DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 7th October 2009
mikesg's Avatar
mikesg mikesg is offline
I can has a title?
 
Join Date: Aug 2009
Posts: 28
Default DIY OpenBSD Firewall Appliance

I want to build a low power fanless OpenBSD firewall. I've been searching the net looking at products from various companies but not finding exactly what I want. I came across this and thought it was perfect for what I'm looking to do, but it appears to be an embedded Linux system. I wanted something more powerful than a Soekris board, and something that has SATA to run an SSD. Two NIC's is fine, but more would be fine too.

Does anyone know of anything like this or seen some cool looking devices worth checking out? My budget is less than $400.
__________________
Mike
Reply With Quote
  #2   (View Single Post)  
Old 7th October 2009
Carpetsmoker's Avatar
Carpetsmoker Carpetsmoker is offline
Real Name: Martin
Tcpdump Spy
 
Join Date: Apr 2008
Location: Netherlands
Posts: 2,243
Default

The SuperMicro Atom boards are the best available at the moment IMO:
http://www.supermicro.com/products/nfo/atom.cfm

The single-core variant only has one NIC, but you can use a PCI or PCIe NIC.

They're not fanless, on my Atom 330 the temperature is pretty good, I bet I could even remove the small CPU fan without too much problem. Although it's not something I would recommend.
Maybe you could remove the small heatsink and replace it with a bigger one to compensate ...

As a sidenote, this site is running on the 5015A-H with an Atom 330, it works really well IMO and the price is also good. I payed about 300 euro in total, this includes two disks, power supply, casing. The single-core variant is cheaper.
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
Reply With Quote
  #3   (View Single Post)  
Old 7th October 2009
BSDfan666 BSDfan666 is offline
Real Name: N/A, this is the interweb.
Banned
 
Join Date: Apr 2008
Location: Ontario, Canada
Posts: 2,223
Default

Another embedded x86 platform is PC Engines's ALIX, it's moderately faster than the Soekris offerings.

http://www.pcengines.ch/alix.htm

As for the system you mentioned in your first post, ARM platform aren't really standardized.. so running OpenBSD on that specific system would require that you port it (..and possibly write additional drivers).

There are a few embedded ARM platforms that are supported, you can find them here.
Reply With Quote
  #4   (View Single Post)  
Old 7th October 2009
mikesg's Avatar
mikesg mikesg is offline
I can has a title?
 
Join Date: Aug 2009
Posts: 28
Default

Yeah I just discovered the Supermicro unit myself. Fanless wouldn't be an absolute requirement as long as the unit is quiet. This application is going to be for a small office and the computer equipment will be nearby. As long as it's "very quiet" and shelvable I can live with it. Having SATA is great. It would be nice if the rack mount brackets were removable, oh well.

I found these just now too. They are pre-built boxes, but complete units still.

http://www.applianceshop.eu/
__________________
Mike
Reply With Quote
  #5   (View Single Post)  
Old 7th October 2009
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 3,318
Default

Quote:
Originally Posted by mikesg View Post
Does anyone know of anything like this or seen some cool looking devices worth checking out? My budget is less than $400.
For $400, you will be able to run two ALIX systems connected via CARP -- which means that you can update system while the other is performing its duties. This is the configuration I run.
Reply With Quote
  #6   (View Single Post)  
Old 7th October 2009
Carpetsmoker's Avatar
Carpetsmoker Carpetsmoker is offline
Real Name: Martin
Tcpdump Spy
 
Join Date: Apr 2008
Location: Netherlands
Posts: 2,243
Default

Quote:
Originally Posted by mikesg View Post
Yeah I just discovered the Supermicro unit myself. Fanless wouldn't be an absolute requirement as long as the unit is quiet. This application is going to be for a small office and the computer equipment will be nearby. As long as it's "very quiet" and shelvable I can live with it. Having SATA is great. It would be nice if the rack mount brackets were removable, oh well.
You can just buy the mainboard and put it in any case.
And I'm not 100% sure, but IIRC the rack mount brackets are removable.

The unit isn't very quiet, I think the PSU fan was the main noise maker.
This wasn't a requirement for this machine so I never looked at it.
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
Reply With Quote
  #7   (View Single Post)  
Old 7th October 2009
BSDfan666 BSDfan666 is offline
Real Name: N/A, this is the interweb.
Banned
 
Join Date: Apr 2008
Location: Ontario, Canada
Posts: 2,223
Default

As said by Carpetsmoker, another option for smaller x86 systems with easy to find cases.. MiniITX, NanoITX or PicoITX are damned small, and you can get cases for those practically anywhere.

Is that an option?
Reply With Quote
  #8   (View Single Post)  
Old 9th October 2009
s2scott's Avatar
s2scott s2scott is offline
Package Pilot
 
Join Date: May 2008
Location: Toronto, Ontario Canada
Posts: 198
Default

Quote:
Originally Posted by Carpetsmoker View Post
The SuperMicro Atom boards are the best available at the moment IMO:
http://www.supermicro.com/products/nfo/atom.cfm
I've been looking at these too.

Would it be too much to ask if you could please post a couple of little benchmark work on your Atom 330 dual-core.

Code:
# time openssl dhparam -out 4096.pem 4096
and,
Code:
# time dd if=/dev/urandom bs=4k count=1024 | openssl enc -e -k 1234 -aes-128-cbc -out /dev/null
and, each of,

Code:
# time openssl speed aes
Code:
# time openssl speed -multi 2 aes
Code:
# time openssl speed -multi 3 aes
With much appreciation!

/S
__________________
Never argue with an idiot. They will bring you down to their level and beat you with experience.

Last edited by s2scott; 9th October 2009 at 07:02 PM.
Reply With Quote
  #9   (View Single Post)  
Old 9th October 2009
Carpetsmoker's Avatar
Carpetsmoker Carpetsmoker is offline
Real Name: Martin
Tcpdump Spy
 
Join Date: Apr 2008
Location: Netherlands
Posts: 2,243
Default

Quote:
Would it be too much to ask if you could please post a couple of little benchmark work on your Atom 330 dual-core.
No problem, note I am running FreeBSD and not OpenBSD:

Code:
[~]% uname -a
FreeBSD cthulhu.daemonforums.org 7.2-STABLE FreeBSD 7.2-STABLE #2: Sat Sep 26 23:38:19 UTC 2009     carpetsmoker@cthulhu.daemonforums.org:/usr/obj/usr/src/sys/CTHULHU  i386
Also note this is a not an idle machine, it's doing stuff (i.e. serving this site among other things).
I also disabled HyperThreading in the BIOS. There was a thread about the "new" hyperthreading on questions@ some time ago, and benchmarks showed little difference and sometimes even a slowdown. I didn't actually measure it myself though.

Quote:
# time openssl dhparam -out 4096.pem 4096
This is taking ages. I'll do it later (i.e. overnight).

Code:
[~]% time dd if=/dev/urandom bs=4k count=1024 | openssl enc -e -k 1234 -aes-128-cbc -out /dev/null
1024+0 records in
1024+0 records out
4194304 bytes transferred in 0.329336 secs (12735641 bytes/sec)
        0.33 real         0.00 user         0.31 sys
Code:
[~]% time openssl speed aes
To get the most accurate results, try to run this
program when this computer is idle.
Doing aes-128 cbc for 3s on 16 size blocks: 3578836 aes-128 cbc's in 2.98s
Doing aes-128 cbc for 3s on 64 size blocks: 936183 aes-128 cbc's in 2.98s
Doing aes-128 cbc for 3s on 256 size blocks: 236468 aes-128 cbc's in 2.98s
Doing aes-128 cbc for 3s on 1024 size blocks: 59330 aes-128 cbc's in 2.98s
Doing aes-128 cbc for 3s on 8192 size blocks: 7412 aes-128 cbc's in 2.98s
Doing aes-192 cbc for 3s on 16 size blocks: 3161725 aes-192 cbc's in 2.98s
Doing aes-192 cbc for 3s on 64 size blocks: 811916 aes-192 cbc's in 2.98s
Doing aes-192 cbc for 3s on 256 size blocks: 204905 aes-192 cbc's in 2.98s
Doing aes-192 cbc for 3s on 1024 size blocks: 51330 aes-192 cbc's in 2.98s
Doing aes-192 cbc for 3s on 8192 size blocks: 6423 aes-192 cbc's in 2.98s
Doing aes-256 cbc for 3s on 16 size blocks: 2803864 aes-256 cbc's in 2.98s
Doing aes-256 cbc for 3s on 64 size blocks: 717044 aes-256 cbc's in 2.98s
Doing aes-256 cbc for 3s on 256 size blocks: 180732 aes-256 cbc's in 2.98s
Doing aes-256 cbc for 3s on 1024 size blocks: 45262 aes-256 cbc's in 2.98s
Doing aes-256 cbc for 3s on 8192 size blocks: 5665 aes-256 cbc's in 2.98s
OpenSSL 0.9.8e 23 Feb 2007
built on: Sun Sep 20 13:27:38 UTC 2009
options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) aes(partial) blowfish(idx) 
compiler: cc
available timing options: USE_TOD HZ=128 [sysconf value]
timing function used: getrusage
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
aes-128 cbc      19188.13k    20081.54k    20293.25k    20364.51k    20356.04k
aes-192 cbc      16955.50k    17414.58k    17579.33k    17617.89k    17636.09k
aes-256 cbc      15035.42k    15378.67k    15507.41k    15537.68k    15550.91k
       45.73 real        44.77 user         0.00 sys
Code:
[~]% time openssl speed -multi 2 aes
Forked child 0
Forked child 1
+DT:aes-128 cbc:3:16
+DT:aes-128 cbc:3:16
+R:3552672:aes-128 cbc:3.000014
+DT:aes-128 cbc:3:64
+R:3203486:aes-128 cbc:3.000331
+DT:aes-128 cbc:3:64
+R:929164:aes-128 cbc:3.000574
+DT:aes-128 cbc:3:256
+R:913984:aes-128 cbc:3.000854
+DT:aes-128 cbc:3:256
+R:236249:aes-128 cbc:3.000572
+DT:aes-128 cbc:3:1024
+R:235224:aes-128 cbc:3.000856
+DT:aes-128 cbc:3:1024
+R:59244:aes-128 cbc:3.000592
+DT:aes-128 cbc:3:8192
+R:58974:aes-128 cbc:3.000851
+DT:aes-128 cbc:3:8192
+R:7408:aes-128 cbc:3.000716
+DT:aes-192 cbc:3:16
+R:7260:aes-128 cbc:3.230340
+DT:aes-192 cbc:3:16
+R:3156597:aes-192 cbc:3.000096
+DT:aes-192 cbc:3:64
+R:3143427:aes-192 cbc:3.000031
+DT:aes-192 cbc:3:64
+R:796566:aes-192 cbc:3.000585
+DT:aes-192 cbc:3:256
+R:806742:aes-192 cbc:3.000561
+DT:aes-192 cbc:3:256
+R:204534:aes-192 cbc:3.000609
+DT:aes-192 cbc:3:1024
+R:203728:aes-192 cbc:3.000558
+DT:aes-192 cbc:3:1024
+R:51300:aes-192 cbc:3.000535
+DT:aes-192 cbc:3:8192
+R:51056:aes-192 cbc:3.000572
+DT:aes-192 cbc:3:8192
+R:6415:aes-192 cbc:3.000792
+DT:aes-256 cbc:3:16
+R:6393:aes-192 cbc:3.004059
+DT:aes-256 cbc:3:16
+R:2790117:aes-256 cbc:3.000359
+DT:aes-256 cbc:3:64
+R:2790455:aes-256 cbc:3.000368
+DT:aes-256 cbc:3:64
+R:715075:aes-256 cbc:3.000573
+DT:aes-256 cbc:3:256
+R:712461:aes-256 cbc:3.000548
+DT:aes-256 cbc:3:256
+R:180520:aes-256 cbc:3.000610
+DT:aes-256 cbc:3:1024
+R:179660:aes-256 cbc:3.000589
+DT:aes-256 cbc:3:1024
+R:45227:aes-256 cbc:3.000642
+DT:aes-256 cbc:3:8192
+R:45011:aes-256 cbc:3.000619
+DT:aes-256 cbc:3:8192
+R:5655:aes-256 cbc:3.000692
Got: +H:16:64:256:1024:8192 from 0
Got: +F:15:aes-128 cbc:18947495.58:19818373.42:20156071.58:20217962.32:20223951.88 from 0
Got: +F:16:aes-192 cbc:16834645.29:16990094.93:17450025.64:17507277.87:17512603.34 from 0
Got: +F:17:aes-256 cbc:14878843.50:15252020.20:15401241.75:15434179.75:15438358.89 from 0
+R:5629:aes-256 cbc:3.001016
Got: +H:16:64:256:1024:8192 from 1
Got: +F:15:aes-128 cbc:17083373.80:19492776.39:20066722.30:20124083.47:18411040.32 from 1
Got: +F:16:aes-192 cbc:16764770.76:17207278.24:17381556.36:17423792.53:17433564.39 from 1
Got: +F:17:aes-256 cbc:14880601.31:15196392.13:15327977.27:15360585.27:15365718.81 from 1
OpenSSL 0.9.8e 23 Feb 2007
built on: Sun Sep 20 13:27:38 UTC 2009
options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) aes(partial) blowfish(idx) 
compiler: cc
available timing options: USE_TOD HZ=128 [sysconf value]
timing function used: 
aes-128 cbc      36030.87k    39311.15k    40222.79k    40342.05k    38634.99k
aes-192 cbc      33599.42k    34197.37k    34831.58k    34931.07k    34946.17k
aes-256 cbc      29759.44k    30448.41k    30729.22k    30794.77k    30804.08k
       45.26 real         0.01 user         0.00 sys
Code:
[~]% time openssl speed -multi 3 aes
Forked child 0
Forked child 1
+DT:aes-128 cbc:3:16
+DT:aes-128 cbc:3:16
Forked child 2
+DT:aes-128 cbc:3:16
+R:3085472:aes-128 cbc:3.000411
+DT:aes-128 cbc:3:64
+R:2335941:aes-128 cbc:3.096367
+R:1765266:aes-128 cbc:3.000347
+DT:aes-128 cbc:3:64
+DT:aes-128 cbc:3:64
+R:717500:aes-128 cbc:3.000921
+DT:aes-128 cbc:3:256
+R:722494:aes-128 cbc:3.000608
+DT:aes-128 cbc:3:256
+R:470843:aes-128 cbc:3.000406
+DT:aes-128 cbc:3:256
+R:173636:aes-128 cbc:3.000849
+DT:aes-128 cbc:3:1024
+R:149047:aes-128 cbc:3.067905
+DT:aes-128 cbc:3:1024
+R:153905:aes-128 cbc:3.070786
+DT:aes-128 cbc:3:1024
+R:41614:aes-128 cbc:3.000255
+DT:aes-128 cbc:3:8192
+R:46257:aes-128 cbc:3.073060
+DT:aes-128 cbc:3:8192
+R:33592:aes-128 cbc:3.000096
+DT:aes-128 cbc:3:8192
+R:5908:aes-128 cbc:3.003046
+DT:aes-192 cbc:3:16
+R:5543:aes-128 cbc:3.102018
+DT:aes-192 cbc:3:16
+R:4298:aes-128 cbc:3.001001
+DT:aes-192 cbc:3:16
+R:2046810:aes-192 cbc:3.000435
+DT:aes-192 cbc:3:64
+R:2134905:aes-192 cbc:3.000296
+R:1878963:aes-192 cbc:3.096334
+DT:aes-192 cbc:3:64
+DT:aes-192 cbc:3:64
+R:583581:aes-192 cbc:3.051573
+DT:aes-192 cbc:3:256
+R:477738:aes-192 cbc:3.000449
+R:613944:aes-192 cbc:3.022771
+DT:aes-192 cbc:3:256
+DT:aes-192 cbc:3:256
+R:194166:aes-192 cbc:3.000458
+DT:aes-192 cbc:3:1024
+R:103472:aes-192 cbc:3.000390
+DT:aes-192 cbc:3:1024
+R:106748:aes-192 cbc:3.052449
+DT:aes-192 cbc:3:1024
+R:34781:aes-192 cbc:3.000570
+DT:aes-192 cbc:3:8192
+R:44114:aes-192 cbc:3.000014
+DT:aes-192 cbc:3:8192
+R:31268:aes-192 cbc:3.000960
+DT:aes-192 cbc:3:8192
+R:3160:aes-192 cbc:3.011755
+DT:aes-256 cbc:3:16
+R:3823:aes-192 cbc:3.000690
+DT:aes-256 cbc:3:16
+R:4679:aes-192 cbc:3.000900
+DT:aes-256 cbc:3:16
+R:2428290:aes-256 cbc:3.000376
+R:1389504:aes-256 cbc:3.000931
+DT:aes-256 cbc:3:64
+DT:aes-256 cbc:3:64
+R:1815014:aes-256 cbc:3.000895
+DT:aes-256 cbc:3:64
+R:587956:aes-256 cbc:3.000607
+R:341651:aes-256 cbc:3.047712
+DT:aes-256 cbc:3:256
+DT:aes-256 cbc:3:256
+R:494284:aes-256 cbc:2.999994
+DT:aes-256 cbc:3:256
+R:149532:aes-256 cbc:3.000442
+DT:aes-256 cbc:3:1024
+R:80491:aes-256 cbc:3.000114
+R:123433:aes-256 cbc:3.000586
+DT:aes-256 cbc:3:1024
+DT:aes-256 cbc:3:1024
+R:43577:aes-256 cbc:3.000612
+DT:aes-256 cbc:3:8192
+R:24787:aes-256 cbc:3.000499
+DT:aes-256 cbc:3:8192
+R:25766:aes-256 cbc:3.000990
+DT:aes-256 cbc:3:8192
+R:4161:aes-256 cbc:3.000421
+R:3611:aes-256 cbc:3.000217
+R:3730:aes-256 cbc:3.001099
Got: +H:16:64:256:1024:8192 from 0
Got: +F:15:aes-128 cbc:12070615.66:10043291.47:14812746.66:15413681.48:14638295.46 from 0
Got: +F:16:aes-192 cbc:11385036.68:12998806.72:8952643.60:10669396.46:12772957.45 from 0
Got: +F:17:aes-256 cbc:9677187.64:10544746.42:10530892.30:8791893.34:10181656.79 from 0
Got: +H:16:64:256:1024:8192 from 1
Got: +F:15:aes-128 cbc:16453596.52:15301968.96:12830487.05:11465702.43:11732490.59 from 1
Got: +F:16:aes-192 cbc:9709355.64:10190218.86:8828462.97:15057508.40:10436938.17 from 1
Got: +F:17:aes-256 cbc:12949257.03:12540523.97:6868304.34:8459222.28:9859724.15 from 1
Got: +H:16:64:256:1024:8192 from 2
Got: +F:15:aes-128 cbc:9413663.15:15410082.22:12437162.17:14203038.08:16116415.13 from 2
Got: +F:16:aes-192 cbc:10914737.36:12239321.82:16566302.88:11869659.43:8595227.70 from 2
Got: +F:17:aes-256 cbc:7408388.93:7174452.18:12758184.29:14871248.93:11360709.71 from 2
OpenSSL 0.9.8e 23 Feb 2007
built on: Sun Sep 20 13:27:38 UTC 2009
options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) aes(partial) blowfish(idx) 
compiler: cc
available timing options: USE_TOD HZ=128 [sysconf value]
timing function used: 
aes-128 cbc      37937.88k    40755.34k    40080.40k    41082.42k    42487.20k
aes-192 cbc      32009.13k    35428.35k    34347.41k    37596.56k    31805.12k
aes-256 cbc      30034.83k    30259.72k    30157.38k    32122.36k    31402.09k
       46.49 real         0.01 user         0.00 sys
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
Reply With Quote
Old 9th October 2009
s2scott's Avatar
s2scott s2scott is offline
Package Pilot
 
Join Date: May 2008
Location: Toronto, Ontario Canada
Posts: 198
Default

Firstly, big time thank you!

Secondly, whoo ha! The ATOM 330 is pretty darn quick. Here's my mono-core P4 3 GHz DDR machine.

Code:
# time dd if=/dev/urandom bs=4k count=1024 | openssl enc -e -k 1234 -aes-128-cbc -out /dev/null
1024+0 records in
1024+0 records out
4194304 bytes (4.2 MB) copied, 1.34392 seconds, 3.1 MB/s

real    0m1.353s
user    0m0.116s
sys     0m1.353s
#
Your 1.6 Ghz clock is a full one second faster then my 3 Ghz clock rate for the same work units.

/S
__________________
Never argue with an idiot. They will bring you down to their level and beat you with experience.
Reply With Quote
Old 10th October 2009
s2scott's Avatar
s2scott s2scott is offline
Package Pilot
 
Join Date: May 2008
Location: Toronto, Ontario Canada
Posts: 198
Default

What's also interesting is the openssl speed [-multi 1] vs -multi 2 vs -multi 3 results. The parallel test (-multi 2 and -multi 3) results are FASTER and more useful work then non-parallel, which looks to mean that the second core kicks in nicely.

I note the it's "freeBSD," not "openBSD." Oh, I'd love to see if the openbsd.mp kicks in as well.

Well, you've assured one thing -- my asterisk/freePBX telephony box is going ATOM 330 from it's P4.

Anyone out there with an openBSD-ATOM 330 ... ?

Again, thanks, Carpetsmoker!

/S
__________________
Never argue with an idiot. They will bring you down to their level and beat you with experience.

Last edited by s2scott; 10th October 2009 at 12:12 AM.
Reply With Quote
Old 10th October 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

Quote:
Originally Posted by s2scott View Post
Anyone out there with am openBSD-ATOM 330 ... ?
No, but I do have an Atom 230, single-core HT. It runs my wife's WinXP/32 desktop. But, I could easily run the same tests with OpenBSD i386/amd64 if you like, should you have any interest. I just have to get her permission to borrow it on a temporary basis.
Reply With Quote
Old 10th October 2009
Carpetsmoker's Avatar
Carpetsmoker Carpetsmoker is offline
Real Name: Martin
Tcpdump Spy
 
Join Date: Apr 2008
Location: Netherlands
Posts: 2,243
Default

Quote:
Secondly, whoo ha! The ATOM 330 is pretty darn quick. Here's my mono-core P4 3 GHz DDR machine.
[...]
Your 1.6 Ghz clock is a full one second faster then my 3 Ghz clock rate for the same work units.
Well, this is not really a fair comparison. There are many factors affecting CPU speed, not just the clock speed, that's just what the brainwash division at Intel has been telling people for years
This is especially true considering you are running a P4 netburst piece of junk (Sorry, but I have strong feelings towards those).

Quote:
Anyone out there with am openBSD-ATOM 330 ... ?
Probably in a month orso if you can wait that long ...

Quote:
Well, you've assured one thing -- my asterisk/freePBX telephony box is going ATOM 330 from it's P4.
Power efficiency is a big advantage the Atom has over the P4. Actually, the power of my box is measured so I should have some numbers on that, but I'm not sure where I can see them

IMO this board has a very good price/quality ratio. How many 125$ boards (incl. CPU) do you know where you can control the BIOS over serial line? Even on many 400$ boards you can't.
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
Reply With Quote
Old 10th October 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

I don't have a measure, but my wife's PC uses 11 watts minimum, 35 watts peak, when the fan actually kicks in.
Reply With Quote
Old 10th October 2009
s2scott's Avatar
s2scott s2scott is offline
Package Pilot
 
Join Date: May 2008
Location: Toronto, Ontario Canada
Posts: 198
Default

Quote:
Originally Posted by jggimi View Post
...should you have any interest.
Oh, yes, please!

Quote:
I just have to get her permission to borrow it on a temporary basis.
Got openBSD on a USB stick? Or one of them-there LiveCD downloads? Should be a zero-risk quick turn-around.

:-)

/S
__________________
Never argue with an idiot. They will bring you down to their level and beat you with experience.

Last edited by s2scott; 10th October 2009 at 01:23 AM.
Reply With Quote
Old 10th October 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

I should have a LiveCD around here somewhere. Ah yes, there it is, in my .sig.
Reply With Quote
Old 10th October 2009
s2scott's Avatar
s2scott s2scott is offline
Package Pilot
 
Join Date: May 2008
Location: Toronto, Ontario Canada
Posts: 198
Default

Quote:
Originally Posted by Carpetsmoker View Post
Well, this is not really a fair comparison. There are many factors affecting CPU speed, not just the clock speed, that's just what the brainwash division at Intel
Agreed! IMO, though, this test is reasonably fair across processors and memory arch.

Quote:
...P4 netburst piece of junk
Yep!

Hence it relegation to a SOHO asterisk/freePBX machine. On the PRO side: to be fair, at 3 GHz, it plows through the job very well. On the CON side: It sucks power, does NOT have HPET timer source (which would help asterisk), and doesn't have the working SSE3 (sic) and 4 extensions (which the CODECs would appreciate).

ATOM address all the CONS. The ATOM follow-on, the PINEVIEW, though yet unseen, is expected 1Q2010 and is alleged to blow everything away (except its i7 brother).


/S
__________________
Never argue with an idiot. They will bring you down to their level and beat you with experience.

Last edited by s2scott; 10th October 2009 at 02:32 AM.
Reply With Quote
Old 10th October 2009
s2scott's Avatar
s2scott s2scott is offline
Package Pilot
 
Join Date: May 2008
Location: Toronto, Ontario Canada
Posts: 198
Default

Quote:
Originally Posted by jggimi View Post
...there it is, in my .sig.


Thanks in advance for the benchmarks, if you can make nice with the wife.



/S
__________________
Never argue with an idiot. They will bring you down to their level and beat you with experience.
Reply With Quote
Old 10th October 2009
s2scott's Avatar
s2scott s2scott is offline
Package Pilot
 
Join Date: May 2008
Location: Toronto, Ontario Canada
Posts: 198
Default

Quote:
Originally Posted by Carpetsmoker View Post
IMO this board has a very good price/quality ratio. How many 125$ boards (incl. CPU) ...
My local, no cross-board taxes, duties and brokerage fees price is: CAD$163. http://www.onhop.ca/catalog/product/10698779

I can get the ASUS or INTEL 330 boards for CAD$90 or CAD$105, respectively, but they don't have the PCI-e slots and fine-grained BIOS control that you mention.

Not sure how much I care for the asterisk/freePBX box, but as a openBSD multi-NIC firewall/VPN/etc box, I think the supermicro is the hands-down winner.

/S
__________________
Never argue with an idiot. They will bring you down to their level and beat you with experience.
Reply With Quote
Old 10th October 2009
Carpetsmoker's Avatar
Carpetsmoker Carpetsmoker is offline
Real Name: Martin
Tcpdump Spy
 
Join Date: Apr 2008
Location: Netherlands
Posts: 2,243
Default

Quote:
and doesn't have the working SSE3 and 4 extensions (which the CODECs would appreciate).

ATOM address all the CONS.
Are you sure about the SSE4? My dmesg doesn't mention them (Only SSE3) and neither do either the Intel Atom nor SSE4 wikipedia pages.
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
Reply With Quote
Reply

Tags
firewall, firewall hardware, hardware

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
PF firewall bsdnewbie999 OpenBSD General 3 28th April 2009 12:35 PM
firewall for 2 adsl milo974 OpenBSD General 2 13th October 2008 05:03 PM
The great appliance hunt. diw General Hardware 8 23rd July 2008 07:02 PM
OpenBSD firewall resources J65nko OpenBSD Security 0 1st June 2008 02:28 AM
Web GUI for firewall ? giga FreeBSD General 6 8th May 2008 05:10 AM


All times are GMT. The time now is 04:00 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick