Hi, On 15 Mar 2016, at 19:30 , John Klos <john%ziaspace.com@localhost> wrote: > Hi, > >> I'm thinking of replacing my firewall with an ARM machine running >> NetBSD (current is fine). >> >> I'd like 2 Gigabit ports and a couple of USB ports built-in. I would >> prefer one coming with a case. > > So far I've deployed around a dozen or so Dockstars and PogoPlugs running NetBSD with USB-ethernet for the second ethernet. Since this solution only gets up to around 50 Mbps, I'm also waiting for suitable hardware to become cheap enough. > > I'm about to order one of these: > > http://www.banana-pi.org/r1.html > > The Banana Pi that I have runs NetBSD very well, so I expect the R1 Router will work well, too. I have an R1, but have not tried NetBSD on it. My original plan was to use it as a firewall at home (sounds familiar?). It's presently running Linux, but without using the bridge ports (my Linux-fu is rather limited, and I haven't figured out why the bridge device isn't located). But I gave up on the firewall idea after googling a bit about the R1, which is a bit strange. AFAIK all the Ethernet ports are combined into a BCM53125 switch thingy + a real ethernet which is connected to the switch. Hence, while it is possible to split these up via VLANs they are electrically a single bridged infrastructure. So, eg. if the box crashes but power is still on then your outside will effectively be bridged to your inside, which I consider a bit pessimal for a firewall. For this reason I haven't spent more time on figuring out the switch h/w. Instead it is serving as a small NAS (it has a SATA port) serving music to another ARM board with a DAC connected to my audio system... So, while I'm happy about the R1 in its present role (combined with only having paid less than $25 for it) I'd recommend careful googling before purchase as a firewall. My own current plan for a new firewall is one of these (which has multiple fully separate Ethernets): http://www.pcengines.ch/apu2c4.htm Regards, Johan
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail