Smoothwall/IPCop Gurus (Hardware Related)

[AMD_RULES]

I'm looking to build a near silent, energy efficient, yet powerful linux firewall for my home. There will only be between 3-5 computers on the network. I have a comcast 6mb/2mb connection (i know, not FiOS ). My goal is something small and uses little energy. I know I can get away with a cheap computer off ebay, but I want something small.

This is the motherboard/cpu i'm looking at building the firewall around...

http://www.newegg.com/Product/Product.aspx?Item=N82E16813153045

The ram will be this: http://www.newegg.com/Product/Product.aspx?Item=N82E16820145024

My main question is will IPCop or Smoothwall run fine on a system like this?
Also, do I install DansGuardian within one of these distros or is that a separate firewall distro?

As for the hard drive, can I use a usb stick or a CF card?

Thanks and sorry for the n00b questions...

 

[Grentz]

Should run fine.

Dansgaurdian is a mod that installs on top of smoothwall or IPcop. Note that dansgaurdian might make things pretty slow on that hardware as it needs some horsepower most of the time.

You can use a CF card with a CF IDE adapter (cheap on ebay), but note that you will want to look on the forums for smoothwall or IPCop to make adjustments so it does not burn up the CF Writes too quickly (turning down logging, etc.).

 

[GlobalFear]

How about a WRAP? Definitely the way to go for noiseless low power apps.

 

[Grentz]

How about a WRAP? Definitely the way to go for noiseless low power apps.

Because the board he linked to is more powerful and cheaper than most of the WRAP solutions and the only loss is size. He is looking for lower noise, not size necessarily.

 

[AMD_RULES]

Should run fine.

Dansgaurdian is a mod that installs on top of smoothwall or IPcop. Note that dansgaurdian might make things pretty slow on that hardware as it needs some horsepower most of the time.

You can use a CF card with a CF IDE adapter (cheap on ebay), but note that you will want to look on the forums for smoothwall or IPCop to make adjustments so it does not burn up the CF Writes too quickly (turning down logging, etc.).

Well Dansguardian is an important (and necessary) part of this project. Would this be a more powerful unit to handle it?


http://www.newegg.com/Product/Product.aspx?Item=N82E16813153062

 

[Grentz]

I think that would be a better choice.

Dont know if it would run it perfectly, but should be better than the other one you originally linked. Might want some others with first hand experiece to weigh in or go post on one of the official boards for IPCop or Smoothwall.

 

[YeOldeStonecat]

For plain old IPCop..you're a hundred times ahead of the powercurve...you're not running any UTM components. Honestly a PII 300 with 128 megs will easily loaf along barely above idle. Even if you wanted to run the Copfilter add-on...that setup will easily handle it.

 

[Grentz]

Sorry, cant agree YeOldeStonecat. Dansgaurdian and Copfilter both get very slow on those sorts of setups.

I have a 500mhz PIII 1gb that it still runs slow on...and no other addons are running.

 

[YeOldeStonecat]

Sorry, cant agree YeOldeStonecat. Dansgaurdian and Copfilter both get very slow on those sorts of setups.

I have a 500mhz PIII 1gb that it still runs slow on...and no other addons are running.

I've run 'em all...the throughput performance even when running Copfilter was still decent..only felt it when using the ad-block module, and managing the web admin. (if you read closer..you'll see I meant stock IPCop...not Copfilter..on an old P2). Regardless I ran Copfilter on a P3 733 or something and it ripped. Downloading huge files only took longer when I was only running 256 megs of RAM...when I bumped to 512 that jumped up. I was on Comcast w/Powerboost at the time..she let me run into the 60 meg range easily.

Point is...don't need to go crazy with the basic *nix distros...that board 'n CPU will easily handle it and I bet CPU utilization never gets steady past 35%.

 

[AMD_RULES]

Point is...don't need to go crazy with the basic *nix distros...that board 'n CPU will easily handle it and I bet CPU utilization never gets steady past 35%.

The C3 or C7? I'm leaning toward the C7 since it uses DDR2 and has dual onboard NICs.

This is what I'm looking at doing for the setup:

Case: Black Morex Cubid 3688 Mini-ITX Case
CPU/MB:JetWay J7F4K1G5D-PB
RAM: Kingston ValueRAM 1GB 240-Pin DDR2 SDRAM DDR2 533 (PC2 4200)
HDD: Toshiba 60GB Serial ATA 3.0GB/s 2.5" Laptop Hard Drive

Figured I go with a real hdd instead of a CF card. Seemed like a more simpler solution and easier to configure for me. The grand total is gonna be around $250. A bit pricy, but should be worth it in the long run...

Thanks guys for all your help.

 

[goodcooper]

The C3 or C7? I'm leaning toward the C7 since it uses DDR2 and has dual onboard NICs.

This is what I'm looking at doing for the setup:

Case: Black Morex Cubid 3688 Mini-ITX Case
CPU/MB:JetWay J7F4K1G5D-PB
RAM: Kingston ValueRAM 1GB 240-Pin DDR2 SDRAM DDR2 533 (PC2 4200)
HDD: Toshiba 60GB Serial ATA 3.0GB/s 2.5" Laptop Hard Drive

Figured I go with a real hdd instead of a CF card. Seemed like a more simpler solution and easier to configure for me. The grand total is gonna be around $250. A bit pricy, but should be worth it in the long run...

Thanks guys for all your help.

if you get a CF card with DMA and your IDE/CF adapter its just as easy as having a hard drive.... just smaller size

 

[cooter]

The C3 or C7? I'm leaning toward the C7 since it uses DDR2 and has dual onboard NICs.

This is what I'm looking at doing for the setup:

Case: Black Morex Cubid 3688 Mini-ITX Case
CPU/MB:JetWay J7F4K1G5D-PB
RAM: Kingston ValueRAM 1GB 240-Pin DDR2 SDRAM DDR2 533 (PC2 4200)
HDD: Toshiba 60GB Serial ATA 3.0GB/s 2.5" Laptop Hard Drive

Figured I go with a real hdd instead of a CF card. Seemed like a more simpler solution and easier to configure for me. The grand total is gonna be around $250. A bit pricy, but should be worth it in the long run...

Thanks guys for all your help.

That will definately be plenty of power. looks like a great setup. The only concern I would have for my use is that need more PCI slots for extra nics/etc. If you were to ever want to run a setup with WLAN AP and a DMZ (Green/Red/Orange/Blue is what I have) you would not be able to do it on that board. But it gives you enough for a 3 NIC setup.

 

[Grentz]

I've run 'em all...the throughput performance even when running Copfilter was still decent..only felt it when using the ad-block module, and managing the web admin. (if you read closer..you'll see I meant stock IPCop...not Copfilter..on an old P2). Regardless I ran Copfilter on a P3 733 or something and it ripped. Downloading huge files only took longer when I was only running 256 megs of RAM...when I bumped to 512 that jumped up. I was on Comcast w/Powerboost at the time..she let me run into the 60 meg range easily.

Point is...don't need to go crazy with the basic *nix distros...that board 'n CPU will easily handle it and I bet CPU utilization never gets steady past 35%.

733 ran fine as well for me, 500 or less was not good though in my findings. Workable, but slower.

 

[AMD_RULES]

That will definately be plenty of power. looks like a great setup. The only concern I would have for my use is that need more PCI slots for extra nics/etc. If you were to ever want to run a setup with WLAN AP and a DMZ (Green/Red/Orange/Blue is what I have) you would not be able to do it on that board. But it gives you enough for a 3 NIC setup.

Can't I just run the AP off of a port on a switch? I need another NIC?

 

[RavenD]

Can't I just run the AP off of a port on a switch? I need another NIC?

Yes, you can do that. But then your wired network and wifi wont be on separate interfaces.

 

[swatbat]

Look at logic supply and mini-box. They both have a bunch of mini-itx hardware.

Last few I built were for captive portals and I used a jetway board with the lan module which gives you an extra 3 10/100 ports(they have a gigabit version as well). Still have the pci slot open if needed. The ones I built didn't need more then the 4 ethernet ports(I didn't more then 3).

I usualy threw them in the Morex 5677 case as I could then hang it on the wall.

As far as an access point goes yes you can just hang it off a switch. With the firewall apps you can seperate the access point to another vlan to keep your wired network protected. For home use you can avoid this.

Also my experience with ipcop with some addons is that it really wants a hard drive. A lot of the addons get mad if you run ipcop with the setup for running off flash media. You either run it like the flash drive is a hard drive(which can lower the flash drives life) or run a hard drive.

I'd recomend running it off a notebook hard drive.

 

[AMD_RULES]

The C3 or C7? I'm leaning toward the C7 since it uses DDR2 and has dual onboard NICs.

This is what I'm looking at doing for the setup:

Case: Black Morex Cubid 3688 Mini-ITX Case
CPU/MB:JetWay J7F4K1G5D-PB
RAM: Kingston ValueRAM 1GB 240-Pin DDR2 SDRAM DDR2 533 (PC2 4200)
HDD: Toshiba 60GB Serial ATA 3.0GB/s 2.5" Laptop Hard Drive

Figured I go with a real hdd instead of a CF card. Seemed like a more simpler solution and easier to configure for me. The grand total is gonna be around $250. A bit pricy, but should be worth it in the long run...

Thanks guys for all your help.

Look at logic supply and mini-box. They both have a bunch of mini-itx hardware.

Last few I built were for captive portals and I used a jetway board with the lan module which gives you an extra 3 10/100 ports(they have a gigabit version as well). Still have the pci slot open if needed. The ones I built didn't need more then the 4 ethernet ports(I didn't more then 3).

I usualy threw them in the Morex 5677 case as I could then hang it on the wall.

As far as an access point goes yes you can just hang it off a switch. With the firewall apps you can seperate the access point to another vlan to keep your wired network protected. For home use you can avoid this.

Also my experience with ipcop with some addons is that it really wants a hard drive. A lot of the addons get mad if you run ipcop with the setup for running off flash media. You either run it like the flash drive is a hard drive(which can lower the flash drives life) or run a hard drive.

I'd recomend running it off a notebook hard drive.

Thanks for the info. If you see the quote above with the hardware selection, I selected a notebook hdd. I may go with that case instead (the Morex 5677). Like how it is mountable to the wall. I do not need a vlan in my home. The purpose of the wireless AP will be to connect PCs to the network where I cannot wire Cat5/6. The AP is a Buffalo WHR-HP-54G with Tomato set to WPA-2. This should be secure enough. Thanks

 

[swatbat]

Thanks for the info. If you see the quote above with the hardware selection, I selected a notebook hdd. I may go with that case instead (the Morex 5677). Like how it is mountable to the wall. I do not need a vlan in my home. The purpose of the wireless AP will be to connect PCs to the network where I cannot wire Cat5/6. The AP is a Buffalo WHR-HP-54G with Tomato set to WPA-2. This should be secure enough. Thanks

Yea 2 ethernet jacks will be fine then. I'd still get the 3 ethernet port addon for the jetway board as that leaves you the pci slot open. If anything the extra ethernet jack just sits their doing nothing unless you need it down the road.

I will say you have to go with others on how ipcop will run on the via based boards. Last time I tried IPCOP was with a via 800 based system and with copfilter and addons it wouldn't run worth anything. I'm thinking one of these 1.5 or 2 ghz ones should be more then enough for a home based one though. I was trying to run the proxy with web filtering on the 800(just to test it).

Most of the time I used it I was running a modified m0n0wall install on the ones I built as it did what I needed it to and did well.

 

[AMD_RULES]

I'll have to try both Smoothwall and IPCop and see which runs smoother/better overall.

Thanks Swatbat!