[HH] single board computers for use as a router

Tom Metro tmetro+hhacking at gmail.com
Thu Apr 25 23:24:25 EDT 2013 

Shankar Viswanathan wrote:
> Tom Metro wrote:
>> Is there a router-oriented distribution built on
>> *BSD with a web GUI?
> 
> The two router-oriented distributions that I am aware of are:
> pfSense: http://www.pfsense.org/
> m0n0wall: http://m0n0.ch/wall/

Ah, yes, of course. I'm familiar with both. I guess I don't have them
filed well in my bookmarks.


> A Google search also reveals:
> BSD Router Project: http://bsdrp.net/

That one is new to me.

http://bsdrp.net/documentation/faq?DokuWiki=9b797219d1cb6398006335f3656e77a2

  What's the difference between BSDRP and m0n0wall or pfSense ?

  The main goal of BSDRP is not firewalling but routing. If you are
  looking for a firewall, or for sharing your Internet access, don't use
  BSDRP but use m0n0wall or pfSense instead.

  BSDRP doesn't have a Web GUI: It's to be configured from a CLI only
  (like Cisco/Juniper). BSDRP is not intended for home use, but for
  company use (small ISP for example).

So they're aiming to replace "big iron" routers.


  Can I install BSDRP on a MIPS or ARM device (RouterStation, D-Link,
  etc..) ?

  BSDRP targets x86 and sparc64 architectures only.
  But ZRouter.org targets ARM and MIPS architectures.

ZRouter (http://zrouter.org/) is also new to me. The about page doesn't
say what the objectives are of the distribution, but does tell the
history of how it came to be when the lead developer was working for
D-Link Ukraine and decided to apply his embedded knowledge to porting
FreeBSD to that hardware.

Looks like they support a few D-Link models and the discontinued
RouterStation boards.

It looks like a pretty small community.


There's also the FreeBSD/MIPS Project
(http://www.freebsd.org/platforms/mips.html) previously mentioned on
this list.

But as I said earlier in the thread, the objective is to use something
that is preferably open source, but has a substantial community around
it, so that security update support is likely to happen, or failing
that, a commercial vendor that supports an open source based firmware.

This may be possible today with a distribution like pfSense, providing
you are willing to run it on x86 hardware. The question is whether ARM
will become a first-class architecture for FreeBSD (it has for Debian;
per http://www.freebsd.org/releases/8.1R/hardware.html it has not for
FreeBSD), whether that will then lead to an ARM version of pfSense, and
low-friction flow of security updates from FreeBSD to pfSense.

It doesn't look like this will be happening and production ready in the
next 12 months. (Unless you know otherwise.)


I asked a colleague about this thread topic:

>> Do you still feel that FreeBSD provides an objectively better security
>> environment?
> 
> nah, I think it's all the same -- for my use the FreeBSD stuff is easy 
> because I can build and update them as an appliance
> 
> 
>> Ubiquiti router...running a dressed up version of Debian.
> 
> edgemax is a fork of vyatta (which yes is based on debian).
> I use vyatta on some routers (on regular pc hardware); it's pretty good.
> 
> and yes, definitely - having some of these network focused arm systems 
> coming out is interesting!

If the security isn't superior, I'd just as soon stick with the more
familiar Debian environment anyway.

http://www.vyatta.org/
  The free community Vyatta Core software(VC) is an award-winning open
  source network operating system providing advanced IPv4 and IPv6
  routing, stateful firewalling, IPSec and SSL OpenVPN, and more. When
  you add Vyatta to a standard x86 hardware system, you can create an
  enterprise grade network appliance that easily scales from DSL to
  10Gbps.

But they also don't support ARM. A thread from a few years back on the
topic:
http://www.vyatta.org/node/5160

So it seems like Debian on ARM (without GUI) or the Ubiquiti flavor
would be the way to go in the short term.

 -Tom

More information about the Hardwarehacking mailing list