[gh02t]

I also wanted something in the category you're describing and after shopping around a bit I stumbled across Mikrotik's products. I bought one of their 24 port smart switches and it was exactly what I was looking for. Not a lot more expensive than some of the nicer consumer-targeted gear, but it has way more functionality.

http://routerboard.com/CRS125-24G-1S-IN

[e12e]

Looks like a very nice product (along with most of the other products). It's a little disappointing that they seem to do only the very minimum wrt the GPL:

http://www.mikrotik.com/downloadterms.html

I mean, sure, asking for 45 USD for a CD with the source is technically complying with the GPL -- but it does seem a bit strange in this day and age. Not to mention that for the source code to be useful, one would hope one could build a working routerOS image from it -- and it doesn't appear that the CD will enable a user to build a running image -- and therefore not facilitate changing the product.

But apart from that, my first thought was -- can this thing run BSD -- because pf is quite a bit friendlier than iptables (even if the latter has gotten a lot better lately).

Does anyone know if there are any recommended alternatives to soekris for running a bsd switch/router (preferably running at ~gigabit speeds) ?

[nl]

Lots of PFSense people seem to think the PC Engines APU[1] is ok. Netgate sells a DIY kit[2].

It's only a 3 port system though.

[1] http://www.pcengines.ch/apu.htm

[2] http://store.netgate.com/kit-APU1C4.aspx

[gh02t]

Not sure if it can run BSD proper. It should be able to in theory, there's nothing preventing you from flashing your own OS image, but I can't find that anybody has actually done it. There is a facility for virtualization as well. Not sure how desirable it'd be to run on bare metal though, as it uses dedicated hardware for routing that I think is proprietary, so it wouldn't work. If I was going to try it, I'd probably pick up one of their cheaper products first to test it out on (most of the lower end stuff is similar internally).

I'm with you about the GPL though. It's my biggest complaint about it. Apart from the proprietary hardware (which OK, I guess I can forgive it), they definitely seem to be playing it pretty loose with the terms of the GPL.

Pf is indeed nice and it'd be cool to run OpenBSD on it. That said, as I mentioned I really like their configuration tools and they make iptables actually quite easy to configure.

Your best bet for a BSD router is probably to pick up a cheapish computer and put in one of the Intel or HP quad-port ethernet cards and then plug into a dumb switch. They can be had for surprisingly reasonable prices, I saw some on Amazon for ~$80 (the quad-port cards, that is).

[jlgaddis]

At home, I replaced my Cisco ASA 5505 (which replaced a Cisco 1811) with a RouterMaxx 1106 [0] running OpenBSD (from CompactFlash), though it's certainly not cheap.

[0]: http://www.maxxwave.com/solutions/security/routermaxx-6-port...

[mmastrac]

That's the exact one I have. It's definitely not a "plug and play" router, but I love it. My only real beef is that most everything on it requires a much larger level of network administration knowledge than any other hardware.

I'm also scared that I'm going to open up my home intranet to the world every time I tweak some of the advanced settings.

Not trying to dissuade anyone from using them, but it's light years away from a DD-WRT-based router.

OTOH, the ability to run VMs on your router is magical. I have yet to do that, but I'm itching to do something like putting the unifi management tools on it.

[gh02t]

Yeah, it definitely isn't something I'd recommend for people who don't know what they are doing. It's feature set is more comparable to enterprise hardware like Cisco or Juniper. Their terminal configuration utilities are pretty easy to use, but I actually really like their webui. It exposes all the functionality (which is a daunting amount) but is clean and very responsive.

That said, RouterOS pretty well documented and isn't hard as long as you know the basics. Mikrotik actually has a pretty vibrant little community around their wiki.

[nl]

Can the firewall on that do outbound filtering?

I've been looking at trying to control some of my devices a bit more (eg, SmartTVs).

PFSense looks good, but the dedicated hardware boxes are kinda pricy[1], and I don't really want to build something myself.

A switch with a built in firewall at that price is an interesting option.

[1] http://store.pfsense.org/hardware/

[gh02t]

Yeah it can. The firewall is standard iptables, so you can do whatever you want. It's also got DNS, http cache, SOCKS proxy and approximately 1 trillion other things that you may find handy as an all-in-one home/small business network device. Needless to say, it's maybe not the best idea security-wise to run all that stuff on one device, but I'm not terribly concerned.

I've heard people say it's not really powerful enough CPU wise to cope with a ton of rules (>hundreds), but I have a fairly involved firewall config on mine and it's no trouble.

Funny story, we use a firewall rule to punish roommates for not doing their share of the chores. If they get too far overdue on chores, we have an iptables rule to randomly drop a certain percentage of packets to their machine.

[ay]

Thanks for the link! Is it fanless too ?

the 15W consumption seems to hint it could be, but the datasheet does not mention it.

[gh02t]

There are no fans.