Saturday, January 12, 2013

Part 1, Home gateway/firewall/router: the hardware

These blog posts will be handling the topic of a custom built home gateway/firewall.

First things first, below you can see all hardware components I purchased. It is based on the Atom Cedar Trail.

 All components:

SolidLogic Atom M350 Mini-ITX System Atom-M350v1
Mainboard
1 x Jetway NF9D-2550 Dual Core Atom Mini-ITX Motherboard NF9D-2550  
Case
1 x M350 Universal Mini-ITX Case M350  
Daughterboard
1 x Jetway 3x 1Gb Intel LAN Module AD3INLANG  
Memory
1 x Transcend SO-DIMM DDR3 1333 Memory 2GB JM1333KSU-2G  
DC-DC Power Converter
1 x PicoPSU-80 DC-DC Power Converter, 80 W picoPSU-80  
AC Adapter (brick)
1 x Power Adapter DC 12 V, 80 W Level 5 (EU Power Cord Included) PW-12V6A7-L5  
Mounting
1 x M350 Wall Mounting Brackets MB-M350  
Case Fans
1 x Replacement Vapo-Bearing Cooling Fan, 40x40x20 (with mounting screws)

Additionally I added an OCZ-AGILITY3 60G SSD which I had lying around.


I assembled all parts to one neat little mini itx SFF gateway with 5 gigabit ethernet ports (pictures see below).
  • 3xIntel  82541GI
  • 2xRTL8111/8168B

As an operating system I installed CentOS 6.3 running kernel 2.6.32-279.19.1.el6.x86_64. I had no issues with the Intel NICS as the drivers shipped with the kernel already were compatible.

I did have an issue with the Realtek NICs. They were not recognized by that kernel. As a resolution I installed the drivers from the ELRepo project (Thanks!):

rpm --import http://elrepo.org/RPM-GPG-KEY-elrepo.org
rpm -Uvh http://elrepo.org/elrepo-release-6-5.el6.elrepo.noarch.rpm
yum install kmod-r8168

After this little issue, I had no other issues with the hardware and OS combination. Please note that I am running this as a headless box, so I did not test any fancy graphics card functions (onboard on the Atom).

The power consumption for this setup which I measured is:
  • 22-24 W idle
  • 28 W cpu all cores 100% loaded
I added an additional FAN in the case, but you do not really need this. The motherboard/cpu is fanless, the cpu will run idle at an average temperature of 55° with an ambient temperature being about 22°.

However, I configured the FAN with smartfan in BIOS, so that it will keep the cpu lower than 50° at all times.

Things I will be configuring on this box, I will probably update this blog with all topics.
  1. Default iptables/bridging config (already done)
  2. DNS with bind (caching and local resolving)
  3. DHCP with dhcpd (already done)
  4. Transparant caching proxy with Squid
  5. Dynamic dns update from dhcp
  6. Nagios monitoring with check_mk (already done)
  7. Intrusion detection, probably with Snort
  8. Radius server for external Cisco access point
  9. Ddclient for dynamic DNS (already done)
  10. OpenVPN
  11. .... and other things that come to my mind :)

Details and pictures:

lspci -nn
00:00.0 Host bridge [0600]: Intel Corporation Atom Processor D2xxx/N2xxx DRAM Controller [8086:0bf3] (rev 03)
00:02.0 VGA compatible controller [0300]: Intel Corporation Atom Processor D2xxx/N2xxx Integrated Graphics Controller [8086:0be2] (rev 09)
00:1b.0 Audio device [0403]: Intel Corporation N10/ICH 7 Family High Definition Audio Controller [8086:27d8] (rev 02)
00:1c.0 PCI bridge [0604]: Intel Corporation N10/ICH 7 Family PCI Express Port 1 [8086:27d0] (rev 02)
00:1c.1 PCI bridge [0604]: Intel Corporation N10/ICH 7 Family PCI Express Port 2 [8086:27d2] (rev 02)
00:1c.2 PCI bridge [0604]: Intel Corporation N10/ICH 7 Family PCI Express Port 3 [8086:27d4] (rev 02)
00:1c.3 PCI bridge [0604]: Intel Corporation N10/ICH 7 Family PCI Express Port 4 [8086:27d6] (rev 02)
00:1d.0 USB controller [0c03]: Intel Corporation N10/ICH 7 Family USB UHCI Controller #1 [8086:27c8] (rev 02)
00:1d.1 USB controller [0c03]: Intel Corporation N10/ICH 7 Family USB UHCI Controller #2 [8086:27c9] (rev 02)
00:1d.2 USB controller [0c03]: Intel Corporation N10/ICH 7 Family USB UHCI Controller #3 [8086:27ca] (rev 02)
00:1d.3 USB controller [0c03]: Intel Corporation N10/ICH 7 Family USB UHCI Controller #4 [8086:27cb] (rev 02)
00:1d.7 USB controller [0c03]: Intel Corporation N10/ICH 7 Family USB2 EHCI Controller [8086:27cc] (rev 02)
00:1e.0 PCI bridge [0604]: Intel Corporation 82801 Mobile PCI Bridge [8086:2448] (rev e2)
00:1f.0 ISA bridge [0601]: Intel Corporation NM10 Family LPC Controller [8086:27bc] (rev 02)
00:1f.2 SATA controller [0106]: Intel Corporation N10/ICH7 Family SATA Controller [AHCI mode] [8086:27c1] (rev 02)
00:1f.3 SMBus [0c05]: Intel Corporation N10/ICH 7 Family SMBus Controller [8086:27da] (rev 02)
02:00.0 Ethernet controller [0200]: Realtek Semiconductor Co., Ltd. RTL8111/8168B PCI Express Gigabit Ethernet controller [10ec:8168] (rev 06)
03:00.0 Ethernet controller [0200]: Realtek Semiconductor Co., Ltd. RTL8111/8168B PCI Express Gigabit Ethernet controller [10ec:8168] (rev 06)
04:00.0 SATA controller [0106]: ASMedia Technology Inc. ASM1062 Serial ATA Controller [1b21:0612] (rev 01)
05:04.0 Ethernet controller [0200]: Intel Corporation 82541GI Gigabit Ethernet Controller [8086:1076] (rev 05)
05:06.0 Ethernet controller [0200]: Intel Corporation 82541GI Gigabit Ethernet Controller [8086:1076] (rev 05)
05:07.0 Ethernet controller [0200]: Intel Corporation 82541GI Gigabit Ethernet Controller [8086:1076] (rev 05)







Posted by at 00:28 0 comments
Subscribe to: Posts (Atom)