cheapest firewall?

classic Classic list List threaded Threaded
12 messages Options
Reply | Threaded
Open this post in threaded view
|

cheapest firewall?

Adam-29
Any suggestions for the cheapest possible firewall (that is new hardware  
not re-purposing some old stuff)?  All I need is 2 ethernet interfaces and  
for it to run openbsd.

Reply | Threaded
Open this post in threaded view
|

Re: cheapest firewall?

Stuart Henderson
On 2014-02-01, Adam <[hidden email]> wrote:
> Any suggestions for the cheapest possible firewall (that is new hardware  
> not re-purposing some old stuff)?  All I need is 2 ethernet interfaces and  
> for it to run openbsd.
>
>

alix 2d19 or 2d4.

With a bit more work on OpenBSD/octeon, Edgerouter lite would be
slightly cheaper, but the port isn't quite there yet (storage isn't
supported yet).

Reply | Threaded
Open this post in threaded view
|

Re: cheapest firewall?

Jan Stary
In reply to this post by Adam-29
On Feb 01 15:37:54, [hidden email] wrote:
> Any suggestions for the cheapest possible firewall (that is new
> hardware not re-purposing some old stuff)?  All I need is 2 ethernet
> interfaces and for it to run openbsd.

http://pcengines.ch/alix.htm

Reply | Threaded
Open this post in threaded view
|

Re: cheapest firewall?

Adam Thompson
In reply to this post by Adam-29
On 14-02-01 02:37 PM, Adam wrote:
> Any suggestions for the cheapest possible firewall (that is new
> hardware not re-purposing some old stuff)?  All I need is 2 ethernet
> interfaces and for it to run openbsd.
>

Possibly a refurbished PC with an add-in NIC.  Locally, I keep seeing
IBM Pentium4D-class desktops being sold for well under $200, and it's
usually possible to pick up a single-port PCI NIC for $20.  (Less if you
buy up someone's stock of 100Mbit NICs in bulk.)
Not sure if that qualifies as "new", precisely, but you will get a
warranty of some sort.

--
-Adam Thompson
  [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: cheapest firewall?

Predrag Punosevac-2
In reply to this post by Adam-29
On 14-02-01 02:37 PM, Adam wrote:
> Any suggestions for the cheapest possible firewall (that is new
> hardware not re-purposing some old stuff)?  All I need is 2 ethernet
> interfaces and for it to run openbsd.
>
I got one of these for $179 U.S.

http://www.ebay.com/itm/pfSENSE-2-1-FIREWALL-VPN-64bit-Dual-Core-HT-ATOM-3port-Gb-WAN-2gbCF-1gbRAM/251385333443?rt=nc

from Ebay and put OpenBSD on it. It comes with Broadcom crap and dual
Intel 1 Gigabit controller.


If you have dual 1Gb Intel you could get a way with $100 for this

http://www.ebay.com/itm/pfSENSE-FireWall-Kit-dc-ht-ATOM-mini-ITX-Mbrd-2GB-CF-1GB-Ram-NEW-200Mbps-/251381439024?pt=US_Firewall_VPN_Devices&hash=item3a87805a30
It is essentally the same hardware as

http://www.ebay.com/itm/Supermicro-Intel-Atom-D525-Front-1U-Rackmount-Server-/110686406110?pt=COMP_EN_Servers&hash=item19c56c85de

I have three of those Supermicro's as well with 4GB of RAM and SATA HDD.
Of course they all run OpenBSD :)  


Predrag

Reply | Threaded
Open this post in threaded view
|

Re: cheapest firewall?

patric conant
On Sun, Feb 2, 2014 at 9:12 PM, patric conant <[hidden email]>wrote:

>
> http://www.ascendtech.us/amd-athlon-64-x2-4200-2-2ghz-desktop-pc_i_dtwm2npvmx24200.aspx?agent=pricewatchand another nic will do itt just fine.
>
>
> On Sun, Feb 2, 2014 at 8:39 PM, Predrag Punosevac <[hidden email]>wrote:
>
>> On 14-02-01 02:37 PM, Adam wrote:
>> > Any suggestions for the cheapest possible firewall (that is new
>> > hardware not re-purposing some old stuff)?  All I need is 2 ethernet
>> > interfaces and for it to run openbsd.
>> >
>> I got one of these for $179 U.S.
>>
>>
>> http://www.ebay.com/itm/pfSENSE-2-1-FIREWALL-VPN-64bit-Dual-Core-HT-ATOM-3port-Gb-WAN-2gbCF-1gbRAM/251385333443?rt=nc
>>
>> from Ebay and put OpenBSD on it. It comes with Broadcom crap and dual
>> Intel 1 Gigabit controller.
>>
>>
>> If you have dual 1Gb Intel you could get a way with $100 for this
>>
>>
>> http://www.ebay.com/itm/pfSENSE-FireWall-Kit-dc-ht-ATOM-mini-ITX-Mbrd-2GB-CF-1GB-Ram-NEW-200Mbps-/251381439024?pt=US_Firewall_VPN_Devices&hash=item3a87805a30
>> It is essentally the same hardware as
>>
>>
>> http://www.ebay.com/itm/Supermicro-Intel-Atom-D525-Front-1U-Rackmount-Server-/110686406110?pt=COMP_EN_Servers&hash=item19c56c85de
>>
>> I have three of those Supermicro's as well with 4GB of RAM and SATA HDD.
>> Of course they all run OpenBSD :)
>>
>>
>> Predrag
>>
>>
>
http://www.ascendtech.us/amd-athlon-64-x2-4200-2-2ghz-desktop-pc_i_dtwm2npvmx24200.aspx?agent=pricewatch99
dollar PC, add a 10 dollar nic, and you are good to go.

Reply | Threaded
Open this post in threaded view
|

Re: cheapest firewall?

Giancarlo Razzolini-3
In reply to this post by Adam Thompson
Em 02-02-2014 14:27, Adam Thompson escreveu:

> On 14-02-01 02:37 PM, Adam wrote:
>> Any suggestions for the cheapest possible firewall (that is new
>> hardware not re-purposing some old stuff)?  All I need is 2 ethernet
>> interfaces and for it to run openbsd.
>>
>
> Possibly a refurbished PC with an add-in NIC.  Locally, I keep seeing
> IBM Pentium4D-class desktops being sold for well under $200, and it's
> usually possible to pick up a single-port PCI NIC for $20.  (Less if
> you buy up someone's stock of 100Mbit NICs in bulk.)
> Not sure if that qualifies as "new", precisely, but you will get a
> warranty of some sort.
>
I built a lot of these refurbished firewalls. And also I had relatively
success using some thin clients and inexpensive nic's. But, I advise
that you built these firewalls in pairs and always use carp, because
these hardwares will fail, more often than you might think. Always keep
spare hardware.

Cheers,

--
Giancarlo Razzolini
GPG: 4096R/77B981BC

Reply | Threaded
Open this post in threaded view
|

Re: cheapest firewall?

Stuart Henderson
In reply to this post by Adam Thompson
On 2014-02-02, Adam Thompson <[hidden email]> wrote:

> On 14-02-01 02:37 PM, Adam wrote:
>> Any suggestions for the cheapest possible firewall (that is new
>> hardware not re-purposing some old stuff)?  All I need is 2 ethernet
>> interfaces and for it to run openbsd.
>>
>
> Possibly a refurbished PC with an add-in NIC.  Locally, I keep seeing
> IBM Pentium4D-class desktops being sold for well under $200, and it's
> usually possible to pick up a single-port PCI NIC for $20.  (Less if you
> buy up someone's stock of 100Mbit NICs in bulk.)
> Not sure if that qualifies as "new", precisely, but you will get a
> warranty of some sort.
>

Power consumption is pretty bad with P4, and I don't see how it can
possibly be classed as "new hardware".

Of course the original question didn't mention anything about
bandwidth/PPS estimates or whether it needs encryption, which would
be useful in suggesting something..

Reply | Threaded
Open this post in threaded view
|

Re: cheapest firewall?

Theophile Envt
In reply to this post by Adam-29
 Gigabyte GA-C1037UN-EU  motherboard ? 2 Lan fanless...


2014-02-01 Adam <[hidden email]>:

> Any suggestions for the cheapest possible firewall (that is new hardware
> not re-purposing some old stuff)?  All I need is 2 ethernet interfaces and
> for it to run openbsd.

Reply | Threaded
Open this post in threaded view
|

Re: cheapest firewall?

Dag Richards
Block of spruce with 2 rj45 ports.

Its new and will stop all unwanted traffic, you can put OpenBSD right on
top of it.

Low power, easy to maintain.



Theophile Envt wrote:
>  Gigabyte GA-C1037UN-EU  motherboard ? 2 Lan fanless...
>
>
> 2014-02-01 Adam <[hidden email]>:
>
>> Any suggestions for the cheapest possible firewall (that is new hardware
>> not re-purposing some old stuff)?  All I need is 2 ethernet interfaces and
>> for it to run openbsd.

Reply | Threaded
Open this post in threaded view
|

Re: cheapest firewall?

Bill Albertson-2
In reply to this post by Theophile Envt
An Alix fanless low power dual nic system with case and power supply goes
for $120ish.  Has slots for 2 mini pci wireless cards.  Add an antenna and
pigtail for another $15 or so, or use a USB wifi card.  Anything more
expensive is going to be a Soekris.

I would only buy a mini-pci PC board if I had the existing case for it
(which I have done recently, for that reason, but for the fan equipped
version of this board).  Otherwise, all of the RAM and everything else is
going to cost extra- which is fine if the firewall is for more than just
firewalling, light vpn, and such.  Buying the board, ram, and anything
extra for the case is going to still cost more than an Alix based system.


On Tue, Feb 4, 2014 at 11:42 AM, Theophile Envt <[hidden email]> wrote:

>  Gigabyte GA-C1037UN-EU  motherboard ? 2 Lan fanless...
>
>
> 2014-02-01 Adam <[hidden email]>:
>
> > Any suggestions for the cheapest possible firewall (that is new hardware
> > not re-purposing some old stuff)?  All I need is 2 ethernet interfaces
> and
> > for it to run openbsd.

Reply | Threaded
Open this post in threaded view
|

Re: cheapest firewall?

Aaron Poffenberger
In reply to this post by Adam-29
 On Feb 1, 2014, at 2:37 PM, Adam <[hidden email]> wrote:

> Any suggestions for the cheapest possible firewall (that is new hardware not re-purposing some old stuff)?  All I need is 2 ethernet interfaces and for it to run openbsd.
>

I like the Mac Mini Core Duo for firewalls. They have one GB NIC so I usually add a USB NIC but other than they work out of the box. Almost any Mac Mini will work but the Core Duo is pretty cheap. They’re about ~$160 on Ebay.

<http://www.ebay.com/itm/Apple-Late-2006-A1176-Mac-Mini-1-83GHz-Core-Duo-2GB-RAM-60GB-HD-MA608LL-A-/281256709592?pt=Apple_Desktops&hash=item417c34cdd8>
<http://www.ebay.com/itm/Apple-Mac-Mini-A1176-MA206LL-A-1-66Ghz-Core-Duo-Desktop-/291069416474?pt=Apple_Desktops&hash=item43c516d41a>