For at least > 10 years, whenever my firewall hardware has started to die, I've grabbed a > decommissioned game PC, added a few NIC's, and put OpenBSD on it. The > firewall's current incarnation pulls about 160 watts 24/7; I'd like to > lower that by a lot. > > Requirements are: > 1) Low power (<50w; I want it to pay for itself before the hardware > dies) > 2) 4 network interfaces (3 gigabit, one gigabit or 100mbps) > 3) Cheaper is better (e.g., a $200 4-port PCIE NIC on a $75 motherboard > is suboptimal) > 4) Works with OpenBSD 5.2 > 5) Won't cause a hardware bottleneck when pushing 200mbps of > multidirectional traffic through a moderately complex pf ruleset (this > doesn't take a lot of CPU; a 1 GHz Athlon runs at about 2% under load, and > most of that is from hardware interrupts). > > It looks like a lot of people use the Alix 2D13 for this, but I rejected > it for poor throughput (it would be great for the internet connection, but > it sounds like it might be a serious bottleneck between the internal > networks). > > Jetway makes a number of promising-looking Atom boards, including the > 4-interface NF38, but the NF38 and many other JetWays use the Realtek > RTL8111EVL, which doesn't appear to be OpenBSD-friendly. You can add > interfaces to Jetway boards via their daughterboards, but those are either > Realtek RTL8111F or Intel 82574L; same problem. (Google turns up one > report of the RTL8111 series sorta working with -current, but if you read > the guy's dmesg, it doesn't look like he HAS an RTL8111 in the first > place.) > > > ...anyway, if you have a low-power OpenBSD network appliance with 3-4 > interfaces that you're happy with, please give me a yell. I've been through > a lot of boards without finding a winner so far! > > The supermicro Atom based machines are nice. I am a fan of the remote management interface, which allows power cycle, KVM over IP, virtual media, etc. It comes with 2 network interfaces, but has a PCI-E x4 that you could use for additional network ports. As another user posted, if you can spring for a layer 2 managed switch, you could get by with just 1 NIC. http://www.supermicro.com/products/system/1U/5015/SYS-5015A-EHF-D525.cfm Here is a dmesg if you are interested in the chipsets (note this is an older model with a D510 CPU): OpenBSD 5.0 (GENERIC.MP) #59: Wed Aug 17 10:19:44 MDT 2011 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Intel(R) Atom(TM) CPU D510 @ 1.66GHz ("GenuineIntel" 686-class) 1.67 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT ,DS-CPL,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE real mem = 3220283392 (3071MB) avail mem = 3157540864 (3011MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 05/26/10, BIOS32 rev. 0 @ 0xf0010, SMBIOS rev. 2.6 @ 0x9ac00 (19 entries) bios0: vendor American Megatrends Inc. version "1.0c" date 05/26/2010 bios0: Supermicro X7SPA-HF acpi0 at bios0: rev 2 acpi0: sleep states S0 S1 S4 S5 acpi0: tables DSDT FACP APIC MCFG SLIC OEMB HPET acpi0: wakeup devices P0P1(S4) PS2K(S4) PS2M(S4) USB0(S4) USB1(S4) USB2(S4) USB5(S4) EUSB(S4) USB3(S4) USB4(S4) USB6(S4) USBE(S4) P0P4( S4) P0P5(S4) P0P6(S4) P0P7(S4) P0P8(S4) P0P9(S4) GBE_(S4) SLPB(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 166MHz cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Atom(TM) CPU D510 @ 1.66GHz ("GenuineIntel" 686-class) 1.67 GHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT ,DS-CPL,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE ioapic0 at mainbus0: apid 3 pa 0xfec00000, version 20, 24 pins ioapic0: misconfigured as apic 1, remapped to apid 3 acpimcfg0 at acpi0 addr 0xe0000000, bus 0-255 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 4 (P0P1) acpiprt2 at acpi0: bus 1 (P0P4) acpiprt3 at acpi0: bus -1 (P0P5) acpiprt4 at acpi0: bus -1 (P0P6) acpiprt5 at acpi0: bus -1 (P0P7) acpiprt6 at acpi0: bus 2 (P0P8) acpiprt7 at acpi0: bus 3 (P0P9) acpicpu0 at acpi0 acpicpu1 at acpi0 acpibtn0 at acpi0: SLPB acpibtn1 at acpi0: PWRB bios0: ROM list: 0xc0000/0x8000 ipmi at mainbus0 not configured pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 "Intel Pineview DMI" rev 0x02 uhci0 at pci0 dev 26 function 0 "Intel 82801I USB" rev 0x02: apic 3 int 16 uhci1 at pci0 dev 26 function 1 "Intel 82801I USB" rev 0x02: apic 3 int 21 uhci2 at pci0 dev 26 function 2 "Intel 82801I USB" rev 0x02: apic 3 int 19 ehci0 at pci0 dev 26 function 7 "Intel 82801I USB" rev 0x02: apic 3 int 18 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1 ppb0 at pci0 dev 28 function 0 "Intel 82801I PCIE" rev 0x02: apic 3 int 17 pci1 at ppb0 bus 1 ppb1 at pci0 dev 28 function 4 "Intel 82801I PCIE" rev 0x02: apic 3 int 17 pci2 at ppb1 bus 2 em0 at pci2 dev 0 function 0 "Intel PRO/1000 MT (82574L)" rev 0x00: msi, address 00:25:90:09:9b:80 ppb2 at pci0 dev 28 function 5 "Intel 82801I PCIE" rev 0x02: apic 3 int 16 pci3 at ppb2 bus 3 em1 at pci3 dev 0 function 0 "Intel PRO/1000 MT (82574L)" rev 0x00: msi, address 00:25:90:09:9b:81 uhci3 at pci0 dev 29 function 0 "Intel 82801I USB" rev 0x02: apic 3 int 23 uhci4 at pci0 dev 29 function 1 "Intel 82801I USB" rev 0x02: apic 3 int 19 uhci5 at pci0 dev 29 function 2 "Intel 82801I USB" rev 0x02: apic 3 int 18 ehci1 at pci0 dev 29 function 7 "Intel 82801I USB" rev 0x02: apic 3 int 23 usb1 at ehci1: USB revision 2.0 uhub1 at usb1 "Intel EHCI root hub" rev 2.00/1.00 addr 1 ppb3 at pci0 dev 30 function 0 "Intel 82801BA Hub-to-PCI" rev 0x92 pci4 at ppb3 bus 4 vga1 at pci4 dev 4 function 0 "Matrox MGA G200eW" rev 0x0a wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ichpcib0 at pci0 dev 31 function 0 "Intel 82801IR LPC" rev 0x02: PM disabled pciide0 at pci0 dev 31 function 2 "Intel 82801I SATA" rev 0x02: DMA, channel 0 configured to native-PCI, channel 1 configured to native -PCI pciide0: using apic 3 int 19 for native-PCI interrupt wd0 at pciide0 channel 0 drive 0: <Hitachi HDS721010CLA332> wd0: 16-sector PIO, LBA48, 953869MB, 1953525168 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 6 ichiic0 at pci0 dev 31 function 3 "Intel 82801I SMBus" rev 0x02: apic 3 int 18 iic0 at ichiic0 lm1 at iic0 addr 0x2d: W83627DHG spdmem0 at iic0 addr 0x50: 2GB DDR2 SDRAM non-parity PC2-5300CL5 SO-DIMM spdmem1 at iic0 addr 0x51: 2GB DDR2 SDRAM non-parity PC2-5300CL5 SO-DIMM usb2 at uhci0: USB revision 1.0 uhub2 at usb2 "Intel UHCI root hub" rev 1.00/1.00 addr 1 usb3 at uhci1: USB revision 1.0 uhub3 at usb3 "Intel UHCI root hub" rev 1.00/1.00 addr 1 usb4 at uhci2: USB revision 1.0 uhub4 at usb4 "Intel UHCI root hub" rev 1.00/1.00 addr 1 usb5 at uhci3: USB revision 1.0 uhub5 at usb5 "Intel UHCI root hub" rev 1.00/1.00 addr 1 usb6 at uhci4: USB revision 1.0 uhub6 at usb6 "Intel UHCI root hub" rev 1.00/1.00 addr 1 usb7 at uhci5: USB revision 1.0 uhub7 at usb7 "Intel UHCI root hub" rev 1.00/1.00 addr 1 isa0 at ichpcib0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo com2 at isa0 port 0x3e8/8 irq 5: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 spkr0 at pcppi0 wbsio0 at isa0 port 0x2e/2: W83627DHG rev 0x25 lm2 at wbsio0 port 0xca0/8: W83627DHG npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 mtrr: Pentium Pro MTRR support lm1: disabling sensors uhidev0 at uhub4 port 2 configuration 1 interface 0 "Winbond Electronics Corp Hermon USB hidmouse Device" rev 1.10/0.01 addr 2 uhidev0: iclass 3/1 ums0 at uhidev0: 3 buttons, Z dir wsmouse0 at ums0 mux 0 uhidev1 at uhub4 port 2 configuration 1 interface 1 "Winbond Electronics Corp Hermon USB hidmouse Device" rev 1.10/0.01 addr 2 uhidev1: iclass 3/1 ukbd0 at uhidev1: 8 modifier keys, 6 key codes wskbd1 at ukbd0 mux 1 wskbd1: connecting to wsdisplay0 vscsi0 at root scsibus0 at vscsi0: 256 targets softraid0 at root scsibus1 at softraid0: 256 targets root on wd0a (4dcb2d0a1b8a2fe9.a) swap on wd0b dump on wd0b Axton Grams
