Budget hardware recommendations? Given the Raspberry Pi 4 is not supported, I am looking for a budget hardware option similar to the Raspberry Pi 4 scale for ipFire? I have a need for two firewalls in ambient temperature locations (closets), that have no AC cooling. This is why the Pi devices or similar are of interest, because I can cool them with simple fans, well vented cases.
The only requirement is 2 Gb ports, and no need for VPN, WOL, or such. But basic ACPI hardware monitoring would be plus. As well as SNMP monitoring.
Not even a range of money? Pi 4 is insanely cheap, for comparison even with appliances firewall like Taiwanese, Chinese and European products.
Personally I wonāt buy less than 4 port firewall: they became 3 when a WAN/RED port is assigned, and without using vLANs, wellā¦ itās a really short leash.
You could use a second hand X86-64 thin client, like the HP T610 Plus with an extra gigabit ethernet PCI-E board. Problem: it is rare. The T610 not-Plus has a PCI-E port but you need to mount a bracket to install the gigabit ethernet board.
I would recommend a similar setup: I have a HP Thin Client T620 Plus with a low profile 4-port Intel i350 Gigabit NIC.Power consumption is mostly at 11 W. It is rare and you have to watch out for it at eBay for example. It has a built-in Realtek NIC and if you put in a normal 1-port NIC it would be cheaper than the Intel i350. Plus is: you can get it with an AMD quad core processor which has less hardware vulnerabilitites as contemporary or new Intel CPU. There are versions with one M.2 slot and with two.
I do not want to appear utterly pushing, but I would really recommend to buy something like this one:
(Full disclosure: I am not related to the company behind that offer, Lightning Wire Labs, in any way.)
Especially for IPS performance, good NICs are a must (hint: most Realtek are not). Unfortunately, they are rarely documented as such, and even more expensive boards lack them. Being stuck behind such a device since I was not paying attention to that detail back then, I think spending a bit more money is worth it.
If I use a standard PC, I have some good 1 Gb Intel NICs (2 port and 4 port) PCIe cards, I pulled from an older Dell 2950. I am currently using an older desktop that is 32 bit Pentium based. It works fine, the throughput is fine for what I need. The key issue with it, is that it has no hardware monitoring, does not support ACPI. So even with SNMP enabled, the sensor data is crippled.
The Mini Appliance is a bit more than some other options, but it may be worth the extra cost to just have something that works out of the box. So right now I am leaning to the Mini Appliance.
To give you an idea what is there for cheap arm devices, i looked into that recently and now use a NanoPi R1 -1gb. It works surprisingly well for simple blocking in my tiny amateur home network. Doesnt have 2 GB ports, but one gbps and one USB2Ethernet adapter (~300mbps). There is also another 100mbps port. Should you be tempted read the installation guide first and think about how you deal with the RNG.
Yes, I also am looking at the NanoPi as well. Very interesting device. Unfortunately, I need something a bit more robust I fear. I have about 20 devices total, and half of these are gaming and streaming consistently.
I think I an going to do two thingsā¦ One I am strongly leaning to the appliance. It is a bit more than some of the generic NUC or mini PC options, but for the bulk of my need, it is supporting ipfire and will just work. This is need for the largest use case scope.
The above said, I am also looking a white-box or Frankenstein unit. This will be what I can tinker with, and indulge in. This maybe a NanoPi or some other (generic) mini-PC or even thin client.
Thanks for and to everyone that has contributed thus far, great suggestions and feedback on ideas. Happy Holidays.
Intel NUC will do the trick. They have only one NIC, but for home appliances with less than 1 gb connections they will do nicely. Search for for ārouter on a stickā - you need to configure some VLANs both in your switch and in IPFire, but once you get the settings right, this will run quite smoothly. Realtek NICs and IPFire are good buddies, whereas Open/FreeBSD and Realtek cards are more troublesome.
A nice howto on making a router on a stick can be found here. The author uses PFsense, but the principles are the same and can be easily applied on IPFire.
I found that interesting.
You could do this with a thin client with one nic.
And a inexpensive managed switch very cool.
long as Red port cant reach switch gui.
One problem.
Still possible.
2 zones RED, and GREEN would be easy through the WUI.
