Stuart Henderson wrote:
On 2010-10-04, David Higgs <hig...@gmail.com> wrote:
I am building a replacement router/firewall for home use and am
soliciting suggestions/commentary/alternatives on the components
below.
What sort of internet connection and what will be running over it?
Will you be doing crypto on the firewall (ipsec/some other vpn)?
I was planning to use an SSD in the 32 GB size range, but the archives
indicate we don't have TRIM support yet. Though this obviously isn't
a showstopper to usage, am I better off getting an older-generation
SSD that doesn't require TRIM, or perhaps hold off on SSDs until the
tech is more mature?
Newer SSDs don't *require* TRIM, it is optional. I think it's probably
a better idea to get the newer generation. Though a 2-4GB CF might be
quite good enough too.
For what a lot of people need for a router/firewall a 2-4GB CF
card in an IDE adapter would be fine too (smaller works too if you can
still find them, but it's easier to have this much space).
Finally, I want this box to act as wireless AP, and hope to have
out-of-the-box 802.11n support (when eventually available). I've read
that run(4) is a solid chipset in this regard; any other suggestions?
run(4) does not support host AP.
athn(4) is likely the best choice, I haven't used it with OpenBSD but it
looks like this is the most actively developed wireless driver at the moment.
I have used it with commercial APs running their embedded linux-based OS
and the hardware itself works very well indeed.
As I think you're aware we don't support 802.11n capabilities yet, also
note we don't support clients that use power-saving mode (this is an
absolute show-stopper for some users; some client hardware has no way
to disable this).
I tend to swear by ral(4)
Mainly due to the unscientific but proven mechanisim
all my ral cards have worked, and all my ath cards end up having a
unsupported chipset.
and there was something freaky about that zyd,
almost working is worse than not working at all.
Given half a chance stay away from usb radios.
but ral has always been there for me.
best of luck.
I know I enjoy my k6-2(450) based firewall/nat device infinitely more
than the netgear piece of crap it replaced.