Friday, January 27, 2006

Soekris Dies, What Replacement?

Yesterday the UPS powering my Soekris Net4801 died. Now the Soekris no longer finds its internal 2.5 hard drive running FreeBSD 6.0. I was able to update the BIOS using this guide and the comms/lrzsz, but it had no effect. The process was simple

> download

Shift ~
Shift C

lsz -X b4801_128.bin

If I want to stick with the Soekris, I may try one of the OS installation options listed here. However, I'm wondering if I should just abandon the Soekris for something more powerful. I saw the 256 MB Net4801 will arrive soon, but I've been looking at these OpenBrick and newer systems.

Does anyone have any recommendations for new small form factor systems? Here are my ideal requirements:

  • Very small and flat -- ideally something that would fit in a consultant's brief case for carrying on a plane, along with a laptop.

  • 3 NICs, preferably one or more with Gigabit capability

  • Can use flash or a laptop HDD

  • Runs FreeBSD 6.x

  • Video and keyboard outputs are not required, but I'm starting to like that option

  • At least 128 MB RAM, preferably 256 MB or more


This is starting to sound like a laptop, but I would prefer not to use a laptop. I do not like leaving laptops at client sites. The temptation to open the screen and touch the keyboard is too great for some clients. I like using a small appliance like a Soekris.

15 comments:

Tyler said...

Have you looked at Shuttle XPC systems? You may be doing a little more buying individual parts, depending on what you get, but it may be what you want.

Richard Bejtlich said...

Hi Tyler,

I have two Shuttles. This is the newest.

The Shuttle is far too big to meet my expectations. Although I do carry it on a plane with me, I want a box small enough to fit in my consulting case.

Anonymous said...

My company has put customized software on top of this PC Engines hardware (http://www.pcengines.ch/wrap.htm). At home, I've been personally running M0n0wall (http://www.m0n0.ch/wall/ - FreeBSD-based firewall/VPN/Captive Portal) on the WRAP as my SOHO firewall for over a year with no problems.

Y # Very small and flat -- ideally something that would fit in a consultant's brief case for carrying on a plane, along with a laptop.

Y (only 100Mb though) # 3 NICs, preferably one or more with Gigabit capability

Y (only flash) # Can use flash or a laptop HDD

? (Runs 4.x and 5.x) # Runs FreeBSD 6.x

N # Video and keyboard outputs are not required, but I'm starting to like that option

Y (64 or 128) # At least 128 MB RAM, preferably 256 MB or more


Steve Lodin (steven.lodin @ Google's mail service)

Richard Bejtlich said...

Hi Steve,

From whom did you buy the WRAP?

Anonymous said...

What do you use such a device for?

Richard Bejtlich said...

Monitoring low bandwidth links.

Anonymous said...

We initially bought directly from the manufacturer in single unit quantities, 'cause our company is headquartered in Switzerland and PC Engines was kinda down the street from one our security gurus. Now, we buy in 100 unit lots from the manufacturer.

Steve

michael said...

I like via boards. I used 2 pd10000 boards side-by-side in a 1u case for a failover firewall. I used CF but it can take a HD. It looks like via has a new board (vt-310dp) out now with 3 nics (one is gig) that I'm sure would fit into a small, soekris style case. I actually bought the above rackmount from caseoutlet.com. It looks like they stock a lot of different cases.

http://caseoutlet.com/via-mb.html

--
michael

Anonymous said...

I saw this device mentioned in an online OpenBSD presentation, but I haven't yet found a US distributor: http://www.commell-sys.com/Product/IPC/EMB-564.htm

I believe the device meets your requirements, but note only one of the four NICs is GbE.

Richard Bejtlich said...

Cool -- I just emailed Sean Comeau asking him where he bought his.

Mordread Wallas said...

Hi,

We use LEX NEO systems for our consulting services as well as IDS probes.
You can get a model with 3 100Mblan cards, or 1Gb lan card, up to 512Mb of ram, laptop HD or Compact Flash, etc...

We've installed a Debian GNU/linux OS (testing) on HD (but you can get a small CompactFLash Debian from Hacom I think).

You can also contact directly Lex at http://www.lex.com.tw:8080/.

These are GREAT computers: no fan, no heat and powerfull. We're running on each (24/7) without any issue:

- Snort on two network interfaces for IDS,
- Fprobe and nfdump for netflow analysis,
- Snmp for Cacti monitoring,
- Remote X display on a Windows Workstation with XLive-CD in order to run Ethereal, Drifnet, etc...
- on demand for in-depth analysis: tcpdump, tcptrack, tcpxtract, ngrep, assniffer, potion...

Sometimes we're running a lot of tools at the same time, increasing load up to 8, but system is still reactive ;-)

You can contact me if you want more information (we currently bye these full-equipped systems in for about 500€) at: Mordread.Wallas@gmail.com

@+

Chris Buechler said...

+1 on the WRAP. They're the same speed as a 4801, and roughly the same price as a 4501.

They aren't as flexible as 4801 (no SFF IDE, so no HD, and no PCI slot), but they're nice solid boards. I have about two dozen in production as firewalls. They're smaller than a Soekris too (think the 4801 board, minus the PCI slot, and that's the size of the entire WRAP case.) But, the WRAP case is very tight, and you have to remove the board (or at least tilt it up) to remove the CF. Maybe not an issue, depending on how much you swap CF cards, but it's a pain when you're messing with something. I usually end up with my test board sitting bare on top of my Mac mini on my test bench. The board is just the right size to sit on top of the mini.

I get mine from Netgate.com.
http://www.netgate.com/product_info.php?products_id=311&osCsid=29b860ceafcc6bec90febcc6f1a9be7b

Also available in the US from mini-box.com
http://www.mini-box.com/s.nl/sc.8/search.wrap/.f

Anonymous said...

It's not necessary to remove the CF card from the WRAP unit. Just use PXE boot (built into the WRAP's BIOS) in conjunction with a DHCP and TFTP server to fresh boot the system. From there you can repartition or 'dd' the CF card with a new image.

I order my units from www.yawarra.com.au. Their service is excellent.

JimmytheGeek said...

Dunno if you have comments to old threads forwarded so you hear about them, but...

what did you wind up going with?

A very windows-centric coworker hacked his Buffalo Technologies Linkstation and runs Debian on it. It was so compellingly cool that he had to do it. He streams his mp3s to his pc at work, among other things.

It doesn't fit your specs - only one NIC, for example. Cheap storage, though.

Richard Bejtlich said...

I never did buy a replacement for the Soekris. I'm waiting for their next generation model since I don't have a pressing requirement. I did try a bigger form factor in the Hacom Lex box, documented in this blog.