Linux lends itself so readily to hacking on old hardware we often forget it is not always the best hardware to use. While it is good to keep old PCs out of landfills, there are disadvantages to using them as routers and firewalls. They're big, they use a lot of power, and they're noisy, unless you have something of sufficient vintage to run fanless. Old hardware is that much closer to failure, and what do you do if parts fail? Even if you can find new parts, are they worth replacing?
Single-board computers (SBCs), like those made by Soekris Engineering (http://www.soekris.com) and PC Engines (http://www.pcengines.ch/wrap.htm) are great for routers, firewalls, and wireless access points. They're small, quiet, low-power, and sturdy. You'll find information on single-board computers and other small form-factor computers at the LinuxDevices.com Single Board Computer (SBC) Quick Reference Guide (http://www.linuxdevices.com/articles/AT2614444132.html).
This chapter will show you how to install and configure Pyramid Linux (http://metrix.net/) on a Soekris 4521 board. There are many small distributions designed to power routers and firewalls; see Chapter 3 for more information on these, and to learn how to build an Internet-connection sharing firewall.
Despite their small size, the Soekris and PC Engines boards are versatile. PC Engines' and similar boards all operate in pretty much the same fashion, so what you learn here applies to all of them. A cool-sounding shortcut for these boards is to call them routerboards.
You might look at the specs of our little 4521 and turn your nose up in scorn:
133 MHz AMD ElanSC520 CPU
64 MB SDRAM, soldered on board
1 Mb BIOS/BOOT Flash
Two 10/100 Ethernet ports
CompactFLASH Type I/II socket, 8 MB Flash to 4 GB Microdrive
1 DB9 Serial port
Power, Activity, Error LEDs
Mini-PCI type III socket
2 PC-Card/Cardbus slots
8 bit general purpose I/O 14-pins header
Board size 9.2" x 5.7"
Option for 5V supply using internal connector
Power over Ethernet
Operating temperature 0–60°C
You'll find more raw horsepower in a low-end video card. But don't let the numbers fool you. Combined with a specialized Linux, BSD, or any embedded operating system, these little devices are tough, efficient workhorses that beat the pants off comparable (and usually overpriced and inflexible) commercial routers. You get complete control and customizability, and you don't have to worry about nonsense like hardcoded misconfigurations or secret backdoors that are known to everyone but the end user. These little boards can handle fairly hostile environments, and with the right kind of enclosures can go outside.
The 4521 can handle up to five network interfaces: two PCMCIA, two Ethernet, and one wireless in the mini-PCI slot. Six, if you count the serial interface. So, with this one little board, you could build a router, firewall, and wireless access point, and throw in some DMZs as well. All of these kinds of boards come in a variety of configurations.
You probably won't see throughput greater than 17 Mbps with the Soekris 45xx boards. The 48xx and PC Engines WRAP boards have more powerful CPUs and more RAM, so you'll see speeds up to 50 Mbps. This is far faster than most users' Internet pipelines. Obviously, if you are fortunate enough to have an Ethernet WAN or other super high-speed services, you'll need a firewall with a lot more horsepower. As a general rule, a 45xx set up as a firewall and router will handle around 50 users, though of course this varies according to how hard your users hammer the little guy.
In addition the board itself, you'll need a Compact Flash card or microdrive for the operating system, and a reader/writer on a separate PC to install the OS on your CF or microdrive. Or, you may install the operating system from a PXE boot server instead of using a CF writer. Also required are a power supply and a null-modem DB9 serial cable. A case is optional.
Complete bundles including an operating system are available from several vendors, such as Metrix.net (http://metrix.net) and Netgate.com (http://netgate.com/).
Your operating system size is limited by the size of your CF card or microdrive. The CPU and RAM are soldered to the board, and are not expandable, so the operating system must be lean and efficient. In this chapter, we'll go for the tiny gusto and use a little 64 MB CF card, so we'll need a suitably wizened operating system. Pyramid Linux fits nicely. The stock image occupies a 60 MB partition, and uses about 49 MB. It uses stock Ubuntu packages, so even though it does not come with any package management tools, you can still add or remove programs.