Hacker News new | ask | show | jobs
by dsr_ 1918 days ago
My stock Debian x86 mini-ITX firewall is now 7 years old. It has been upgraded across three stable releases and will go to bullseye sometime this year. It handles stateful firewalling, IPv6 routing, failover DHCP, DNS caching, NTP... and it has lots of available capacity in CPU and RAM.

It was expensive for a home firewall but not horribly so, and I fully expect it to have a ten or twelve year lifespan with full support. If the NIC fails, I can replace it -- it's a PCIe card. If the storage fails, I can replace it -- SATA SSD. Neither of those have happened yet, but I might replace a fan sometime soon.

These days I would probably buy a tiny NUC-like object with enough gig-e ports.
2 comments
mxuribe 1918 days ago
I've often thought about doing something like this over the years...but the enthusiasm (if that's the right thing that i feel) often wears away, when i'm just sitting down after a very long, hard day of work to watch netflix...and then "the internet is down". Clearly i have no experience doing what you described, and my fear of added maintenance might be inaccurate...but i do wonder if this is better in the long run. Do you find that such an approach creates lots more maintenance work for you?
link
bubblethink 1918 days ago
If you are not doing anything fancy with your current router, using debian on an x86 machine as a router will work indefinitely. All you'll ever do is apt update.
link
mxuribe 1918 days ago
Nice; ok thanks!
link
simplyaccont 1918 days ago
I been running similar setups for past 20 years or so. It's as much maintenance as you want it to be after initial configuration
link
mxuribe 1918 days ago
That's a long time; thanks!
link
simplyaccont 1918 days ago
sure. i am now on 4th iteration of gateway (setting it up now). first one died (early 2000s.) second couldn't deal with 120mbit adsl speed. third had 2 mini-pcie cards inside to server as AP. for past couple of years tried edgerouter-x flashed with openwrt, but it was... "not it" (selection of packages is vast, yet limited) so i went back to x86 based one. one interesting side effect, is that much talked about bufferbloat disappeared after i switched to it from edgerouter, even without any queue management (have 1gb cable at home).
link
whatupmiked 1918 days ago
Debian has no bugs - heard it here first!
link