|
Post by clintonb on Feb 20, 2015 15:48:24 GMT
|
|
|
Post by clintonb on Feb 20, 2015 15:58:49 GMT
Here is a further example of RISC (ARM), dual Gigabit NICS www.ti.com/tool/tmdssk3358#2Agree, it shouldn't be a priority for the project but something that could be a background task...
|
|
|
Post by Lee Sharp on Feb 20, 2015 17:28:04 GMT
That is a nice little board there. However, it is $200. For $200 I can get an Atom based 2 port with case and power supply that will run SmallWall / m0n0wall / pfSense without modification. I know a guy that uses them to power hotels in the north east. For under $400, I can get a 4 port gigabit with Intel chips. So what is the benefit for supporting that TI kit? That said, I am sure the price will come down. When it does, if there is demand, porting for that board can be done. But if another board comes out based on the exact same arm chip, the image for the first board will probably not run. This is why dd-wrt and tomato have so many images. Each system need a different image. But if you want to port to that kit, I support you and will help any way I can.
|
|
weust
New Member
Posts: 2
|
Post by weust on Feb 20, 2015 22:32:41 GMT
This is getting a bit mixed up between here and the OPNsense forum topic, but can you also get Hyper-V integration tools into FreeBSD 8.x?
|
|
|
Post by watercooled on Feb 20, 2015 23:27:20 GMT
What's the plan for software choice, if that's been established? Will it stay the same as m0n0wall with e.g. ipfilter instead of pf as like I said in the m0n0wall thread, ipfilter seems faster from my own testing.
Also, would it be possible to keep the traffic shaper from m0n0wall, or at least have it as an option?
As others have said, I don't think there's necessarily a lot to improve on m0n0wall feature-wise, though I agree OpenVPN support could be useful. I'm happy to see the focus for the project remains similar to m0n0wall in avoiding too many features, etc.
And lastly, another big thanks from me! I'm not sure what I could offer in terms of development but I have an APU1C as my active router and a 2D13 on standby along with a couple of standard PCs to test builds.
|
|
|
Post by Lee Sharp on Feb 21, 2015 1:35:21 GMT
weust, I do not know. Honestly, I have not played with hyperV at all yet. But I will look into it. Of course, most of the tools (vmware tools as well) are totally not needed for SmallWall. You do not need to gently shut it down. You do not need to gracefully pass mouse movements or video output. All you really need are drivers for nic and chipset. watercooled, I have no urge to make another copy of pfSense. As to specifics, some of that will be decide by the dev team as time goes on. Right now I seen no reason to go to pf, as it does have a performance impact. And I am a big fan of the m0n0wall traffic shaper, over the one in pfSense. But I suspect the limitations are related to the use of pf... As for the changes I want to see, they are small things. VPN support. A tap for sniffing. Some updates to the GUI. But performance is first.
|
|
web
New Member
Posts: 2
|
Post by web on Feb 21, 2015 12:49:56 GMT
please stop with the RPi thread :-)
I only mentioned it because FreeBSD runs just fine on the platform hence FreeBSD has (albeit limited) support for ARM -- end of thread, ok?
What I view as important is to agree on several key points:
1) what version of FreeBSD to resume support for m0n0^h^h^h^hsmallwall
2) what platforms to support (that is, is ARM support essential?)
3) what features are broken and need fixing
4) what new features (distinguish between UI changes and fundamental features) are needed
To me that would be a good starting point if these further points hold:
a) m0n0wall is mothballed (seems to be unquestionably true)
b) folks agree that smallwall is a good place to start to pick up the pieces
c) we have a set of developers (vetted by Lee?) adequate to the task
|
|
|
Post by vasiqmz on Feb 21, 2015 13:06:17 GMT
It's actually a good idea to consider first these two things in mind for now. Updating the site to a new design, I can help in that as well. If you want I can provide you Hosting space on my Server. But my concern is more about what will be done in SmallWall apart of the security patches ?
|
|
|
Post by Lee Sharp on Feb 21, 2015 16:58:16 GMT
So, time to start breaking up this thread... There will be a website and GUI thread started in the Dev section. Some of y'all need to be there! As for what is needed, money is way down on the list. I am amazed at how little I have spent so far... But people are needed. And contributions are not just coding... Artistry (Lord knows I am not good at it), support, web design, and so on... We need it all. But this thread is about the goals of the project. Vasiqmz hit the nail on the head when he asked "But my concern is more about what will be done in SmallWall apart of the security patches ?" 1) Security patches are first. Knowing that what we have now will still work in the future is needed for many to even consider adoption. 2) Driver updates, usually accomplished by moving to a later version of FreeBSD. This is a lot of work, but totally needed as new hardware comes out. 3) New features. It is last on the list, but it is on the list. And the last snapshot of m0n0wall had the first pass at some new VPN options... This will happen, but it will be a small part of the overall project. One of the best features of m0n0wall was it's stability. SmallWall needs to keep that feature.
|
|
azdps
Junior Member
Posts: 20
|
Post by azdps on Feb 22, 2015 0:00:44 GMT
I put a lot of work awhile back trying to update m0n0wall to FreeBSD 10 current. I was able to get the vast majority of files patched etc and updates to many of the ports working fine. I ran into some issues I'm sure others could have overcome. Anyways I foolishly got rid of everything I had accomplished when the repository showed that m0n0wall developers started FreeBSD 10 working build.
Looking forward we should be looking at migrating to FreeBSD 10 immediately. Keeping the 8build tree patched shouldn't be too difficult.
|
|
|
Post by mattbreedlove on Apr 18, 2015 3:33:49 GMT
Yes! Update for FreeBSD 10 current. I would say that is a top 3 priority. Being able to run smallwall on newer hardware would be great and the fact it has already been done means it should be low hanging.
The newer hardware is so fast Sandy/Ivy Bridge and Haswell generation chipsets and Lan controllers would really allow high volume throughput with a dead simple firewall engine and interface
|
|
|
Post by mattbreedlove on Apr 18, 2015 3:45:57 GMT
I think a great new feature is canned HA. Make it dead simple like pptp vpn. Just set up two smallwalls, and have the HA config do some floating IP version like hsrp/vrrp. Maintaining in fight connections through a failover I think could be punted on, if it made it too complicated for version 1. Just having a standby box take over and external and internal, etc floating IP in under a minute would be and awesome first rev.
|
|
|
Post by shaddowwz on Jul 4, 2015 23:20:14 GMT
I must say Lee that I am glad you took up the project from where Manuel left off. I have been a long time user of M0n0wall, it fit my needs perfectly for the longest time and was sad to see it go. I much prefer an affordable and compact embedded appliance and I am glad to see that I am not in the minority. There is however one or two features that I had hoped would eventually make it into M0n0wall and now am hopeful might be considered for SmallWall.
First: OpenVPN support.
Don't know how hard this would be to implement nor what kind of impact it would have on an embedded appliance. However, OpenVPN is looking very promising in terms of security and appears to be gaining support from many vendors.
Second: Dual WAN Support
The ability to combine two WAN connections to act as one and double throughput or configure a failover would be very useful in business environments.
|
|
|
Post by Lee Sharp on Jul 6, 2015 0:51:39 GMT
I agree that those would be nice. But I have looked into them, and there are substantial complications. For OpenVPN, it would conflict with the other VPN services in may ways and would take substantial rewriting. That is why L2TP was implemented. It was just the much easier way to implement a modern VPN. As for the Deal WAN, again that adds a lot of complications. Especially for non-dual wan users... Look at pfSense and the complexity involved with gateways. (Which only makes sense when you have Dual WAN, but is still complex with a single source.) Right now, I find it easier to stick SmallWall behind a cheap TP-Link load balancer. It works well, and you still have a rock solid and secure firewall behind the load balancing. Now this is not to saw those things will not be done. But someone needs to address those problems first. If you have any ideas, I am all ears!
|
|