Just wanted to toss this out there in case anyone was considering a build for themselves... it's an email I sent my friends, so I apologize for the "dumbed-down" nature!
I completed a networking project over the weekend that I thought you would be interested in. (I ended the sentence in a preposition. Sorry!)
I was having problems with my two broadband NAT Firewall/Router units. One has QoS to protect my Vonage VOIP traffic, but locked up every couple of hours. The other was a cheap, old Netgear which was stable but offtered no QoS, so my phone calls would get choppy or drop. I ended up building my own firewall with parts laying around my house and the free software found at http://m0n0.ch/wall/
I used:
* Old BabyAT motherboard with a Pentium 233MMX processor and 80MB memory (at least a Pentium 150 and 64megs memory is required, anything more is overkill)
* Old ATX power supply (board supports AT or ATX PSU)
* Two PCI NICs on the supported list at http://www.freebsd.org/releases/4.11R/hardware-i386.html - You can add more NICs if you want multiple LAN segments
* 8MB (or larger, but extra space is not used) Compact Flash card and CF->IDE adapter, or alternately any small IDE hard drive (diskless CF-based is fast and silent!)
* Keyboard, monitor, and video card to set up system (I used an old ISA video card)
I used the tools and disk images provided at http://m0n0.ch/wall/ (Generic PC image for Compact Flash) to flash the card, plugged it in, booted the system (embedded version of FreeBSD), detected the NICs for WAN and LAN interface, and rebooted. I then accessed the machine across the LAN interface through my web browser and was able to configure it. Just plugged my cable modem into the NIC that I identified as WAN, my switch into the LAN interface, and it was running. If you set the PC BIOS to ignore keyboard and video errors, you can disconnect the keyboard and video until you need console access again (hopefully never.
It's extremely easy to use the GUI to set up protected pipes and queues, set up multiple LAN segments (bridged or isolated), set up port forwarding, and all sorts of other firewall rules. At full tilt on my 6 megabit cable connection, I am using about 30 megabytes of memory and 20-30% of my 233MHz CPU. While I am using "all" of the bandwidth, I can still pick up the phone and make crystal clear phone calls, thanks to bandwidth prioritzation.
Since Pentium-class PCs and PCI NICs are a dime a dozen anymore, and a CF->IDE adapter is only a few dollars on eBay, you can put together a diskless system for under $40 that performs well better than any consumer-class hardware router out there (in my experience anyway). It's available anywhere on your LAN via a web browser, with multiple access control options. The only downside for me is the relative side compared to an integrated NAT device, but at least it's quiet and can use passive cooling. You can check out screenshots of the various m0n0wall functions here: http://m0n0.ch/wall/screenshots.php
Sorry for the lengthy and over-enthusiastic product endorsement, but this project was extremely easy to implement and the results have been astounding. Finally, some of the "really old junk" in my basement put to effective use!
---
Caveat: I did spend a couple of hours clearning up some hardware conflicts. I went through about 9 NICs before I found four that worked and allowed the system to boot and monowall to see them all at once. I ended up with 4 NICs, two as disabled "Optional" interfaces, but to get there I had to use an ISA video card, disable the secondary IDE, COM, and LPT ports on the motherboard to free up IRQs, and shuffle NICs until PnP allowed them all to get what they wanted. Now I'm very happy with the setup. If anyone wants a pic of the hardware, I will be happy to take one. Thanks!
I completed a networking project over the weekend that I thought you would be interested in. (I ended the sentence in a preposition. Sorry!)
I was having problems with my two broadband NAT Firewall/Router units. One has QoS to protect my Vonage VOIP traffic, but locked up every couple of hours. The other was a cheap, old Netgear which was stable but offtered no QoS, so my phone calls would get choppy or drop. I ended up building my own firewall with parts laying around my house and the free software found at http://m0n0.ch/wall/
I used:
* Old BabyAT motherboard with a Pentium 233MMX processor and 80MB memory (at least a Pentium 150 and 64megs memory is required, anything more is overkill)
* Old ATX power supply (board supports AT or ATX PSU)
* Two PCI NICs on the supported list at http://www.freebsd.org/releases/4.11R/hardware-i386.html - You can add more NICs if you want multiple LAN segments
* 8MB (or larger, but extra space is not used) Compact Flash card and CF->IDE adapter, or alternately any small IDE hard drive (diskless CF-based is fast and silent!)
* Keyboard, monitor, and video card to set up system (I used an old ISA video card)
I used the tools and disk images provided at http://m0n0.ch/wall/ (Generic PC image for Compact Flash) to flash the card, plugged it in, booted the system (embedded version of FreeBSD), detected the NICs for WAN and LAN interface, and rebooted. I then accessed the machine across the LAN interface through my web browser and was able to configure it. Just plugged my cable modem into the NIC that I identified as WAN, my switch into the LAN interface, and it was running. If you set the PC BIOS to ignore keyboard and video errors, you can disconnect the keyboard and video until you need console access again (hopefully never.
It's extremely easy to use the GUI to set up protected pipes and queues, set up multiple LAN segments (bridged or isolated), set up port forwarding, and all sorts of other firewall rules. At full tilt on my 6 megabit cable connection, I am using about 30 megabytes of memory and 20-30% of my 233MHz CPU. While I am using "all" of the bandwidth, I can still pick up the phone and make crystal clear phone calls, thanks to bandwidth prioritzation.
Since Pentium-class PCs and PCI NICs are a dime a dozen anymore, and a CF->IDE adapter is only a few dollars on eBay, you can put together a diskless system for under $40 that performs well better than any consumer-class hardware router out there (in my experience anyway). It's available anywhere on your LAN via a web browser, with multiple access control options. The only downside for me is the relative side compared to an integrated NAT device, but at least it's quiet and can use passive cooling. You can check out screenshots of the various m0n0wall functions here: http://m0n0.ch/wall/screenshots.php
Sorry for the lengthy and over-enthusiastic product endorsement, but this project was extremely easy to implement and the results have been astounding. Finally, some of the "really old junk" in my basement put to effective use!
---
Caveat: I did spend a couple of hours clearning up some hardware conflicts. I went through about 9 NICs before I found four that worked and allowed the system to boot and monowall to see them all at once. I ended up with 4 NICs, two as disabled "Optional" interfaces, but to get there I had to use an ISA video card, disable the secondary IDE, COM, and LPT ports on the motherboard to free up IRQs, and shuffle NICs until PnP allowed them all to get what they wanted. Now I'm very happy with the setup. If anyone wants a pic of the hardware, I will be happy to take one. Thanks!