Firewall/Gateway Hardware Question

Home » CentOS » Firewall/Gateway Hardware Question
CentOS 11 Comments

I’ve given up on getting the other machine to work so I’m looking at building a new one.

The machine will be a firewall/gateway running NAT, Web Proxy with Dansguardian, DHCP, DNS, NTP and VPN (~6 clients).

I read so much about VPN encryption and the processor needs, now I am unsure if this will work.

I can get this for AMD FX-8120 Zambezi 3.1GHz Socket AM3+ 125W Eight-Core Desktop Processor for under $120 (it’s on sale), would it work ?

Any thoughts?

Thanks, Terre

11 thoughts on - Firewall/Gateway Hardware Question

  • On Tue, Oct 15, 2013 at 12:29 PM, Terre Porter
    You’ll likely need to determine how many VPN tunnels you’re going to run simultaneously and then find benchmarks on the web.

    Seems like overkill to me.

    I’d suggest more along the lines of an Atom-CPU based system. One of those mini-ITX setups that use 20W or thereabouts.

    Just my two cents.

  • Some years back I used to run Smoothwall/GPL as a home firewall/router on things such as 90 MHz pentiums (with 64 or even 128 MB RAM), or at one point a 500 MHz AMD K6, and it had no load problems at all handling the 3 or 4 of us here who share the household LAN. Therefore I’d think that something such as an Atom would be entirely up to the task. There are a number of (relatively) inexpensive Atom boards in a Micro-ATX or Mini-ATX format that you could use, for example.

    Fred

  • @Steve:
    Based on your statement, I figure you do not have a crypto accelerator and the CPU is handling all the crypto. Correct?

    @Terre:
    I don’t know how VIA C7 CPUs stack up against the Intel Atom CPUs in terms of performance, but they’re low power consuming x86 processors. And there’s the VIA Padlock [0] security/encryption engine.

    AMD Geode CPUs like those in PC Engines ALIX [1] hardware have an integrated crypto accelerator [2]. If it wasn’t for your web proxy requirements, etc an ALIX might fit the bill (with the right embedded OS –
    think Voyage Linux). You’re better off with the hardware you’re researching right now though.

    [0] http://www.via.com.tw/en/initiatives/padlock/hardware.jsp
    [1] http://www.pcengines.ch/alix.htm
    [2] http://www.twam.info/hardware/alix/using-geodes-aes-engine-on-alix3d3

  • You should look at the single board computers sold by Soekris Engineering.

    http://soekris.com

    Specifically the net6501 series:

    http://soekris.com/products/net6501.html

    Specifications:

    • 600 Mhz to 1.6 Ghz Intel Atom E6xx single chip processor
    with EG20T companion chip
    • 512 to 2048 Mbyte DDR2-SDRAM, soldered on board
    • 2x SATA 3 Gbit interfaces with +5V and +12V power header
    • 4x Intel 82574L Gigabit Ethernet ports, Auto-MDIX RJ-45,
    protected to 700W/40A Surge
    • 2x Serial ports, DB9 and 10 pins internal header
    • USB 2.0 interface, 2x internal, 1x external port, bootable
    • 1 Full Mini-PCI Express shared with mSATA socket.
    • 1 USB only Mini-PCI Express shared with mSATA socket
    • 2x PCI Express Slots, right angle
    • 16 bit general purpose I/O, 24 pins header, connected to FPGA

    …in either a tiny or a rackable box.

    The number of lan slots can be increased above 4 by using expansion cards.

    Steve

  • Interesting looking hardware… thanks for the info

    —–Original Message—–
    From: CentOS-bounces@CentOS.org [mailto:CentOS-bounces@CentOS.org] You should look at the single board computers sold by Soekris Engineering.

    http://soekris.com

    Specifically the net6501 series:

    http://soekris.com/products/net6501.html

    Specifications:

    • 600 Mhz to 1.6 Ghz Intel Atom E6xx single chip processor
    with EG20T companion chip
    • 512 to 2048 Mbyte DDR2-SDRAM, soldered on board
    • 2x SATA 3 Gbit interfaces with +5V and +12V power header
    • 4x Intel 82574L Gigabit Ethernet ports, Auto-MDIX RJ-45,
    protected to 700W/40A Surge
    • 2x Serial ports, DB9 and 10 pins internal header
    • USB 2.0 interface, 2x internal, 1x external port, bootable
    • 1 Full Mini-PCI Express shared with mSATA socket.
    • 1 USB only Mini-PCI Express shared with mSATA socket
    • 2x PCI Express Slots, right angle
    • 16 bit general purpose I/O, 24 pins header, connected to FPGA

    …in either a tiny or a rackable box.

    The number of lan slots can be increased above 4 by using expansion cards.

    Steve

  • I have must have been in a hardware vacuum, have a clue any of that hardware you mentioned.

    Added it to the research list – haha!

    Thanks

    —–Original Message—

  • I think the Atoms pretty much beat the living daylights out of the C7
    stuff, which were based on an architecture many generations old. some of the core I3/i5 laptop chips are very low power, too, and nearly as powerful as modern 2-4 core desktop processors.. the current
    ‘Pentiums’ are somewhere in between the Atom and the low end of the Core line.

LEAVE A COMMENT