Firewall and server, which mobo?

All about them.

Moderators: NeilBlanchard, Ralf Hutter, sthayashi, Lawrence Lee

Post Reply
born2code
Posts: 49
Joined: Tue Jan 30, 2007 4:09 pm

Firewall and server, which mobo?

Post by born2code » Sat Oct 04, 2008 12:02 pm

Hi all,

I'm building a firewall and a server. The firewall will boot from a CF disk. The server will boot from a pair of Western Digital RE2-GPs (RAID 1). Which motherboard/cpu/power supply should I use? I am running these out of my house and would like to keep power consumption low.

jessekopelman
Posts: 1406
Joined: Tue Feb 13, 2007 7:28 pm
Location: USA

Post by jessekopelman » Sun Oct 05, 2008 1:39 am

I'm confused. Are you building two separate boxes, or will both the server and the firewall be the same box? If it's the same box, why have them boot off separate devices? What kind of server is it? Do you need support for GigE?

born2code
Posts: 49
Joined: Tue Jan 30, 2007 4:09 pm

Post by born2code » Sun Oct 05, 2008 8:38 am

The server will be running mail and postfix. The firewall will have its own motherboard/cpu/storage/etc. Whether I put them in the same case or not is still up in the air. GigE would be nice.

born2code
Posts: 49
Joined: Tue Jan 30, 2007 4:09 pm

Post by born2code » Sun Oct 05, 2008 8:43 am

Oh yeah . . . the motherboard for the server has to support ECC.

jessekopelman
Posts: 1406
Joined: Tue Feb 13, 2007 7:28 pm
Location: USA

Post by jessekopelman » Sun Oct 05, 2008 1:42 pm

I'm not sure why you'd need GigE for a mail server. I'm also not sure why that would need to be a separate machine from the firewall, although I can certainly see some benefits of doing it that way (just not sure they're worth the cost). Is that really all you are going to do with it?

Anyway, I'd recommend getting an ALIX board for the firewall, namely this one. That board + CF card + case and power brick should run < $200 and be fine for running something like pfSense or M0n0wall.

For the server I'd be looking at an AM2 board using the Nvidia 6100 chipset (Nvidia 7050 and AMD 740G are also viable choices) coupled with a Sempron LE. The Atom-based Intel Intel BLKD945GCLF2 would also work for the server, but honestly it will likely consume just as much power as the AMD build and provide less flexibility. Which PSU to choose depends on the case. I'd probably be going for something like the 80+ Certified Sparkle 250W ATX. A PicoPSU 120W + 7A or higher brick would be more efficient, but also cost more and be a space waster if your case has room for internal PSU.

NyteOwl
Posts: 536
Joined: Wed Aug 23, 2006 7:09 pm
Location: Nova Scotia, Canada

Post by NyteOwl » Sun Oct 05, 2008 3:25 pm

If the firewall is to provide protection to network elements beyond the server then it is best to run as a standalone machine. This helps prevent possible firewall tampering in the event that an application running on the server is exploited. It also means that if the server goes down, you don't lose network protection or connectivity.

For a home or small office firewall almost any basic motherboard and processor will do. Of more relevance is the number and speed of the available network ports depending on your needs. The Alix board suggested above is a good choice, as are some of the offerings from Soekris.

For a mail server, even one running a mailing list, the resource requirements are pretty low for personal or even small business use. A small HTPC sized setup, albeit with lower powered processor would do fine. The Alix board above would even be an option as I have a small mail server running on a K6-2/350MHz, (as well as a local news server) and 384MB of ram.

born2code
Posts: 49
Joined: Tue Jan 30, 2007 4:09 pm

Post by born2code » Sun Oct 05, 2008 10:09 pm

Ugh . . . what I really meant to say was . . . "apache and postfix". Another thing I forgot. I need at least three LAN ports (or 2 LAN and one wireless) so I can put the server in a DMZ.

Beyonder
Posts: 757
Joined: Wed Sep 11, 2002 11:56 pm
Location: EARTH.

Re: Firewall and server, which mobo?

Post by Beyonder » Mon Oct 06, 2008 3:56 pm

born2code wrote:Hi all,

I'm building a firewall and a server. The firewall will boot from a CF disk. The server will boot from a pair of Western Digital RE2-GPs (RAID 1). Which motherboard/cpu/power supply should I use? I am running these out of my house and would like to keep power consumption low.
I'm not sure if you need a full-blown computer for the firewall for any particular reason, but I would consider getting a router that runs Tomato or DD-WRT. Both of them have built-in firewalls and other pretty amazing features, and are built on top of Linux. Compatible routers run around ~$50, and consume less than 10W. Unless you have really special needs, I can't imagine a PC-based solution being ideal.

NyteOwl
Posts: 536
Joined: Wed Aug 23, 2006 7:09 pm
Location: Nova Scotia, Canada

Post by NyteOwl » Mon Oct 06, 2008 6:40 pm

Ugh . . . what I really meant to say was . . . "apache and postfix". Another thing I forgot. I need at least three LAN ports (or 2 LAN and one wireless) so I can put the server in a DMZ.
The Soekris has more than 2 ports and has wireless capability via PCI expansion.
I'm not sure if you need a full-blown computer for the firewall for any particular reason, but I would consider getting a router that runs Tomato or DD-WRT. Both of them have built-in firewalls and other pretty amazing features, and are built on top of Linux. Compatible routers run around ~$50, and consume less than 10W.
Yes the Linksys WRT54G (original) or WRT54GL with DD-WRT, OpenWRT or Tomato are capable little machines and cost effective.
Unless you have really special needs, I can't imagine a PC-based solution being ideal.
Actually using non-specialized hardware can actually provide a more flexible and extensible solution. After all a router or firewall are small computers stripped down to the essential elements.

jessekopelman
Posts: 1406
Joined: Tue Feb 13, 2007 7:28 pm
Location: USA

Post by jessekopelman » Tue Oct 07, 2008 2:35 pm

NyteOwl wrote:The Soekris has more than 2 ports and has wireless capability via PCI expansion.
Soekris is pretty much end of life. ALIX is the replacement and you can get up to 3X RJ-45 and 2X mini-PCI (for wireless). ALIX solution is about $200-250 (including case, power adapter, and CF card) for a non-wireless configuration vs. about half that for an off the shelf router upgraded to run a custom firmware. The off the shelf-router will also have built in wireless. The ALIX build gives you a lot more customizability, though. Which way to go depends on price sensitivity and what feature you really need.

NyteOwl
Posts: 536
Joined: Wed Aug 23, 2006 7:09 pm
Location: Nova Scotia, Canada

Post by NyteOwl » Tue Oct 07, 2008 5:41 pm

I guess someone neglected to tell Soekris their products were EOL, as they are still making designing and selling product.

jessekopelman
Posts: 1406
Joined: Tue Feb 13, 2007 7:28 pm
Location: USA

Post by jessekopelman » Tue Oct 07, 2008 11:39 pm

NyteOwl wrote:I guess someone neglected to tell Soekris their products were EOL, as they are still making designing and selling product.
You're right! I was getting WRAP and Soekris mixed up. It is WRAP that was replaced by ALIX. Sorry :oops:

Seems like the Soekris 5501 is the comparable board to the ALIX, but the Soekris are a bit higher end with more RAM and more RJ-45 and cost a bit more money.

Post Reply