By Carla Schroder
Soekris single-board computers (SBC) are great choices for routers, firewalls, and wireless access points. They’re small, quiet, low-power, and sturdy. So here’s a howto that attempts to answer your hardware questions, and then we’ll get into building a sturdy firewall using Pyramid Linux. I just happened to find a deal on a used Soekris Net4521, which handles both wired and wireless networking, so that’s the model we’ll talk about. What you learn here can be applied to all models.
The PC Engines WRAP Boards are similar in price and features, and are good-quality just like their Soekris cousins. Soekris and WRAP are probably the most popular amongst the Linux/BSD crowd. When you’re ready to move up from those wimpy little plastic blue boxes to grownup networking devices, take a good look at these. (See Resources for more information on these and on other single-board computers.)
You probably won’t see throughput greater than 17 megabits per second with the Soekris 45xx boards. The 48xx and WRAP boards are more powerful, so you’ll get speeds up to 50 Mbps. This is still faster than most users’ Internet pipelines, and fast enough for ordinary Ethernet LANs.
Getting Acquainted With the 4521
You might look at the specs of my sleek little 4521 and turn your nose up in scorn:
- 133 Mhz AMD ElanSC520 CPU
- 64 Mbyte SDRAM, soldered on board
- 1 Mbit BIOS/BOOT Flash
You’ll find more raw horsepower in a low-end video card, or some of these weirdo neon blinky hydraulic athletic shoes kids are into these days. OK, so maybe the shoes are an exaggeration. But even so, don’t let the numbers fool you. Combined with a specialized Linux, BSD or any embedded operating system, these little devices are tough, efficient workhorses that beat the pants off comparable (and usually overpriced and inflexible) commercial devices. You get complete control and customizability, and don’t have to worry about nonsense like NTP server abuse, or secret backdoors that are known to everyone but the end user.
What You Need To Make It Go
It can be a bit confusing getting all the pieces that you need. Fortunately their user forum is an excellent resource, and you can download user manuals.
In addition the board itself you’ll need a Compact Flash card or microdrive, a reader/writer for the CF/microdrive, power supply, and a null-modem DB9 serial cable. A case is optional.
You can purchase the power supply and case from Soekris; storage media and cables have to come from somewhere else. I don’t have a fax and Soekris doesn’t have secure online ordering, so I found an Ault 12V/1.5A Switching Wall Wart elsewhere.
Buying AC/DC transformers can drive you nuts because you need the exactly correct one: a switching transformer with the correct combination of voltage and amperage, and the correctly-sized barrel connector. The Ault has it all, including a center-positive 2.1mm barrel connector.
My used 4521 came with a Crucial 64 megabyte Compact Flash card. The 4521 has a CompactFLASH Type I/II socket that supports up to an eight-megabyte Compact Flash card or up to a four-gigabyte microdrive. You’ll need a second PC and a reader/writer for your flash card or microdrive to install the operating system. The most common kind plug into a USB port, come in various garish plastic colors, and shouldn’t cost more than $20.
Cost
Because I got a nice deal on a used board, my total outlay was under $200. If I had purchased a new board I would have been out about $300, and still been happy.
Capacity
As a general rule, one of these will serve up to fifty LAN users, though of course this varies according to how hard your users hammer the little guy. Let’s see what you get with the 4521:
- Two 10/100 Ethernet ports
- CompactFLASH Type I/II socket, 8 Mbyte FLASH to 4 Gbyte Microdrive
- 1 DB9 Serial port
- Power, Activity, Error LEDs
- Mini-PCI type III socket
- 2 PC-Card/Cardbus slots
- 8 bit general purpose I/O, 14 pins header
- Hardware watchdog
- Board size 9.2″ x 5.7″
- Option for 5V supply using internal connector
- Power over Ethernet
- Operating temperature 0-60 °C
That’s quite a bit of flexibility in a tiny device. Two Ethernet ports are fine for a standard firewall when there are no public servers, but you need a third one to set up a proper DMZ for public services. No problem, just add a PCMCIA or Cardbus Ethernet card. The Mini-PCI socket is perfect for a wireless adapter like the Atheros 5004 MP, which is a mini-PCI 802.11a/b/g wireless adapter. (I bought this card in a kit with a pigtail and rubber duck antenna for $74 from Netgate.com.)
Installing the Atheros card was a bit tricky. First slide it into the slot at an angle, then push until it clicks into place. Mine required a frightening amount of force. Then press it flat, and if it’s installed correctly the little side clips will fit perfectly in the little indentations in the card, as Figure 2 shows.
Every computer widget maker in the world lards their tech specs with junk like dimensions, humidity range, weight, and operating tempuratures. This makes them look like they’re providing meaningful information, when they’re really dodging the stuff we want to know, like, will it run on Linux/BSD/Mac OSX/etc.? But for the Soekris boards, the operating temperature range is actually meaningful — 0-60 °C is an extreme range that you won’t see on most networking gear. These little boards can handle pretty hostile environments, and with the right kind of enclosures can even go outside.
PCI Warning
Beware miniPCI and newfangled PCI in general. In the olden days all PCI slots were five volt, and we were happy and we liked it that way. Then along came the great volt shortage, and now 3.3 volt PCI devices are sprouting like mushrooms on cow flops. Some PCI cards are dual-voltage, but many are not and will fry in a 5v slot, so pay attention. The Atheros card requires 3.3v.
What if you don’t have a nice networking device with a miniPCI slot, but only full-sized PCI, but still want to use the Atheros card? Get a mPCI-to-PCI adapter. This particular model is dual-voltage, so you can plug it into an old-fashioned full-sized 5v PCI slot.
Next week we’ll install an operating system and get to work.
Resources
